- Maximum number of messages per hour from one IP address.

While this certainly can cut down on spam, be careful here. A on-going conversation about a support issue or any other complex subject might bounce back and forth quite quickly and could easily exceed 60 messages per hour. Setting this is not going to prevent legitimate email; it just temporarily delays it. A legitimate server will try again later; a spammer probably won't.

- Maximum number of concurrent SMTP connections from one IP address.

Again, this can block some spam, but keep in mind that legitimate email can and will make multiple connections for efficiency. Don't set this too low if, for example, your users have a lot of correspondence with AOL users or similar big servers.

- Block if sender's mail domain was not found in DNS.

That's checked by default and ordinarily would be left that way. Why would you want to accept mail from someone without a DNS name? The only possible justification would be if you had other mailservers within your network, but even then you'd be smarter to put them in DNS and block anyone else without a DNS lookup.

- Maximum number of recipients in a message.

This can be an effective block against spam, but it can also be a problem if you belong to mailing lists that (stupidly) list all recipients in the "To:" line. If that's not an issue, leave it checked and set the limit to the number of users in your mail domain.

- Maximum number of failed commands in SMTP session.

By default, this is checked and set to three. The most likely source of failed commands is someone exploring your server for weaknesses - an ordinary SMTP conversation shouldn't have many failed command. It might check for ability to do encrypted sessions, but it shouldn't do much more. Leave this checked.

- Limit incoming SMTP message size.

This is a good one to set, but you do have to think about your legitimate needs for larger messages.