Keep a log of posts containing user name, IP address, timestamp, content hash. Check for posts from the same user name or IP within the last 30 seconds or so, or posts with the same content within a larger number of seconds. This won't stop someone from submitting dynamically generated posts every 31 seconds, but it should at least prevent the majority of spam.