I have added fail2ban which is a program that watches logs for authentication failures and bans the associated IP address after five unsuccessful attempts for ten minutes.

I have added some rate limiting to postfix which should be not affect legitimate mail but will limit the damage in the event accounts are compromised.  I’ve also made it a little less forgiving of bad behavior common in some of these spam botnets.

I am watching the logs for rejections and contacting sites and blacklists and requesting our server to be removed as I become aware of them.

Some of the blacklists do not provide a manual removal mechanism and require a fixed interval of time to pass without receiving spam before they will remove our server.

If you receive a bounce message, please read the message, it usually contains a URL where you can submit a request for removal.  I am working off the logs as fast as I can.