> On the other hand, it's probably more effective to find some way of making the > Cisco gear block outbound 25 from abusive machines. Transparently redirecting > the traffic is evil unless you plan to take all responsibility for relaying the > mail (including mail that has MAIL FROM/RCPT TO that you may not wish to > relay).
Right now I am blocking all network access for ip addresses I receive believeable abuse reports for. The big problem is that it is a manual process that does not start until a PC has already sent a massive amount of abusive mail. After all, it does take time to read and act upon abuse reports. By forcing smtp through a specific server at least some proactive measures are possible such as throttling abusive behaviour. Adi