Available as a basic part of the upcoming UTMv2 firewall and for all other installations on request, the ThreatBlock concept is evolving.
There was the problem that the initial communication did not get closed, so I had to switch to tcp-reset e.g. by doing
sed 's/icmp-port-unreachable/tcp-reset/' /etc/4ctual > 4ctual_RESET
Also, some more qmail variables should be closely watched and eventually adjusted, e.g. timeoutsmtpd and concurrencyincoming.