I see a lot of pwd scan attacks.
mail.info:
Jun 3 06:25:19 lala Axigen[713]: SMTP-IN:0002CAD6: Authentication error for user ‘matthew@lalal.dom’: Account not found locally
Jun 3 06:25:20 lala Axigen[713]: SMTP-IN:0002CAD6: closing session from [185.137.111.129:43304]
mail.warn:
Jun 3 06:25:19 lala Axigen[713]: SMTP-IN:0002CAD6: Authentication error for user ‘matthew@lalal.dom’: Account not found locally
I would liek to have a format like:
Jun 3 08:28:32 lala sshd[44695]: Invalid user admin1 from 134.175.80.27 port 54654
so as to make blocking easier. Is that possible to add?
Tnx!