How to block smtp_auth hackers what are targeting a specific account?

[eugenevdm]

I get this in my Qmail log files:

tail -f /usr/local/psa/var/log/maillog | egrep -i "unable|failed|refused|error|warning|listed"

Apr 2 13:40:30 server_name smtp_auth: FAILED: compromised_user@domain.com - password incorrect from 189-11-216-61.dsl.cbace701.brasiltelecom.net.br [189.11.216.61]

Apr 2 13:40:54 server_name smtp_auth: FAILED: compromised_user@domain.com - password incorrect from ip-address-pool-xxx.fpt.vn [118.71.120.165]

This repeats over and over from all different IP address. At some stage the compromised user's password was changed so the spammers can't get back into that account.

However, I want to take additional precaution and permanently block those IP addresses. Please recommend something that checks for repeated failed logins on SMTP and then block the IP addresses.