ok, first sorry for editing those ips with xxx.xxx.xxx.xxx
in reality they are from all over the world, as i said almost always never repeat themself
but they are always "spoofed" with 192.168.2.33 - thats a common thing for them, probably they origin from same botnet / some kind of infected computers with same trojan.
those user names they try to log in arent real, they are dictionary based
so in reality it looks like this:
2014-05-31 20:20:19 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:20 login authenticator failed for dug50.internetdsl.tpnet.pl ([192.168.2.33]) [83.19.218.50]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:21 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:21 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:22 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:20:22 login authenticator failed for ([192.168.2.33]) [196.28.31.245]: 535 Incorrect authentication data (set_id=lora)
2014-05-31 20:33:22 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:33:22 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:33:23 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:33:24 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:33:25 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:33:25 login authenticator failed for ([192.168.2.33]) [14.23.148.42]: 535 Incorrect authentication data (set_id=proxy)
2014-05-31 20:46:08 login authenticator failed for 178.red-2-138-31.dynamicip.rima-tde.net ([192.168.2.33]) [2.138.31.178]: 535 Incorrect authentication data (set_id=bill)
2014-05-31 20:46:09 login authenticator failed for 178.red-2-138-31.dynamicip.rima-tde.net ([192.168.2.33]) [2.138.31.178]: 535 Incorrect authentication data (set_id=bill)
2014-05-31 20:46:09 login authenticator failed for 178.red-2-138-31.dynamicip.rima-tde.net ([192.168.2.33]) [2.138.31.178]: 535 Incorrect authentication data (set_id=bill)
2014-05-31 20:46:09 login authenticator failed for 178.red-2-138-31.dynamicip.rima-tde.net ([192.168.2.33]) [2.138.31.178]: 535 Incorrect authentication data (set_id=bill)
2014-05-31 20:46:09 login authenticator failed for 178.red-2-138-31.dynamicip.rima-tde.net ([192.168.2.33]) [2.138.31.178]: 535 Incorrect authentication data (set_id=bill)
2014-05-31 21:35:19 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:35:19 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:35:19 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:35:20 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:35:20 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:35:20 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=jeff)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
2014-05-31 21:48:32 login authenticator failed for 81-208-107-58.ip.fastwebnet.it ([192.168.2.33]) [81.208.107.58]: 535 Incorrect authentication data (set_id=manager)
sometimes its 100 / day, sometimes 10000/day and more
and as i said solution for me would be something like -> if login isnt
[email protected] -> silently discard them to /dev/null somehow