Hi,
You can only reject messages based on the connecting IP. It would technically be possible to filter at content scanning time on the X-Originating-IP, however there are a number of barriers:
1) this header is completely optional and may not be present on all messages
2) It can be easily forged or a proxy can be used
3) If present and not forged, blocking based on this IP may cause false positives. Over 80% of spam globally is sent using botnets - many IP blacklists identify either infected machines or machines which are not properly configured mail servers. However these IPs may also send legitimate email via proper mail servers.
Where spammers are abusing legitimate mail services, filtering based on content becomes more important. I would recommend enabling the Probe Participation feature in Symantec Brightmail Gateway version 9 to provide Symantec with as much visibilty as possible into local spam patterns so that filters can be created. You can also submit the missed spam manually but obviously this is more work and introduces a delay.
Best regards,
Amanda