Is there a mechanism of automatically blocking logins from IP addresses that bombard Smartermail with login attempts with either no domain specified or trying to use accounts that simply don't exist?

Since December 2025 (around the time of the CVE exploits being made public) my installation has been heavily hit by login attempts with no domain being specified or where the account for a particular domain simply doesn't exist.

I have leveraged the IDS rules to be fairly strict and block both email and IP addresses when tight limits are exceeded.  This of course means I often get real accounts being blocked by login attempts from certain countries that are in the media at the moment and which are not the normal country for the accounts I host.  I can't see a way round this other than monitoring when IDS rules are triggered and manually unblocking them.

How have others dealt with this scenario? 

BTW, I am on the latest version of Smartermail and it runs on Debian.