We're running a pair of Fortigate 800 firewalls from Fortinet; these nifty little creatures will do a bunch of things beyond plain firewall security ... if you pay for it. Even with the license fees to turn on the extra features (Spam filtering being one of them) they're still a lot less expensive than the old industry standard, Cisco's PIX.
The cowboy factor comes from the fact that on Monday I'll be heading up to Burlington, Mass. for a week of training. My senior network engineer is coming too. I'm pretty confident that this is all going to work correctly, or I wouldn't have enabled the Spam filter. I made the prerequisite engineering changes on Tuesday morning (altering public DNS records and firewall rules to send email from the outside world directly through the firewall to our Exchange server instead of going to our external mail gateway/virus scanning box first) and those performed exactly as planned.* Today I changed the Exchange server's "protection profile" in the firewall from Antivirus + Intrusion Protection to Antivirus + Intrusion Protection + Spam Filtering. So far, testing is all good, and in my inbox the filter is batting 1000 for marking Spam as Spam, and has incorrectly marked no legitimate mail. Looks like we're off to a good start.
* Ya ever notice that the top of our rating scale in IT is "good" or, as NASA would say "nominal". The tech is either doing what it's supposed to, or it's broken.