SMTP BLACK LIST
You have a function to Whitelist IP addresses trying to SMTP authenticate on the mail server. Why don't you have a Black list for known offenders. Adding the IP to the firewall is not the solution. Many firewall appliances only all a limited number of Rules or Policys. And creating a rule or policy for each ip that is an offender can easily use the rules allotted. Also since this is a MAIL server it is best to troubleshoot attacks at the server.