Thanks Mick, The situation is I have a customer who is hosting emails for a number of domains (his customers). He has been hit in the past when one of his customers got infected with malware that started sending spam out. This led to his IP being recorded in numerous blacklists, causing problems for his other customers.
That's interesting as most of the time I have seen malware that sends spam it tries to send directly rather than using a smarthost/relay it has harvested from the infected pc's configuration.
This is why in fact it is a very good idea to block SMTP outbound either from anything but your local MTA (if you are running one) or to anything other than the relay you are using.
I think if you go the rate limit route you are going to have to end up setting it higher than you expect. It would only take a few conversations that say had 10 recipients, 5 of which are at your customers domain, if 3 of those fire back messages to all and do that a few times in an hour.....