Hi. I noticed so many messages on my server like this: warning: unknown[18.104.22.168]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 I've searching the way to block these logins trough fail2ban and I've found that I should modify the file located at /etc/fail2ban/filter.d/postfix-sasl.conf but it doesn't exist. If I do a "fail2ban-client status", I get : - Number of jail: 4 Jail list: dovecot, postfix-sasl, pure-ftpd, sshd If I do a "fail2ban-client status postfix-sasl", I get : Status for the jail: postfix-sasl |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/mail.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list: In my jail.local file I've this: [postfix-sasl] enabled = true port = smtp filter = postfix logpath = /var/log/mail.log maxretry = 3 Then, following this old post https://forum.howtoforge.com/threads/fail2ban-postfix-sasl-does-not-exist.83720/ I believe I've to create the postfix-sasl.conf and add the code posted there, and modify jail.local and modify the line filter = postfix to filter = postfix[mode=auth]. This is correct??? Thanks!