postfix 不阻止列入黑名单的 IP

我有一个在 docker 容器内运行的 postfix/dovecot 服务器，我想阻止某些 IP 地址连接到我的 SMTP 服务器。我有以下内容/etc/postfix/main.cf：

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
    reject_unauth_destination, reject_unauth_pipelining, 
    reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, 
    reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, 
    reject_rbl_client bl.spamcop.net
smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_checks, 
    permit_mynetworks, permit_sasl_authenticated, 
    reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = reject_non_fqdn_sender, 
    reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch

并且/etc/postfix/client_checks：

# Restrict which clients this system accepts SMTP connection from.

example.com      REJECT No spammers
.example.com     REJECT No spammers, from your subdomain
aaa.bbb.ccc.ddd    REJECT Your IP is spammer

我也做了：

$ postmap /etc/postfix/client_checks

并重新加载 postfix。

但我的日志中仍然有这样的信息：

Jan 30 10:42:39 mail postfix/smtpd[1443]: connect from unknown[aaa.bbb.ccc.ddd]
Jan 30 10:42:41 mail dovecot: auth: ldap([email protected],::1,<mc2QeU1HQAAAAAAAAAAAAAAAAAAAAAAB>): unknown user (SHA1 of given password: 20eabe)
Jan 30 10:42:44 mail postfix/smtpd[1443]: warning: unknown[aaa.bbb.ccc.ddd]: SASL LOGIN authentication failed: authentication failure
Jan 30 10:42:44 mail dovecot: imap-login: Aborted login (auth failed, 1 attempts in 3 secs): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured, session=<mc2QeU1HQAAAAAAAAAAAAAAAAAAAAAAB>
Jan 30 10:42:44 mail postfix/smtpd[1443]: disconnect from unknown[aaa.bbb.ccc.ddd]

如你所见，服务器仍然会经历登录过程，而我希望它完全阻止IP。

我做错了什么？