i know this is not as easy for some installations as it sounds, but i use a firewall.
A bottom end sonicwall firewall will do (www.sonicwall.com) like the Tele3, and just open up what you want. it even detects smtp and other dos attacks and denies them (and alerts you) etc.
as a bonus you can use it's vpn capabilities to admin your box and not even open yourself to ssh vulnerabilities! (comes with a windows client, but it's just IPSec - i'm sure a linux box can connect to this somehow - but i haven't tried yet). or install a sonicwall firewall in your office and make a semi-permnanent vpn link.
of course there are other options in the same and different price ranges - it's just what i use.
