I run my own mail server, and its constantly bombarded with “SASL spam”: failed SASL login attempts. Hundreds a day. So I wrote a little Perl script to look for them in the logs, and ban their IP ranges. Maybe this will be helpful for you too?
https://github.com/starlilyth/banSASLSpam
@lily Also look into fail2ban, which is meant for precisely this task. 🙂
I do also use fail2ban, in fact I modified a graph tool to watch my jails: https://github.com/starlilyth/f2bgraph-psgi
However, the nature of SASL spammers is such that fail2ban doesnt always work well to block it: they may not use the same netblock for weeks at a time, but they *will* use it again. This script sets permanent bans, unlike fail2ban.