sshguard is a great tool for securing internet-facing servers. I've been using it for some some to protect from ssh brute-force attacks and IMAP server attacks.
However, the current version does not include attack signatures for Postfix, and my servers are seeing hundreds of brute-force connection attempts. These show up in logs like:
Oct 19 19:56:07 longbeach postfix/smtpd: warning: unknown[22.214.171.124]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 19 19:56:21 longbeach postfix/smtpd: warning: unknown[126.96.36.199]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Anyway, I decided to check out the code and look at adding support for these lines. It was fairly simple, the only real complication was that the yacc-based parser did not accept the two-part process name ("postfix/smtpd"). A quick rule tweak took care of that.