I have added fail2ban which is a program that watches logs for authentication failures and bans the associated IP address after five unsuccessful attempts for ten minutes.
I have added some rate limiting to postfix which should be not affect legitimate mail but will limit the damage in the event accounts are compromised. I’ve also made it a little less forgiving of bad behavior common in some of these spam botnets.
I am watching the logs for rejections and contacting sites and blacklists and requesting our server to be removed as I become aware of them.
Some of the blacklists do not provide a manual removal mechanism and require a fixed interval of time to pass without receiving spam before they will remove our server.
If you receive a bounce message, please read the message, it usually contains a URL where you can submit a request for removal. I am working off the logs as fast as I can.