Im currently experiancing a brute force attack on my server
Nov 26 15:27:04 ws096 saslauthd[7071]: do_auth : auth failure: [user=mouse] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:13 ws096 saslauthd[7071]: do_auth : auth failure: [user=nathan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:22 ws096 saslauthd[7072]: do_auth : auth failure: [user=nissan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:29 ws096 PAM_pwdb[30322]: check pass; user unknown
Nov 26 15:27:31 ws096 saslauthd[7072]: do_auth : auth failure: [user=rebecca] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:39 ws096 saslauthd[7072]: do_auth : auth failure: [user=shalom] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:48 ws096 saslauthd[7072]: do_auth : auth failure: [user=smile] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:57 ws096 saslauthd[7072]: do_auth : auth failure: [user=sparky] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:28:01 ws096 PAM_pwdb[30542]: (dovecot) session opened for user jlymburner by (uid=0)
How do i stop this? I cant find the ip the attack is coming from
Its on a CentOS 4.x box
Thanks!