I use postfix and dovecot to provide email capabilities on various blogs I manage. Recently, I noticed a large number of failed postfix login attempts. Many of them, interestingly enough, purported to be from people who share my last name.
I posted a question about this in the postfix reddit community and get some helpful feedback from Private Citizen, which sent me off to research how I could tighten things up.
I found a helpful document, the postfix SASL readme. The two relevant sections were:
Following these instructions, I first confirmed that my dovecot installation was already set up to provide its authentication capabilities to postfix.
But postfix was not set up to work with dovecot’s authentication capabilities. I added the following lines to main.cf:
# use dovecot sasl authentication # 2025-2-4 per https://www.postfix.org/SASL_README.html#server_sasl_enable smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes
This is different from what Private User suggested, but I think it accomplishes something similar, tightening up the login process.