I've got a series of "smtpd/saslauthd" messages in my logs. Someone is trying to guess email accounts and passwords - they're just trying random names from a dictionary of common names - which, as they're going for SMTPD (and not any other service), is probably someone trying to find an email account they can take over for spamming or whatever. The grand problem here is that I have got "fail2ban" in operation, but whoever's doing this has a botnet at their command, as the IP address is different every time. So I'm not really sure how I can repel this attack, if it's distributed like this. They're not hitting the server enough to cause a DDOS. That's not their aim. Indeed, I think they're even doing it slowly enough to ensure that it doesn't cause any noticeable problems with service, to not be discovered - as they really could hammer this system much harder than they are, with such an arsenal of bots (as the amount of IP addresses they seem to have under their command is substantial, looking at the log file). How does one reasonably deal with such an issue?