The best way ro prevent spam is
1. prevent spam from getting into your mailbox,
2. have SA work with a good ruleset.
This tutorial by falko should server as a good starting point: http://www.howtoforge.com/block_spam..._level_postfix
Don't read its config as if it were set to stone. Take your time to find out which RBLs works best for you. In my case the SORBS lists tend to block too much ham (escpecially freemail servers as hotmail, tiscali, ...). Abuseat's RBL is not needed if you use Spamhaus (it's included) and their sbl-xbl RBL shouldn't be used anymore, use zen instead.
Other tutorials may advise you to use reject_unknown_client. While technically the use of this rule is good you'll run into problems pretty soon, as many servers, even those of global players are often misconfigured and therefore would get blocked.
Use RulesDuJour in conjunction with SA to have a good base of rulesets and keep them updated. To use it with ISPConfig's SA, you better do some symlinking, so you do not have to change RDJ's code.