Refusing all mail from anything with a generic hostname. Refusing
all mail from dynamic IP space. (See Steve Hesketh's excellent work
on this, for example.)
These two make it impossible for a user's mail client to submit email
to your MTA Server.
Yes, we know. Most people have separate submission and relay servers,
or if they don't, they configure the shared server to accept SMTP AUTH
from anyone, but un-authed mail only from addresses that aren't blacklisted.
ietf-smtp mailing list