[vps-mail] Email dictionary attacks - what would you do?

["Ken Douglass" <ken-pt@xxxxxxxxxxxxxxxx>]

A couple weeks ago, a new client moved one of his domains to my VPS2 and
suddenly, I have a steady stream of incoming junk mail to non-existent users
at that domain. It's averaging one every 3 seconds, 24 hours per day. They
come from new and different IP addresses.

Yesterday's maillog shows 22,977 to this domain
<http://walnutdesign.com/bw.050227.txt>

In my /etc/mail/virtusertable, I have a catchall:
@body-wisdom.com error:nouser User unknown at body-wisdom.com

I am using Scott Wiersdorf's tool here...
<http://perlcode.org/tutorials/sysadmin/sm_dict/>
..which I altered so it gives me a daily listing of the top 500 abusers. See
today's list here: <http://walnutdesign.com/bw-500.050227.txt>

Each day, I replace my /etc/mail/access file with the list like this:
206.81.85	REJECT
67.92.16	REJECT
61.191.231	REJECT
	...

Then I run "make" to set the access.db. I have been doing this every day and
it's not getting me anywhere. I still get just as many attacks as a couple
weeks ago! I don't want my server to be wasting resources on handling this
crap. 

Am I handling this the wrong way? What would you do?

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).