3. I could also write a policy server. Is there already a policy server that's as simple as blocking IPs based on a ACL. But then, I'll have to run a local mysql server also.
postfwd has an option to use a table, which will be re-read on every request. Look for "lfile" or "ltable" at http://www.postfwd.org/doc.html#files
id=IPBLOCK
client_address=lfile:/some/file
action=REJECT Your ip address has been blocked
