The snort rulebase intrusion detection system included in ASG will stop most attacks. If the rule you need is not in the snort database already (currently at around 4500 rules), then the worst case is that you have to define a custom snort rule.
hard to block such an attack if it is made good. Why? Because its rather normal mail traffic. The easy attacks come from faked addresses so sender verification will help you there.
The best way to block such traffic is to deny "User unknown" messages on the Mail-Server directly. But this will cause some trouble with the high elite "Hey tech, my Mail dosn't work because I use wrong address" guys and girls.
