Was that some wrappered service? Looked like tcp_wrappers.
I think a router with enough memory would be a better performer
for filtering activies at that layer.
I did go ahead and install the relay denial rulesets published on
sendmail.org for 8.8.x and they work fine. Cyberpromo appears to
have been using "Cyberbomber" on our ports.
I guess I'm naive, but I thought NAPS wanted to stop this kind
of thing, and most had explicit rules about it. Guess not. Back to
the clue-store with me. :-/
are you suggesting that providers filter /16's because they were spammed from
a host in some tiny portion of the block..? i'd bet it wouldn't take two
days, much less two weeks, to receive complaints from our own customer's (or
any moderately large provider's) for that sorta thing...
one semi-solution would be to receive vixie's spam feed, at least it's as
precise as possible .. and less headache.