Smtp IP Blacklist


I'm looking for a solution that allows me to actively block external SMTP connection from "bad" IP which are trying to use autentication as per the following log

im-in[1041]: 2020-09-14 12:24:32 server_login authenticator failed for (User) []:11730: 535 Incorrect authentication data (
2020:09:14-12:24:33 utm-1 exim-in[1041]: 2020-09-14 12:24:33 SMTP connection from (User) []:11730 closed by QUIT
As I found in other thread a normal firewall rule is not working and in a thread was mentioned that a "blackhoe DNAT should be created
However even with such DNAT created I still see connection attempt from the banned Hosts IP
I'm not using transparent mode
Is there a way to fix it ?