The email flood seems to be fairly easily stemmed by a few simple rules.
First, don't accept mail without a Message-ID.
Second, don't let mailing lists accept bounce messages (i.e. messages with empty MAIL FROM:<>)
Third, enable sender verification callouts; also for recipients if your machine is MX backup for anyone.
There's been no vir{uses,ii} and only one 'bounce' get through to the linux-mtd list, and that one was because some vegetable managed to configure a virus checker to send its bounces as real messages instead of bounces -- either through cluelessness or in an attempt to add mail loops to the fun which is already being had by all. Abuse@upstream duly notified.
Eventually I'd like to see all mail cryptographically signed, with the public key available in the DNS for verification purposes.