Sendmail has a feature that puts in a delay after the initial client connect, before issuing the greeting. Some spammers don’t wait for the greeting, but just send their commands. Sendmail can then look for commands that come in before the greeting and know that these commands are bad. It works pretty well.
Edit /etc/mail/sendmail.mc
dnl # Pause to try to catch spammers. Drops mail from spammers who don't dnl # wait for the 5 second delay FEATURE(`greet_pause',5000)
Edit /etc/mail/access to not use the delay for mail from the localhost
GreetPause:localhost 0
Then, put the changes into effect.
make -C /etc/mail makemap hash /etc/mail/access.db < /etc/mail/access /etc/rc.d/init.d/sendmail restart
Check what's being dropped with:
grep pre-greeting /var/log/maillog
After around 40 minutes, I had already dropped over 50 connections.