Some of our former customers still have e-mail addresses configured to check our servers. Normally this isn't a huge issue but, as we use C-class blocking in CSF, we'll sometimes get users blocking a cellular network C-class due to still having the account on their phone. For the most part, it's not an issue as we can contact them and resolve things. Recently though, we've started encountering a few people who seem to ignore the e-mail.

What would be the best way to make it so incoming authentication attempts for oldcustomer@example.com get dropped before even making it to dovecot? While I can think of ways to potentially pull it off, I see myself hitting a wall in CSF still parsing failures and then blocking the IP. We'd really like to retain the C-class blocks as they come in handy for halting an infected IP range that's either sending us spam or trying to bruteforce us.

Any ideas/advice would be appreciated.

Best regards,