There's no question that spam has become one of the single biggest headaches for Exchange administrators. There
doesn't appear to be any one way to stop it, either, which makes it all the more insidious. However, any administrator can take one of three different approaches to block spam.
The first is to make sure your Exchange server is not working as an open relay. Spammers seek out and use mail servers that allow anyone to send mail through them, thus evading responsibility for their actions. Such servers are called open relays, and Exchange can be an open relay the same as any other mail server.
To keep Exchange from relaying mail blindly, fire up the Registry Editor, navigate to the key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceMSExchangeIMCParameters and add a REG_DWORD value named RelayFlags. If you set this to 8, any clients that successfully authenticate can relay mail. This way, remote hosts that have valid credentials can use the server (as well as local hosts), but other hosts who try to relay blindly will be rejected. It is also possible to set Exchange to explicitly allow or deny specific hosts or interfaces; the details are in Microsoft KnowledgeBase Article 193922.
The second thing to do is to block incoming emails from spammers. There are a number of third-party solutions for this, but one of the most openly available is a VBScript program from Outlook / Exchange developer Jason Sherry, which can check emails against remote blacklists of possible spammers. See www.outlookexchange.com/articles/JasonSherry/sherry_c1p1.asp for how to install and use this script, which is free, but requires a certain amount of personal tuning and an understanding of VBScript.