Jay,
Depending on the firewall you have, it may be configured to act as a proxy, in which case connections would appear to becoming from the (proxy) firewall. This would prevent many of the SPAM controls from working properly.
If your firewall is set up to NAT connections, then the connections should appear to originate from the original mail server. (I believe it may be possible to have the connections appear as though they were coming from the firewall, but that's the definition of a proxy.)
That said, our SMS appliances are behind our Cisco PIX firewall in a DMZ subnet. The PIX accepts traffic for our public IP address, then using a one-to-one NAT routes the traffic to the SMS appliances in our DMZ. To the SMS, the connection is coming from the originating MX server.
The firewall is just there to limit the attack surface of the entire network, including the appliances. The Appliances are based on Linux and have a pretty good firewall and configuration in them, so I wouldn't be too nervous about putting it directly on the Internet, but having our entire attack surface listed and managed in one device (the PIX) is simpler to maintain than multiple systems with public IPs.
It does mean that you really need to stay on top of updates and logs for your firewall as it becomes a single point of failure.