Hi there,
what about postscreen? I had it running for quite some time and at least the use of blacklists from different providers repelled almost all attacks on my server. I had around 1 a week. With this server I get several a day.
I would be able to work on a PR next year. 34C3 First! ;)
Anyone interested?

For those who don't know postscreen:
Some more info from the Postscreen readme:

Most email is spam, and most spam is sent out by zombies (malware on compromised end-user computers). Wietse expects that the zombie problem will get worse before things improve, if ever. Without a tool like postscreen(8) that keeps the zombies away, Postfix would be spending most of its resources not receiving email.
The main challenge for postscreen(8) is to make an is-a-zombie decision based on a single measurement. This is necessary because many zombies try to fly under the radar and avoid spamming the same site repeatedly. Once postscreen(8) decides that a client is not-a-zombie, it whitelists the client temporarily to avoid further delays for legitimate mail.
Zombies have challenges too: they have only a limited amount of time to deliver spam before their IP address becomes blacklisted. To speed up spam deliveries, zombies make compromises in their SMTP protocol implementation. For example, they speak before their turn, or they ignore responses from SMTP servers and continue sending mail even when the server tells them to go away.
postscreen(8) uses a variety of measurements to recognize zombies. First, postscreen(8) determines if the remote SMTP client IP address is blacklisted. Second, postscreen(8) looks for protocol compromises that are made to speed up delivery. These are good indicators for making is-a-zombie decisions based on single measurements.
postscreen(8) does not inspect message content. Message content can vary from one delivery to the next, especially with clients that (also) send legitimate email. Content is not a good indicator for making is-a-zombie decisions based on single measurements, and that is the problem that postscreen(8) is focused on.

• As the first layer, postscreen(8) blocks connections from zombies and other spambots that are responsible for about 90% of all spam. It is implemented as a single process to make this defense as inexpensive as possible.
• The second layer implements more complex SMTP-level access checks with Postfix SMTP servers, policy daemons, and Milter applications.
• The third layer performs light-weight content inspection with the Postfix built-in header_checks and body_checks. This can block unacceptable attachments such as executable programs, and worms or viruses with easy-to-recognize signatures.
• The fourth layer provides heavy-weight content inspection with external content filters. Typical examples are Amavisd-new, SpamAssassin, and Milter applications.

CU,

Alex