we have a Django web application running on Ubuntu/Apache. Lately, we've had a lot of issues with high volume spamming (comments, registrations, user contributed content, etc.).
We have CSRF security in place, but am wondering what steps others have taken to curb this (ip table restrictions, Apache modules, captchas, etc)?
In addition to what other posters already written, you can use akismet or mollom services. For both exist Python libraries on pypi, respectively akismet and PyMollom. You can see how they get integrated in a Django project here (akismet example) and here (mollom example).
If you instead don't want to rely on external services consider to use a captcha application for Django. Personally I used Django Simple Captcha and was happy with it, it's very customizable and easy to install. It also supports audio captcha. This bitbucket repo contains a simple Django project showing how to captcha protect a classic contact form using Django Simple Captcha.
Also I'm not sure that resorting to IP tables is the best way to prevent spam on your site, at least if you don't have to block usually annoying IP addresses.