One of the biggest red flags would be finding out that you have become listed on spamcop or a similar RBL
Seriously, the fact that you realize the importance of examining the logs and watching for things out of the ordinary puts you ahead of the game. There are a couple of things I would think to watch for. Periodically you should scan your logs and looking for "sent" is good. Just make sure that you recognize the sender and that it isn't some strange thing you have never heard of. Also look at the recipient, as this could indicate that someone has cracked your account password and is using it. The second thing would be to look for lines like this:
Sep 12 10:11:41 server postfix/smtpd: NOQUEUE: reject: RCPT from 118-160-208-234.dynamic.hinet.net[188.8.131.52]: 554 5.7.1 <firstname.lastname@example.org>: Relay access denied; from=<email@example.com> to=<firstname.lastname@example.org> proto=SMTP helo=<184.108.40.206>
I received that one two days ago. The big thing to note is the relay access denied, which means that your authorization is doing what it is supposed to. Unfortunately, you are going to get plenty of this kind of crap. Fail2ban uses regular expressions to match the reject and 554 response code and trigger on that to block the IP.
You may also get a lot of connect from, received disconnect from, etc in a short period. Sometimes the attempt is to confuse or overload your server in an attempt to soften up the security. Postfix will respond to this by throttling back at hard and soft limits.
Other things to consider doing, make sure you have a valid MX and SPF record in your domain's DNS. Other servers can use these to help verify your credentials and it is an indication that you are a valid mail server.
One of the biggest threats you may face is someone using your domain, not as a spam relay, but as a spoof at the bottom of the header chain to make it look like you WERE the spam relay. Wietse Venema (the creator of Postfix) had a really good white paper on how he configures his server to help identify that the mail didn't originate from his server. I don't recall all the details, but one thing he does is make sure that the server identifies it self with a subdomain name, like mail.postfix.org rather than postfix.org. You may want to look at some of those things.
Lastly, receiving spam will become something of an annoyance. The longer your domain and address are out there the worse it will become. Learn to use the tools like spamassassin, scan your mails for viruses (which won't effect you, but you have a responsibility not to propagate them), etc.
If you install a web mail client, like Squirrelmail or Roundcube, I suggest that you only put it on an HTTPS page to help ensure that passwords and accounts can't be sniffed. Same thing goes if you use postfixconfig.php, PHPMyadmin, or anything like that, which need extra security (I recommend making them LAN IP accessible only if possible, and requiring certificates and passwords).
Enjoy running your own production mail server. It is definitely a rewarding experience.