Hi!
In this brute-force time can i give you a suggestion hint?
Axigen should not allow alias authentication!
2025-02-18 15:32:42 +0100 02 sssr SECURITY:SMTP-IN;00000765;197.250.7.50;36104;OP_FAIL;root@sssr.it;;Authentication error;Invalid password;
2025-02-18 15:32:52 +0100 02 sssr SECURITY:SMTP-IN;00000766;220.120.224.227;44604;OP_FAIL;info@sssr.it;;Authentication error;Invalid password;
Invalid password means axigen checks… bot store the nick and retry on that!!!
Another useful improvementi is the trim() function in name form
Hello!
No, there will be no indications to the “client” (aka bot) that the authentication failed due to “invalid password” as the answer will be as simple as:
535 Authentication failed
which is similar with the one when using a wrong username.
If you find another result please let us know 
Lastly, you may control if you (as an admin) like to disable the default setup which allows login with an account alias by executing the following commands (via CLI):
config server
set allowAliasLogins no
commit
save config
HTH,
Ioan
PS: as usual, the most useful CLI command is HELP
# telnet 127.0.0.1 7000
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Welcome to AXIGEN's Command Line Interface
You must login first. For a list of available commands, type HELP
<login> user admin
<password> xxxxxx
For a list of available commands, type HELP
+OK: Authentication successful
<#> config server
+OK: command successful
<server#> help
-------------------------------------
The commands available for the Server context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN
HELP - prints this help message
BACK - cancels any changes made and switches back to the previous context
COMMIT - commits the changes made in this context
SHOW [ATTR <param>] - shows information about this context
...
SET [allowAliasLogins <yes|no>] - Allow/Prevent logins using alias account or domain names
...
-------------------------------------
+OK: command successful
<server#> quit