I run my own mail server, and its constantly bombarded with “SASL spam”: failed SASL login attempts. Hundreds a day. So I wrote a little Perl script to look for them in the logs, and ban their IP ranges. Maybe this will be helpful for you too?
https://github.com/starlilyth/banSASLSpam
SASL spam ban script – Starlilythstarlilyth.net
@PinkFreud@mastodon.sdf.org@lily Also look into fail2ban, which is meant for precisely this task. :)
I do also use fail2ban, in fact I modified a graph tool to watch my jails: https://github.com/starlilyth/f2bgraph-psgi
However, the nature of SASL spammers is such that fail2ban doesnt always work well to block it: they may not use the same netblock for weeks at a time, but they *will* use it again. This script sets permanent bans, unlike fail2ban.
GitHub - starlilyth/f2bgraph-psgi: fail2ban graphingGitHub