We have both Barracuda Firewalls and Anti-spam systems.
It would be REALLY nice if the anti-spam system could talk to the firewall and tell it when it sees incoming deferred messages that exceed a threshold.
A firewall rule should have the originating IP blocked.
Often e-mail authentication is used to verify password hack attempts.
I frequently manually block IP's subnets on my firewalls that I see originating thousands of deferred bogus authentication attempts.
My threshold is in the thousands to catch only those with malicious intent.
I block ALL firewall traffic from those IP's.
The systems could do this automatically.
This interaction creates a "feature" requiring both systems be from Barracuda... more sales?
BTW: Since I even have authenticated relaying turned off, the anti-spam system is acting as a "honeypot" catching hack attempts on our network(s).
Blocking the originating IP range makes our systems "disappear" to them.