Dean Anderson writes:
You are obligated to carry the packets you are paid to carry. You may not look at their contents other than for incidental reasons, such as routing and delivery. (and correct routing and delivery.)
But don't take my word for it. Look at Cheswick and Bellovin on page 205. They say the same thing.
From page 205:
"It is quite permissible to look at stored files if such a look is necessary to provide the desired service." So if you tell your customers that you are selling them a service that includes SPAM filtering of some sort it would be ok. "...system administrators are permitted to protect their own property." So if spam traffic is causing operational problems (disk space cycles, staff time), it would seem to be ok. "Examination of fraudulent messages is quite permissible, if the intent of the message is to defraud the service provider." Forged SMTP headers come to mind. Unauthorized 3rd party SMTP relay comes to mind. It looks to me as if you stopped reading about one fourth of the way down the page.