Brute force SMTP attack right now *help*

Im currently experiancing a brute force attack on my server

Nov 26 15:27:04 ws096 saslauthd[7071]: do_auth         : auth failure: [user=mouse] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:13 ws096 saslauthd[7071]: do_auth         : auth failure: [user=nathan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:22 ws096 saslauthd[7072]: do_auth         : auth failure: [user=nissan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:29 ws096 PAM_pwdb[30322]: check pass; user unknown
Nov 26 15:27:31 ws096 saslauthd[7072]: do_auth         : auth failure: [user=rebecca] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:39 ws096 saslauthd[7072]: do_auth         : auth failure: [user=shalom] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:48 ws096 saslauthd[7072]: do_auth         : auth failure: [user=smile] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:57 ws096 saslauthd[7072]: do_auth         : auth failure: [user=sparky] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:28:01 ws096 PAM_pwdb[30542]: (dovecot) session opened for user jlymburner by (uid=0)

How do i stop this? I cant find the ip the attack is coming from
Its on a CentOS 4.x box

Thanks!

You cant?

netstat -na

lsof -i

ok i tried netsat -na but what am i looking for?

netstat -na | grep 587

This should tell you all connections on the saslauthd. If they are the same ip address you can just block it. If they are different you might have to make a script or something to block them.

You can try to install denyhosts.
The tool check the auth.log and drop the session from the source IP.
If the source IP tried more then 3 failed login.