You can't unfortunately use a hostname in an ACL. You can define a DNS server on the router itself, which then enables you to ping/telnet/etc FROM the router using the hostname, but it still doesn't allow you to use this to define an ACL.
When you say you've protected all ports, do you mean into your networks or do you mean that you haven't added the SMTP inspection line into your FW config?
If the former, and I presume you don't have your own internal SMTP servers here but are using the ISP's for your mail, then you'll just have to allow all SMTP into your network, there's really no good way around it.
If the latter, then this is good if the ISP is using Exchange, but as long as you have inspected TCP outbound, that traffic will be allowed back in. When using IOS FW, you can pretty much deny all inbound traffic except stuff that needs to originate from the outside, like HTTP traffic to an internal WWW server or something like that. If your users on on the inside, the mail servers are on the outside, then just deny inbound traffic, inspect TCP, and your users will be able to connect to the SMTP server and get their mail, but the SMTP server won't be able to initiate a connection to them which is fine.