I'm curious about your methods. Is the mail server a Windows machine? Is it actually yours to administer? IPSEC (and ipseccmd.exe) are marvelous. I routinely block port 25 from vast network segments which are known to be served by APNIC (Asia), AFRINIC (Africa), RIPENCC (Europe), and LACNIC (Latin Anerica) ... but of course I'm not in business like you.