To obtain the maximum level of security on your mail server you will need to consider the following aspects:
If you are using SmartPop then you should configure your SMTP Server to only accept a local connection. Do this by entering the appropriate IP address and subnet mask in the SMTP Server Properties page. You may also set the SMTP Server address to a local network address that is not visible to external machines and thus block access.
If you are using SMTP you need to consider enabling the MAPS RBL support and configuring the correct relay controls for your site.
The kill list can also be used to prevent misuse of your mail system. You can enter the email addresses of known spam sources and thus prevent them accessing the system.