Yes, I have chirpies script, and I thought antivirus.exim was a cpanel script.. it has been in every server I have. Honestly it is a pain in the butt sometimes, as people try to send ligit mails and have to compress some things.
I tell all customers to set to fail instead of blackhole now days,, but some use blackhole and filtering to make forwards (not sure why) but can't force them all to use fail, because it breaks that filter method.
I think it is chirpy's script.. exim deny, for dictionary attacks. It seems to do a decent job but only if they hit 3 or more addresses at a time, and I notice now days, spammers are sending 1 or 2 at a time to get around that.
bfd was aother step I was going to take this week. It isn't installed yet, but have bookmarked the pages to get it installed.
Yes, most of the spam is coming from off server. Other spam from a script.. we are working on that, but you can tell it comes from the server, because they can hit every user name on the server.
Spammers need to die!