--- src/smtpd/Makefile.in.orig	2024-02-29 20:13:17 UTC
+++ src/smtpd/Makefile.in
@@ -2,14 +2,14 @@ SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.
 SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
 	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
-	smtpd_expand.c smtpd_haproxy.c
+	smtpd_expand.c smtpd_haproxy.c pfilter.c
 OBJS	= smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
 	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
 	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
-	smtpd_expand.o smtpd_haproxy.o
+	smtpd_expand.o smtpd_haproxy.o pfilter.o
 HDRS	= smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
 	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
-	smtpd_resolve.h smtpd_expand.h
+	smtpd_resolve.h smtpd_expand.h pfilter.h
 TESTSRC	= smtpd_token_test.c
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
--- src/smtpd/pfilter.c.orig	2024-03-21 21:45:18 UTC
+++ src/smtpd/pfilter.c
@@ -0,0 +1,19 @@
+#include "pfilter.h"
+#include <stdio.h>	/* for NULL */
+#include <blacklist.h>
+
+static struct blacklist *blstate;
+
+void
+pfilter_notify(int a, int fd)
+{
+	if (blstate == NULL)
+		blstate = blacklist_open();
+	if (blstate == NULL)
+		return;
+	(void)blacklist_r(blstate, a, fd, "smtpd");
+	if (a == 0) {
+		blacklist_close(blstate);
+		blstate = NULL;
+	}
+}
--- src/smtpd/pfilter.h.orig	2024-03-21 21:45:18 UTC
+++ src/smtpd/pfilter.h
@@ -0,0 +1 @@
+void pfilter_notify(int, int);
--- src/smtpd/smtpd_sasl_glue.c.orig	2023-11-12 21:41:13 UTC
+++ src/smtpd/smtpd_sasl_glue.c
@@ -153,6 +153,7 @@
 #include "smtpd.h"
 #include "smtpd_sasl_glue.h"
 #include "smtpd_chat.h"
+#include "pfilter.h" /* for blacklistd(8) */
 
 #ifdef USE_SASL_AUTH
 
@@ -358,8 +359,12 @@ int     smtpd_sasl_authenticate(SMTPD_STATE *state,
 	else
 	    smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
 			     reason);
+
+	/* notify blacklistd of SASL authentication failure */
+	pfilter_notify(1, vstream_fileno(state->client));
 	return (-1);
     }
+
     /* RFC 4954 Section 6. */
     smtpd_chat_reply(state, "235 2.7.0 Authentication successful");
     if ((sasl_username = xsasl_server_get_username(state->sasl_server)) == 0)
--- src/postscreen/Makefile.in.orig	2025-01-29 08:50:15.761070000 +0100
+++ src/postscreen/Makefile.in	2025-01-29 08:52:29.611925000 +0100
@@ -3,13 +3,13 @@
 	postscreen_early.c postscreen_smtpd.c postscreen_misc.c \
 	postscreen_state.c postscreen_tests.c postscreen_send.c \
 	postscreen_starttls.c postscreen_expand.c postscreen_endpt.c \
-	postscreen_haproxy.c
+	postscreen_haproxy.c pfilter.c
 OBJS	= postscreen.o postscreen_dict.o postscreen_dnsbl.o \
 	postscreen_early.o postscreen_smtpd.o postscreen_misc.o \
 	postscreen_state.o postscreen_tests.o postscreen_send.o \
 	postscreen_starttls.o postscreen_expand.o postscreen_endpt.o \
-	postscreen_haproxy.o
-HDRS	= 
+	postscreen_haproxy.o pfilter.o
+HDRS	= pfilter.h
 TESTSRC	=
 DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
 CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
--- src/postscreen/pfilter.c.orig	2025-01-29 08:56:39.949695000 +0100
+++ src/postscreen/pfilter.c	2025-01-29 08:59:16.979565000 +0100
@@ -0,0 +1,19 @@
+#include "pfilter.h"
+#include <stdio.h>	/* for NULL */
+#include <blacklist.h>
+
+static struct blacklist *blstate;
+
+void
+pfilter_notify(int a, int fd)
+{
+	if (blstate == NULL)
+		blstate = blacklist_open();
+	if (blstate == NULL)
+		return;
+	(void)blacklist_r(blstate, a, fd, "postscreen");
+	if (a == 0) {
+		blacklist_close(blstate);
+		blstate = NULL;
+	}
+}
--- src/postscreen/pfilter.h.orig	2025-01-29 08:56:49.984170000 +0100
+++ src/postscreen/pfilter.h	2025-01-29 08:59:47.270172000 +0100
@@ -0,0 +1 @@
+void pfilter_notify(int, int);
--- src/postscreen/postscreen_early.c.orig	2025-01-29 08:45:04.847798000 +0100
+++ src/postscreen/postscreen_early.c	2025-01-29 10:18:34.349408000 +0100
@@ -52,6 +52,7 @@
 /* Application-specific. */
 
 #include <postscreen.h>
+#include "pfilter.h" /* for blacklistd(8) */
 
 static char *psc_teaser_greeting;
 static VSTRING *psc_escape_buf;
@@ -183,6 +184,10 @@
 		msg_info("DNSBL rank %d for [%s]:%s",
 			 state->dnsbl_score, PSC_CLIENT_ADDR_PORT(state));
 		PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_DNSBL_FAIL);
+
+		/* notify blacklistd of DNSBL rank violation */
+		pfilter_notify(1, vstream_fileno(state->smtp_client_stream));
+
 		switch (psc_dnsbl_action) {
 		case PSC_ACT_DROP:
 		    state->dnsbl_reply = vstring_sprintf(vstring_alloc(100),
