This evening i'm getting a Fail2ban notification email every 10 minutes where it has blocked a different IP from a failed SASL LOGIN authentication failed: UGFzc3dvcmQ6 I usually get 1 or 2 attempts a day, however i've had about 20 in the last few hours - fail2ban appears to be blocking them (block time = 1 day) I haven't altered anything on the server for a few weeks, so don't know why I'm getting so much interest all of a sudden Is there anything i can / should be doing to combat this or should i leave fail2ban to do its thing?
I recommend to let fail2ban do its work. Thats what it is made for. Just keen an eye on your mailqueue in case that you see a unusual high amount of deferred mail.
