Hi Team,
I am using ubuntu 24.04 server minimal using virtualmin pro
Replaced fail2ban with CSF. i keep getting bruteforce attacks or unsure what it is from mail logs please see below assist me with regex codes. apologies just a beginner
warning: unknown[81.30.107.173]: SASL LOGIN authentication failed: authentication failure, sasl_username=shosabu
May 23 15:08:23 server.com postfix/smtpd[41784]: disconnect from unknown[81.30.107.173] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
May 23 15:08:32 smtpd[41396]: disconnect from outbound-402da303.pinterestmail.com[64.45.163.3] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
May 23 15:08:48 server.com postfix/smtpd[41784]: connect from unknown[81.30.107.173]
May 23 15:08:53 server.com saslauthd[872]: pam_unix(smtp:auth): check pass; user unknown
May 23 15:08:53 server.com saslauthd[872]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
May 23 15:08:55 server.com saslauthd[872]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
May 23 15:08:55 server.com saslauthd[872]: : auth failure: [user=marcellin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]