Can sasl/sendmail Report IP Of Failed Access?

Mark Felder feld at
Tue Jun 4 19:13:39 UTC 2013

On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk <tundra at>  

> I am seeing login dictionary attacks on a FreeBSD mail server being
> reported.  Is there a way to determine the IPs that are doing this
> so they can be blocked at the firewall?   auth.log only
> notes the attempted user name, not the IP of origin.

I don't use sendmail, but aren't the login attempts at least logged in  
maillog as well? If so, you could use fail2ban to ban them. We do this  
with postfix/exim/dovecot/etc.

More information about the freebsd-questions mailing list