Are you running a particular email server application? Some functions are application specific.
The most important thing you are going to have to realize is that SPAM is something that no matter how hard you try, some of it will make its way to your inbox. Combating it is a continuous game of cops and robbers. Every time you implement a defense, it forces them to get better.
With the above caveat in mind, There are many tools you can use and you really want to apply you spam control in layers. Some tools are simple and consume little resource while others consume a lot more. If you can do the job with fewer resources, the better. Each measure you implement may cause you to lose desired traffic so anti-spam becomes a tradeoff. So to give you an example, I use Postfix and here is what I do:
1 - Use the built in HELO restrictions to require a fully qualified domain name and a proper handshaking.
2 - have a black list of addresses that get denied
2A - block on attachment types typical of Windows viruses.
3 - use Greylisting to reject new senders the first time. This helps to ensure that they have a compliant email system.
4 - subscribe to an RBL to check the sender domain against a known spam list.
5 - run a content scanner such as dpsam or spamassassin, along with virus checking
6 - report the stuff that still gets through to Spamcop. This will cause pain for the originating ISP and may get them to take action.