I use the open-source MailScanner with ClamAV, spamassassin and MailWatch (web interface for MailScanner) on my mail gateways which does (if you configure it) everything you require (and a lot more). I have found it to be a fantastic and highly customisable system.
MailScanner interacts with a number of MTA's (Postfix, Sendmail, Exim and probably a few more), and SpamAssassin for spam detection, plus a whole load of virus Scanners (including ClamAV which is open source and free!).
You can use a number of different spam and phishing fighting techniques and technologies with MailScanner, too many to name here, and indeed your MTA. Its well worth investigating as I`ve been running it for years and its been brilliant.
The MailWatch web interface allows you to monitor email flow to and from your servers and also and manage black/whitelists all from a web interface, and its all stored in a MySQL database.
Its well worth visiting their site: http://mailscanner.info
, there is a lot of useful info on there to get you started.
Hope this helps, its just one suggestion which has proven invaluable to me. Good luck with your spam and virus fighting!