I very highly suggest against manual blocking at the firewall level. For one, your list is impossible to maintain -- what happens when somebody fixes their IP address and now wants to send legitimate mail? More to the point, this is exactly why we have DNSBLs. If you use bl.spamcop.net, you're already covered for a large number of botnets and network abusers. I heavily rely upon the DNSBLs from SpamCop, PSBL, Spamhaus Zen, and JunkEmailFilter. If you're talking about more than just mail, I suggest a temporary banning utility like fail2ban. I can't imagine running ANY server without fail2ban configured and running on it. Fail2ban will note consecutive failed login attempts within a small window of time (default: 10m) from a single IP and will ban that IP (at the firewall level) for another small window of time (default: 10m). This essentially prevents brute-force login attempts (unless they're distributed attacks). If you want to aggressively block other countries (which I'd call a bad idea -- what if a friend on vacation emails you from a hotel in Hong Kong, China?), there are more elegant ways to do that, too. I find it safer to target specific problematic foreign languages and character sets. SpamAssassin has a plugin called TextCat which allows you to deny mail by language or character set. I have a custom SpamAssassin ruleset that assigns points to abusive IP blocks listed in SenderBase (a sister of SpamCop). I used to have a custom SA rule that blocked all of APNIC (The Asia/Pacific Network Information Centre, the IP-assigning body for Asia and the Pacific, much like ARIN does for North America), but the spamming paradigm of using open relays (which were at one point quite abundant in Asia) seems to have fallen out of fashion in favor of mail via zombie botnets. If you want a server-side trick that kills a massive percentage of incoming spam, try greylisting. Greylisting for my company knocks out a full 80+% of the spam without wasting the resources that SpamAssassin and ClamAV would.