I block mail at various levels. Postfix lets me block mail during the SMTP handshake for hosts that don't have an A or MX record, and for delivery to addresses that are known spamtraps within the @stonehenge.com mail domain. Then, the mail goes to amavis, which uses SpamAssassin to block mail that looks very spammy (I have this set fairly high to avoid false positives). Then, $email@example.com mail gets delivered to my procmailrc for sorting, and I do further checks for simple mydoom and sobig patterns, and finally I call clamscan looking for known virus payloads. Altogether, I've got about 10 log files being written in two different formats (/var/log/maillog vs rfc822 headers).
But, POE to the rescue. I set up tail watchers on all the various log files, extract the offending IPs of the hop prior to my box, and then issue simple pfctl commands to add and delete those from a block list in my OpenBSD pf firewall. The address goes in, and 2 hours later, comes back out.
At the moment, I have nearly 2000 addresses in my list that have assaulted me within the last two hours, and get about 300 attempts a minute to reconnect. Using tcpdump with openbsd's passive fingerprinting, I can see that most of the block reattempts are repeated hits from windows boxes on cable or DSL, very likely worm-infected machines that would be much better recycled than online.
The result is that my loadaverage has now returned to sensible values, and my total bandwidth due to mail is back down to a reasonable 5GB/month average. Yeay!