ataque da China ao servidor de correio

Qual a melhor forma de evitar esse tipo de ataque ao servidor de e-mail?

Mar 22 21:47:46 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 9 secs): user=<andree_fontaine@mydomain>, method=PLAIN, rip=60.173.149.237, lip=172.16.16.1, TLS, session=<Ds/cmwpoCwA8rZXt> Mar 22 21:47:52 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 9 secs): user=<camilla_blanc@mydomain>, method=PLAIN, rip=61.185.139.72, lip=172.16.16.1, TLS, session=<dsk9nApoggA9uYtI> Mar 22 21:53:41 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 11 secs): user=<emerick_christianne@mydomain>, method=PLAIN, rip=122.117.63.83, lip=172.16.16.1, TLS: Disconnected, session=<eUvvsApoFAB6dT9T>

esses endereços IP depoisrasgar=são da China

este é um fragmento de /etc/postfix/main.cf:

myhostname = mail.mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = mail, localhost.localdomain, localhost<br>
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 172.16.16.0/24
mailbox_size_limit = 0

Tentei resolver o problema capturando o endereço IP e adicionando-o às regras das tabelas de IP, mas a intrusão continua com novos endereços IP, todos da China

cat /var/log/syslog |grep 'Disconnected (auth failed' |awk -F'=' '{print $4}' |sed 's/.\{5\}$//' |sort -u |awk '{print "$IPTABLES -I INPUT -s " $0 "/16 -j DROP"}'

a saída deste comando é assim

$IPTABLES -I INPUT -s 111.75.167.157/16 -j DROP
$IPTABLES -I INPUT -s 112.101.220.75/16 -j DROP
$IPTABLES -I INPUT -s 112.16.214.182/16 -j DROP
$IPTABLES -I INPUT -s 112.26.82.52/16 -j DROP
$IPTABLES -I INPUT -s 114.104.158.172/16 -j DROP
$IPTABLES -I INPUT -s 116.248.41.190/16 -j DROP
$IPTABLES -I INPUT -s 116.248.41.55/16 -j DROP
$IPTABLES -I INPUT -s 117.35.207.102/16 -j DROP
$IPTABLES -I INPUT -s 118.112.180.237/16 -j DROP