Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.
Proper config and fail2ban easily takes care of direct attacks.
Nevertheless, I wouldn't recommend it to anyone but the most determined.