--- sshguard-1.5/src/parser/attack_parser.h	(revision 238)
+++ sshguard-1.5/src/parser/attack_parser.h	(working copy)
@@ -78,7 +78,9 @@
      PUREFTPD_LOGINERR_PREF = 294,
      PUREFTPD_LOGINERR_SUFF = 295,
      VSFTPD_LOGINERR_PREF = 296,
-     VSFTPD_LOGINERR_SUFF = 297
+     VSFTPD_LOGINERR_SUFF = 297,
+     POSTFIX_SASL_LOGINERR_PREF = 298,
+     POSTFIX_SASL_LOGINERR_SUFF = 299
    };
 #endif
 /* Tokens.  */
@@ -122,6 +122,8 @@
 #define PUREFTPD_LOGINERR_SUFF 295
 #define VSFTPD_LOGINERR_PREF 296
 #define VSFTPD_LOGINERR_SUFF 297
+#define POSTFIX_SASL_LOGINERR_PREF 298
+#define POSTFIX_SASL_LOGINERR_SUFF 299
 
 
 
--- sshguard-1.5/src/parser/attack_scanner.l	(revision 238)
+++ sshguard-1.5/src/parser/attack_scanner.l	(working copy)
@@ -66,7 +66,7 @@
  /* for Login services */
 %s ssh_notallowed ssh_loginerr ssh_reversemap
  /* for Mail services */
-%s dovecot_loginerr  cyrusimap_loginerr exim_esmtp_autherr sendmail_relaydenied
+%s dovecot_loginerr postfix_loginerr cyrusimap_loginerr exim_esmtp_autherr sendmail_relaydenied
  /* for FTP services */
 %s freebsdftpd_loginerr  proftpd_loginerr  pureftpd_loginerr vsftpd_loginerr
 
@@ -107,13 +107,13 @@
   */
 
  /* handle entries with PID and without PID from processes other than sshguard */
-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? {
+{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}("/"{PROCESSNAME})?"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? {
         /* extract PID */
         yylval.num = getsyslogpid(yytext, yyleng);
         return SYSLOG_BANNER_PID;
         }
 
-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}":")?   { return SYSLOG_BANNER; }
+{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+({PROCESSNAME}("/"{PROCESSNAME})?":")?   { return SYSLOG_BANNER; }
 
  /* syslog style  "last message repeated N times" */
 "last message repeated "([1-9][0-9]*)" times"                   {
@@ -123,7 +123,7 @@
                                                                 }
 
  /* metalog banner */
-{TIMESTAMP_SYSLOG}" ["{PROCESSNAME}"] "                         { return METALOG_BANNER; }
+{TIMESTAMP_SYSLOG}" ["{PROCESSNAME}("/"{PROCESSNAME})?"] "                         { return METALOG_BANNER; }
 
 
  /* SSH: invalid or rejected user (cross platform [generated by openssh]) */
@@ -170,6 +170,10 @@
 "imap-login: Aborted login (auth failed, "{NUMBER}" attempts): ".+" rip=" { BEGIN(dovecot_loginerr); return DOVECOT_IMAP_LOGINERR_PREF; }
 <dovecot_loginerr>", lip=".+                                        { BEGIN(INITIAL); return DOVECOT_IMAP_LOGINERR_SUFF; }
 
+ /* postfix */
+"warning: "({WORD}|{HOSTADDR})"["                               { BEGIN(postfix_loginerr); return POSTFIX_SASL_LOGINERR_PREF; }
+<postfix_loginerr>"]: SASL "[A-Z]+" authentication failed".+    { BEGIN(INITIAL); return POSTFIX_SASL_LOGINERR_SUFF; }
+
  /* UWimap login errors */
 "Login failed user="[^ ]+" auth="[^ ]*" host="[^ ]+" "          { return UWIMAP_LOGINERR; }
 
--- sshguard-1.5/src/sshguard_services.h	(revision 238)
+++ sshguard-1.5/src/sshguard_services.h	(working copy)
@@ -62,4 +62,8 @@
 
 /* vsftpd */
 #define SERVICES_VSFTPD                 330
+
+/* postfix */
+#define SERVICES_POSTFIX                340
+
 #endif