I am personally using my own mail server and I did the simplest possible thing - every incoming connection is checked against dnsbls: sorbs, spamhaus and spamcop (all three allow you to look up addresses for free). This blocks nearly all spam and after nearly a year I've never had a false positive.
If you are into setting up and running something yourself, you can use spamassasin (free oss). This is not terribly hard to set up, but worried about false positives I never really used it. I am filtering for a small number of savvy people using Thunderbird...
Speaking of which, thunderbird has a reasonably decent filtering feature. It takes a while to 'learn' but it has been quite useful in filtering out the few leaking spam messages from dnsbls.
There are countless commercial packages and I bet somebody else will cover that. Hope this helps
A list is only as strong as its weakest link. -- Don Knuth