I have a node on the internet consisting of a web server and an email server clustered with failover.
This outward appearing euphporic situation is not without it's own set of considerations given the behaviors expected viz a viz those encountered:
1. Accessibility. Every spammer out there thinks they need to be able to pelt you with whatever unsolicited commercial email they see fit to send. Some go so far as to appear to view it your patriotic duty as a denizen of the global electronic village to accept that spam without any form of countermeasures.
2. Open relays. If you allow your server to send mail from anyone to anyone else it will be blacklisted as an open relay. I have never had this problem because I maintain a restricted access control list and if you're not in one of those domains I support you can pretty much forget it.
3. Configuration errors. It's easy to goof up some setting and render your server inoperative for whatever reason invoked by those errors. If you maintain an email server you should actively pursue proper configuration bearing in mind the grief your "bleeding edge" distro update might cause.
4. Software updates. You should maintain all updates deemed appropriate to your operating system distribution — if nothing else from a security standpoint alone. Exploits are easier on obsolete modules in the stack and there's always an exploit waiting to happen.
5. Firewalls. I used to be this tight butt hair trigger firewall implementation whereas now I just drop your packets and let you hit the node as much as you like by and large. The exception to this of course is the never ending attempt by individuals who keep doing the same thing incesantly and expecting different results. HOWEVER, I never reject packets anymore because of the consequences of backscatter traffic ... there are individuals which will hold that against you and I have sought to be a much kinder, gentler, tolerant geek in my old age.
6. Know thy enemy. I have amassed a database of subnets from which exploits and hack attempts proliferate. These are typically firewalled as a precautionary measure. I don't feel the need to court disaster just because it happens to be lurking in my midst.
7. MX Records. It became obvious early on that the bulk of spammers don't bother to incorporate DNS records aside from those provided by their ISPs. I require anyone sending email to do so from a server with a valid MX (mail exchange) record in an effort to curtail these residential customers out to make a killing in the spammer markets which abound.
8. Discarded email. I have several sets of rules by which email is discarded. I discard email from specific email addresses, specified domains, keywords in the header, subject, or body of the communication, and I generally reek havoc that is now silent but deadly.
9. To sum it up; if you need access you get it because I want you to have it. If you don't need access your are likely discarded at the server. These granular (low level) controls are the culmination of years of experience and a great many mistakes along the way. I can implement or reverse any block anytime for anyone anywhere. I prefer peaceful coexistence above all things. This is simply the way it is.