> If it's not currently possible, please consider this as a feature
It's probably not possible in the same sense you mention because of the
way the packet filter works; postfix checks the database or file every
time it receives a connection; m0n0 would have to do that with every
single incoming packet. That's why firewall rules work the way they work
- they're all in RAM, all the time.
One thing that *could* be done is to use a a different method. You could
look into implementing things at your server's own firewall. One example
would be to set up a cron job that looks at /var/log/maillog, greps for
more than one failed attempt from a specific IP, records the IP and the
time in a small, quick DB (berkeley db for example), executes a firewall
rule to drop (or tarpit) packets from that IP, and the next time it runs
it looks for old entries to expire.
I think I saw something like that a while back... Similar to
http://mr.uue.org/projects/skds/ - it's for auth.log, but the idea is
similar. There is a thread about it at
http://forum.ev1servers.net/printthread.php?t=50435&page=4&pp=40 as well.