# Wrapped for Perl Monks, unwrap before using
LOG="/path/to/mail.log"
IPT="/sbin/iptables"
BAN="$IPT -A INPUT -s  {} -p tcp -m tcp --dport 25 -j REJECT"
DUP="$IPT -D INPUT -s {} -p tcp -m tcp --dport 25 -j \
   REJECT --reject-with icmp-port-unreachable"

# Find the offenders and ban them from reaching port 25
grep -A1 "User unknown" $LOG | grep nr         \
   | perl -lne 'print /\[((?:\d+\.){3}\d+)\]/' \
   | sort | uniq -d | xargs -i $BAN

# Check the existing rulesets for dupes, and remove
$IPT-save | sort | uniq -d | perl -lne 'print /((?:\d+\.){3}\d+)/' \
   | xargs -i $DUP