Quoth Bryan Carey:
Is there any kind of compiled list of IPs that relay operators can refer to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is there a reason to NOT block (drop) traffic from these IPs?
Quite possibly I'm being stupid, but wouldn't these IPs just be other relay nodes? Or do you mean they're attempting foul play on your relay (not through your relay)?
Either way, I suspect the same sorts of security measures that sysadmins rely on in other situations apply here; temporarily ip blocking persistent bad actors may help, but tools like fail2ban are probably going to more effective, while having less chance of inadvertantly affecting other users on an IP block.