Allowing incoming connections

[Riccardo Valente <Riccardo.Valente () lionbio co uk>]

Hello all, I'm considering the idea of allowing two incoming services through 
my firewall (FireWall-1):

(1) a newsfeed from a well-known machine at my ISP (PSINet), straight to my 
news server;
(2) email from anywhere to my mail server, but using FireWall-1 SMTP "security 
server"; this intercepts the connection and acts like an SMTP proxy, so that 
there's never a direct incoming connection to the internal server.

So far I haven't though about moving these services to a DMZ, because in case 
(1) I allow in just one IP address which I would consider "trusted", and in 
case (2) I'm using an application proxy to protect my mail server.
I'd like to hear your opinion on this configuration; would the (possibly) 
better security worth the extra costs and efforts of setting up a DMZ for 
those services?

Regards,
Riccardo