I'm a bit late to the party (was on vacation) but your woes sounded awfully familiar. I was getting slammed by spam a couple months ago. The domains changed daily, but the one consistent thing was they were all served by RRPPROXY.NET. I blocked the RRPPROXY.NET name servers at the firewall. Doing a whois lookup on wheelerweightoff.com, I see that it is served by RRPPROXY.NET DNS servers: NS1, NS2, and NS3. I'd bet the others are too.
After I did that, almost instantly the spam dropped dramatically. FWIW, I found no legitimate messages from the domains they hosted. Conveniently, they're a German company I think, and I'm in the US, so legitimate mail from them is unlikely. There was some discussion in this group about blocking on DNS providers about a month or so ago, spawned by my initial requests for help. I don't know if you have the luxury of dropping the connections at the firewall but it worked for me. Look back through the archives. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357
