[CentOS] Auth failure messages

Tue Oct 17 18:58:01 UTC 2017
david <david at daku.org>


I am using sendmail as my mail server.  SELINUX is disabled.
I observe messages in Centos 7 (and 6) in /var/log/messages, similar to:

saslauthd[2765]: do_auth         : auth failure: [user=bettie] 
[service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

I guess that this is because somebody tried to access one of the SMTP 
ports with a logon attempt.  This is understandable; there are 
crackers out there.  I'd like to block SMTP completely from the 
originating sender (by dropping the IP packets), but don't know how 
to figure out what the IP address is.  I don't see anything in the 
"maillog" that, for example, has the name "bettie" or some other 
clue.  The only thing I see is a message like

sendmail[5452]: v9HIoBox005452: [xxx.xxx.xxx.xxx] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MTA

with a close timestamp, but I'm reluctant to tie the two log entries together.

Is there some log, or log setting that might enable me to tie the 
do_auth error to a specific IP address?  I'm very reluctant to change 
mail servers to postfix or something like that.