So I tweaked Fail2ban so it picked up failed SASL auth sesssion…
There are a LOT of compromised machines out there:
2014-10-21 15:57:08,236 fail2ban.actions: WARNING [postfix] Ban 222.247.167.96
2014-10-21 22:00:08,119 fail2ban.actions: WARNING [postfix] Ban 122.165.90.186
2014-10-21 22:00:09,089 fail2ban.actions: WARNING [postfix] Ban 77.42.202.232
2014-10-21 22:00:09,383 fail2ban.actions: WARNING [postfix] Ban 69.198.18.202
2014-10-21 22:00:09,828 fail2ban.actions: WARNING [postfix] Ban 167.135.119.251
2014-10-21 22:00:10,632 fail2ban.actions: WARNING [postfix] Ban 191.113.84.245
2014-10-21 22:00:11,741 fail2ban.actions: WARNING [postfix] Ban 184.71.165.174
2014-10-21 22:00:13,544 fail2ban.actions: WARNING [postfix] Ban 186.116.237.173
2014-10-21 22:00:14,812 fail2ban.actions: WARNING [postfix] Ban 12.25.8.201
2014-10-21 22:00:15,682 fail2ban.actions: WARNING [postfix] Ban 112.150.194.150
2014-10-21 22:00:16,488 fail2ban.actions: WARNING [postfix] Ban 68.118.118.10
2014-10-21 22:00:17,362 fail2ban.actions: WARNING [postfix] Ban 139.193.101.137
2014-10-21 22:00:19,292 fail2ban.actions: WARNING [postfix] Ban 192.30.241.146
2014-10-21 22:00:19,769 fail2ban.actions: WARNING [postfix] Ban 190.239.170.29
2014-10-21 22:00:20,741 fail2ban.actions: WARNING [postfix] Ban 178.120.155.241
2014-10-21 22:00:20,986 fail2ban.actions: WARNING [postfix] Ban 74.112.58.73
2014-10-21 22:00:30,266 fail2ban.actions: WARNING [postfix] Ban 212.215.218.191
2014-10-21 22:00:30,535 fail2ban.actions: WARNING [postfix] Ban 186.121.93.138
2014-10-21 22:00:31,159 fail2ban.actions: WARNING [postfix] Ban 190.51.59.93
2014-10-21 22:00:31,773 fail2ban.actions: WARNING [postfix] Ban 23.30.82.137
2014-10-21 22:00:32,636 fail2ban.actions: WARNING [postfix] Ban 41.228.195.145
2014-10-21 22:00:33,409 fail2ban.actions: WARNING [postfix] Ban 5.160.182.24
2014-10-21 22:00:33,704 fail2ban.actions: WARNING [postfix] Ban 105.186.70.162
2014-10-21 22:00:34,417 fail2ban.actions: WARNING [postfix] Ban 64.89.211.243
2014-10-21 22:00:34,988 fail2ban.actions: WARNING [postfix] Ban 111.91.86.86
2014-10-21 22:00:35,807 fail2ban.actions: WARNING [postfix] Ban 190.187.47.55
2014-10-21 22:00:36,768 fail2ban.actions: WARNING [postfix] Ban 14.192.128.34
2014-10-21 22:02:46,842 fail2ban.actions: WARNING [postfix] Ban 79.97.188.35
2014-10-21 22:03:10,199 fail2ban.actions: WARNING [postfix] Ban 49.249.55.38
2014-10-21 22:03:31,018 fail2ban.actions: WARNING [postfix] Ban 91.75.74.12
2014-10-21 22:03:49,365 fail2ban.actions: WARNING [postfix] Ban 190.176.210.91
2014-10-21 22:04:17,027 fail2ban.actions: WARNING [postfix] Ban 199.96.245.158
2014-10-21 22:12:58,539 fail2ban.actions: WARNING [postfix] Ban 123.176.22.30