The problem with doing that, is that if a user miss types their username 
they'd get blocked, and if we didn't log it in that file, then when the 
user sais "I can't login it's rejecting me" you wouldn't see the log 
entries in login_failed.log which is the place to look when a user can't 
login....

In terms of blocking the attempts these settings may be useful.:

g_hacker_...

but that still won't stop the logging issue which is probably the real 
frustration here...

ChrisP.,


On 13/08/2016 10:32 a.m., surgemailHIDDEN@etwinsite.com wrote:
> we are constantly bombarded with messages like this in login_failed.log:
>
> smtp: auth (xxx.com) (user) (1.2.3.4) Login incorrect -ERRHIDDEN@x.com 
> password wrong or not a valid user
>
> and
>
> pop: User: yyy Domain: zzz.com, IP: 1.2.3.4, -ERRHIDDEN@z.com password 
> wrong or not a valid user
>
> i'd like to recommend that in the 'not a valid user' case, that the ip 
> address be added to the g_deny list. david camm advanced web systems 
> keller, tx
>
>