you could consider using security_suffix per domain and have clients identify withHIDDEN@t@notaphisher.thedomain.tld (or string of your choice)
It won’t stop the logs but then who cares about anyone logging intoHIDDEN@t@thedomain.tld as it is invalid :-)

I can walk you through it off list if you wish

Cheers,

Paul

> On Aug 12, 2016, at 5:54 PM, surgemail-support <surgemailHIDDEN@t@netwinsite.com> wrote:
> 
> The problem with doing that, is that if a user miss types their username they'd get blocked, and if we didn't log it in that file, then when the user sais "I can't login it's rejecting me" you wouldn't see the log entries in login_failed.log which is the place to look when a user can't login....
> 
> In terms of blocking the attempts these settings may be useful.:
> 
> g_hacker_...
> 
> but that still won't stop the logging issue which is probably the real frustration here...
> 
> ChrisP.,
> 
> 
> On 13/08/2016 10:32 a.m., surgemailHIDDEN@etwinsite.com wrote:
>> we are constantly bombarded with messages like this in login_failed.log:
>> 
>> smtp: auth (xxx.com) (user) (1.2.3.4) Login incorrect -ERR HIDDEN@.com password wrong or not a valid user
>> 
>> and
>> 
>> pop: User: yyy Domain: zzz.com, IP: 1.2.3.4, -ERRHIDDEN@z.com password wrong or not a valid user
>> 
>> i'd like to recommend that in the 'not a valid user' case, that the ip address be added to the g_deny list. david camm advanced web systems keller, tx
>> 
>> 
> 
>