When compiled with SASL support, blacklistd will notified about bad login attempts during SMTP AUTH interactions. The "stop_attack" code is also augmented with blacklistd support - too many bad commands (typically 25) also count as a bad user. The "greet_pause" violaters will also be counted as a "bad user" attempt too.
These are pretty conservative places to add support. More could be added in the future. In conjunction with a milter, some innovative blacklist support could be added.