One of the issues was that they are using a not very up-to-date version of Postfix, and there did not appear to be a procedure for updating it. It was not very clear to me how you could receive emails without configuring your router to forward incoming emails for port 25 to port 26 of the Nomx. I am not sure how you could access you emails remotely without configuring more port forwarding on your router.
I also don't think that Postfix does any spam filtering, as you might expect from an ISP email system.
nomx, as I understand it, doesn't communicate on TCP port 25 when configured as directed so you can't receive regular email with it. It communicates with other nomx devices on TCP port 26 and you have to tell it the IP address of other nomx users you want to communicate with. As outlined in Scott Helme's article, this introduces problems of its own.
It seems there's nothing stopping someone making a direct SMTP connection to TCP port 26 to send email from a non-nomx device as all the protocols it uses are standard. I have no doubt that nomx devices can be found listed in Shodan and other similar sites by doing a TCP port 26 search.
Given the vast number of TCP port 25 probes my firewall logs for IP addresses which don't run SMTP and aren't an MX listed host, I'd be very sceptical that simply having no MX record is a very effective security solution for hiding mail servers.
If you make an SMTP connection to a nomx box on TCP port 26, the nomx box will reply with its hostname - which very likely includes the domain it handles mail for, although I'm not going to buy a nomx box to test this.
Postfix in its native state has no spam filtering, as you say, but can be configured to use external spam scoring and filtering programmes, just as other mail servers can. Zen Internet, for example, uses Exim as its mail server with Spamassassin
I do use quite a few different techniques to help with spam filtering and I also run my mail servers behind a firewall SMTP proxy which strips out invalid commands and also hides the MTA version information.