No subject

SPAM machine (as is the case this morning) but in the past has been a 
malfunction in a program or mail server from a legit source (one of our 
customers).

I have the throttle options on in sendmail, but those are for bad rcpt_to 
and maximum connections (total). Is there any way to limit the number of 
e-mails per IP per second/minute/hour by IP ?  Or limit the number of 
connections per second/minute/hour by IP ?

In the case of the SPAMmer this morning, the relaydelay.pl script kept all 
the mail from getting through but added hundreds of temp fail records to the 
database before I noticed it. It added so many because it spoofed hundreds 
of bogus mail_from addresses to various legit users - the one thing they all 
had in common is the same IP.

With the SQL command:

select relay_ip, count(*) as cnt  from relaytofrom where  passed_count =0 
and origin_type = 'AUTO' group by relay_ip order by cnt DESC;

I can spot the ones that are really sending me a lot of junk and block them 
via blacklist using the xlist.pl script.


What I am looking / hoping for is just a way to throttle connections by IP 
so the next time I get flooded from a single IP (either legit or SPAM) I can 
get sendmail just to ignore them until some time has passed.

Sounds like something possible?

Thanks,
Dennis