Some of the things which can be done from WHM to harden your mail service :
From WHM Main >> Server Configuration >> Tweak Settings:
* POP3 connection limit option prevents lots of POP3 connections.
* POP3 flood prevention option.
* Prevent “nobody” from sending mail : This will ensure that PHP
scripts user the ownership of user “nobody” will not be able send any mails.
* In service manager you can find the option “antirelay” . Turn
this off so that each time POP3 connects authentication would be required.
Try to use Secure protocols and related ports
These are just basics in hardening the mail system. More ones to follow……