I recently setup Exim4, ClamAV and SpamAssassin on my VPS. I found many useful resources, but this one was fantastic.
I found an interesting paper on greylisting. I've use grey listing for a long time as the sole method to reduce spam. Basically almost 100% of spam is blocked by grey listing.
Occasionally legitimate email is blocked as well. However, one thing which I have found helps, is that I've whitelisted my entire country .nz. Most spam I get is from .com domains, so this has helped a lot.
The biggest problem with grey listing is non-conformant SMTP servers that don't handle errors properly.
You can see a diagram of what I finally ended up creating here, under Spam Protection.