Make sure all your software (that includes Sendmail) is completely patched. Then use
iptables to block out all the IP's except those that need legitimate pop3d access. Dont leave it open to
any.
If you search on this forum itself you'll find loads of
best practices for hardening a system so I wont repeat myself too much
.
Cheers
Arvind