I wanted to pass this along. I’m sure it may be nothing new to most of you, but it has greatly reduced sasl attacks and spam.

I found most of it here:
https://scottlinux.com/2011/05/26/prevent-postfix-brute-force/

I added the fail2ban rule and modified my postfix main.cf as follows:

smtpd_client_connection_rate_limit = 3
smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit smtpd_sender_restrictions permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit smtpd_recipient_restrictions reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service unix:postgrey/socket,
permit
SMTPd_client_connection_count_limit = 3
SMTPd_client_message_rate_limit = 5
SMTPd_client_recipient_rate_limit = 60
SMTPd_client_event_limit_exceptions = $mynetworks
SMTPd_client_new_tls_session_rate_limit = 3
smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Has knocked down all the spam and about 99% of the sasl attacks.

If anyone would like to add to this, please do so.

TIA