saslauthd - Pattern needed..

Hi there,

it seems, that someone is trying to catch some users via saslauthd/sendmail..

The lines look like this:

Apr 8 09:27:58 marcel saslauthd[11726]: do_auth : auth failure: [user=inna] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]

if there could be a pattern, i would be glad..

Thanks in advance..

i am running the latest blockhosts-version btw. =)


not possible to use the log line

Since the above log line does not contain a numeric IP address, there is no way to use it to create a rule to block a remote IP address...