If you run your own mail server you have to think carefully about SPAM protection of course. The first line of defence is in front of the actual mail server or at least before accepting the actual mail body.
The problem is that in some countries the mail mustn’t be rejected or dropped after the mail server accepted the mail from the outside. Therefore techniques like RBL or greylisting could help here.
Another option is using policyd-weight. This is a policy daemon that checks mail header and calculates a score for this. Based on this score the mail hits your system or not.
On a Debian system and probably on most other Linux systems as well, the setup is very simple. You can use the packages from your distributor and a simple
Of course you have to tell Postfix that it should use the policyd by adding
check_policy_service inet:127.0.0.1:12525 to your smtpdrecipientrestrictions.