why not use something like this that rejects ip blocks at the MTA level http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.html
it blocks anything on the "DUL" list which is a list the isp's put out of which ip's shouldn't be sending mail. the reject messages look like this Mail from 1.2.3.4 blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=1.2.3.4
