Tonight I geeked out, and setup amavis and fail2ban on my internet mail server. I already had spamassassin setup, but it was being called after accepting the inbound message, and it still delivered all the spam to my inbox, even though it was well marked as SPAM. Amavis acts as a filter to postfix instead, and causes the message to be rejected instead of accepted if it’s spam. It also calls clamav to protect against known viruses, and rejects them too.
I also setup fail2ban, which watches logfiles for various daemons, detects malicious intent, and automatically adds iptables rules to block access from hackers and spammers.