How is sendmail SMTP authentication logging controlled?

I get a ton of failed SMTP login attempts. I'd really like to defend against it, but the logging of those attempts is poor. I'm using sendmail 8.15, cyrus-sasl 2.1.26. The SASL setup is the simplest way, defaults all around, authenticating with pam_unix. I get log messages like this a lot: saslauthd: pam_unix(smtp:auth): check pass; user unknown saslauthd: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= saslauthd: DEBUG: auth_pam: pam_authenticate failed: Authentication failure saslauthd: do_auth : auth failure: [user=colby] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] This means that while I know bogus attempts to login are happening, I can't really do anything about it, like have fail2ban jail them. I can't really tell if the problem is that Sendmail is telling pam_unix things, and it's dumping them, or if sendmail isn't telling pam about where the attempt is being made. What I want is for auth attempts to be logged with the ip address where it came from, so if there are a lot of failures, fail2ban can jail the IP.