I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- ----------------------------------------------------------------------- Tim Daneliuk