diff --git a/config/fail2ban/postfix-sasl.conf b/config/fail2ban/postfix-sasl.conf
new file mode 100644
index 0000000..30f1bd1
--- /dev/null
+++ b/config/fail2ban/postfix-sasl.conf
@@ -0,0 +1,6 @@
+    # Fail2Ban filter for postfix authentication failures
+    [INCLUDES]
+    before = common.conf
+    [Definition]
+    _daemon = postfix/smtpd
+    failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
\ No newline at end of file