Hope it helps..
*btw, can I add your two rules for modsecurity at our official apache
rules?
You're maybe interested by theses ones for sendmail :
<rule id="103107" level="5">
<if_sid>3101</if_sid>
<match>reject=421 4.3.2 Connection rate limit exceeded|reject=421
4.3.2 Too many open connections|due to pre-greeting traffic</match>
<description>Anti-flood warning</description>
</rule>
<rule id="103108" level="6">
<if_sid>3101</if_sid>
<match>reject=553 5.3.0 </match>
<description>Rejected by RBL</description>
<description>(55x: Requested action not taken).</description>
</rule>
<rule id="103157" level="10" frequency="10" timeframe="120">
<if_matched_sid>103107</if_matched_sid>
<same_source_ip />
<description>Multiple Anti-flood warnings - Hammering</description>
</rule>
<rule id="103158" level="10" frequency="6" timeframe="120">
<if_matched_sid>103108</if_matched_sid>
<same_source_ip />
<description>Multiple rejected by RBL</description>
</rule>
