On 2016-02-21 12:10, Kiss Gábor wrote:
As I wrote this is what I wish to avoid if possible. I don't want an unnecessary check against a list of banned addresses on _every_ IP packet.
disable sasl auth global in main.cfand only enable sasl auth in submission & smtps in master.cf with -o pr service
but dont disable starttls on port 25 you will imho still see abuse in port 25 after this so make fail2ban perm block ips that still try sasl auth on port 25