From: Steve Dondley s@dondley.com
I have no idea what is triggering it for so many different users from legit email addresses. Still investigating. But this appears to be a fail2ban problem, not a dovecot problem.
My logs are filled with failed authentication from Outlook clients. The clients seem to be trying different usernames (with/without domains), and maybe SSL/TLS flavours. My guess is Outlook is doing some autodiscovery/autoconfiguration thing, and occasionally hits the right combo and successfully authenticates.
I'm not sure I would characterise this as a fail2ban problem. Fail2ban is doing what it says on the side of the tin: looking for repeated authentication failures, and blocking those that fail too many times. The real problem is Outlook fumble around for the correct settings, and mimicking a brute force attack.
I've had great difficulty getting some Outlook clients to configure exactly the settings it should have (like excluding domain names from usernames). Try running his command line using Windows-R (not from cmd.exe).
outlook.exe /PIM NoEmailThis will avoid the auto-setup process that railroads you into frustration.
MacOSX Mail app tries the same stuff, but at least you can turn that behaviour off and stop it from second guessing your settings.
Joseph Tam jtam.home@gmail.com