I sign up to mailing lists and accounts with 'plus' addresses, except when disallowed, when I create aliases with a minus sign. Was interested to see two fail2ban postfix-sasl failures, close in time, but completely different sources for the same 'user', who only exists as a mail address. Suspect the attack sources are part of the same group,. Looking at logs for development of secinfo-xmpp, where if a system is attacked rest of group blocks