Spammers never learn, even if you block them using DNSBL, they keep trying to send from the same IP. Therefore it makes sense to use fail2ban to block them. Here’s where I found the info I needed to do so:

Fail2ban sendmailFail2ban rule for postfix - link dead

Fail2ban and iptables

My postfix regexfail rules came out a bit different than the ones that Chris came up with:

failregex = NOQUEUE: reject: RCPT from \S*\[(?P\S+)\]: 554</pre>