A side affect of trying to understand the SmtpEvt daemon is that I now have a better understanding of the options in the MercuryS Compliance tab and of the potential value of transaction filtering as way to immediately blacklist an IP address that has been identified as repeated trying to gain access. My "refuse" entries in Connection Control have been removed opting for transaction filtering rules instead.
I've standardized the rules as per below with only the IP address changing but welcome suggestions on a better or more appropriate way of doing this.
H, "*184.108.40.206*", BS, "554 Relaying not allowed - connection dropped"
I'm anxious to see the effects of this change in conjunction with SmtpEvt.