Spammers never learn, even if you block them using DNSBL, they keep trying to send from the same IP. Therefore it makes sense to use fail2ban to block them. Here’s where I found the info I needed to do so:
Fail2ban rule for postfix - link dead
My postfix regexfail rules came out a bit different than the ones that Chris came up with:
failregex = NOQUEUE: reject: RCPT from \S*\[(?P<host>\S+)\]: 554
This is actually a very useful setup. Its incredible how relentless spammers are, they just keep trying to send spam even if they get denied. Its nice to just drop their efforts instead of continuously informing them that their mail will not be sent. Saves the dnsbls a little bandwidth too!
I’m reconsidering this method of fighting spammers, wary of the load that log monitoring and scanning requires.