This guy is carefully sending login attempts through a whole /24 to bypass the IP address ban...

I'd like to stop that, at least to minimize the traffic and log pollution.

I thought about this:

- blocking the entire /24 (works, but temporarily until another network is used.)
- restrict authentication to our VPN users (Draconian, but works well so far on another server)
- develop something slightly more clever than fail2ban, specifically for postfix. We can for instance consider that someone legit cannot attempt so many different usernames, and block the IP.

Any suggestion welcome.