Be careful not to accept email and then send a failure notification (this is especially important if you're running a backup server, because it needs to behave the same as the primary server and then primary server needs to accept everything from the backup - even if it's now spam or contains a virus).
Try to restrict your outgoing email to be from a specific list of known domains. Ideally don't go sending email from some default root@localhost.localdomain
address.
Try to check your outgoing email for spam too, and quarantine it if it's really high.
Try to apply a rate limit to your outgoing email, quarantining it if you're sending an unusual volume of email.
Don't run mailing lists unless they're double opt-in. You also need to respond promptly to bounces which may indicate the email is being marked as spam.
Forwarding email is a nightmare. Ensure you don't send failure notifications to the original sender (direct them at yourself instead). Try not to forward spam. If at all possible don't do any forwarding because it's hard to maintain a good reputation unless you're a known big forwarder.
Register your IP with: