Dear Allen, > > This is a brute force attack in order to get a valid username/password pair. > > The cracker usually does 20 attempts within a single SMTP session.
> Do smtpd_hard_error_limit > <http://www.postfix.org/postconf.5.html#smtpd_hard_error_limit> and Ooops! That is it. Default of smtpd_hard_error_limit is exactly 20. This is why there are 20 sequential attempts per session. And the second 10 are much slower according the logs due to smtpd_soft_error_limit=10. I do some test configs and I cease the IP level blocking to see what happens. Many thanks! :-) Gabor