Andrew,

Blacklisting these IP in Xeams is not much of a value since that only affects how emails are scored. Since no email is being sent in this case, there is no value in adding the IP address. Xeams will automatically do three things if it detects too many incorrect logins attempts from a single IP:

1. It will block the IP from authenticating - meaning even if they use the right combination of user id/password, Xeams wont' accept it
2. It will log an entry in InvalidPasswordAttempts.log
3. It will send an email alert to the administrator once the number of attempt goes beyond the configured threshold

A better location for blocking an IP that you see too in Intrusion detection is your firewall.