Found your post due to the text ylmf-pc in your log message. I am
getting the same attack on my SMTP server, and what I noticed is that
while the IP address is regularly changing, the log message always
includes "login authenticator failed for (ylmf-pc)". Given the ymlf
Ubuntu-based XP-clone does not appear to be widely used outside of
China, and we are expecting virtually no legitimate traffic from China
anyway, I would be quite willing to simply ban all SMPT traffic that
originates from machines named "ylmf-pc". Any leads on how to do this?
