Does someone how spammers procced when they target mail servers directly?

If have a mail filter said up on some domains, so they forward mail to the filter and then back to the server.

I still get spam that doesnt even pass to the filter, spammers put the mail directly into the server.

I think they where targeting the low Mx records to my server instead of the high ones.
I erased the old ones that where low to let only the filter handle mail.

But I still get spam.

Could this be because i still have record in the form of a A record.
mail.domain.com that points to my IP

Any one heard that spammers spam via this A record? Or are they targeting my IP directly.

Putting a firewall to port 25 so only the filter connects is out of the way since its a shared mail server.

So im stuck?

I found that spammers use really old DNS servers or something. When I disabled an MX record and move it, the old MX still got hit for up to 15 days later. I have seen spammers target lower priority mail in hopes that it doesn't have filtering. I've ended up just stating one MX records for my domain that points to my filter and refuse to let anyone but filter connect to SMTP server. I set up port 587 as alternate SMTP submission (as noted by RFCs) and only allow Auth SMTP to that port and pointed all the clients to that one.

Yes, well i have set up the filter more then a month now, so I would discard the spammers that still use my old DNS record. I still had the old DNS record yersterday but it was not pointing directly to my server. I deleted that one and then i changed the A record mail.mydomain.com to securemail.mydomain.com

Now it seems it stopped. Let me cross my fingers. The way to stop it completely so they are forced to use my MX records and now be able to deliver mail directly would be configure the firewall to deny any traffic to the mail server except for the filter, but that enviroment is only possible in one if this 2 cases.

Thats the only domain you have on that server. Not shared hosting
Or register all domains with the filter.

Well I hope the changes i did works, today i did not received any spam, not directly at least, they all passed via the filter so i suppose the mail.mydomain.com could have being the issue and now spammers dont now where to target anymore.

I really dont think spammers target the IP directly because that would require major headache on they part to always resolver first where the domain is pointing. Anyway spammers are getting smarter but if they spam direcly i without following the router like a regular mail then maybe its more easy to stop them. Maybe some config on the mail server that doesnt allow direct delivering of mails so they are forced to go the regular channels.