Hi, We have SMTPS server with SASL auth fro posting messages from external networks (internal xtoo). Since weeks we found a lot (very big) amount of
SASL LOGIN authentication failed: authentication failure in our logs. Client IPs are foreigns and not real client. 1 - is it a brut force attack ? Or a DDOS ? 2 - what postfix directive should we use to stop it ? We have listed all IPs. We can use a FW rule, but its heavy and hard to manage. A Postfix list may be easier. Sincerly,
