while i'm on the subject of filtering, here's today's list of spammers

I am confused, how would filtering at the smtp port on source address

What you do is return a 421 error if you don't "like" the source address
(this is checked very early on). You can also return a 500-series error,
but that generates an immediate bounce, which is "nice" to the spammer.
I prefer to be nasty and eat their resources instead.

If delivery fails, does not the sender often use MX records and
send via an intermediary host?

Not if you return a 400-series error. The host doing the sending will
retry. If you block at the packet level, then yes, the sender will go
to a secondary MX *IF* there is one and it can be reached.

The 421 response is the best possible one, because it screws the sender,
is cheap compute-wise for you, and has the desired effect without causing
other disruption.

If so the source address is lost unless
all the MX hosts have the same filter list. And in any case I believe
that typically sendmail will accept email from anyone for delivery to
anyone. So a spammer could scatter his emails all over the Internet thru
thousands of intermediate hosts, if he used the right software to do it.

Best Regards,
Robert Laughlin

He has to be able to inject it in the first place.

As more potential relays implement this, that becomes much harder.