Recently I have taken over as both onsite IT and also head of our internal IT as the last IT guy resigned on my second day. Currently they just switched to an internal Exchange 2016 server and they're getting tons of spam now. I just barely figured out how to get the SSL cert setup correct and fix all the cert errors being thrown around.
I know there are basic anti-spam features in Exchange 2016, but I was wondering if anyone had some general guidelines on how to start off. I didn't want to enable all the filtering without having a solid grasp of what I'm doing since I'm not even sure how to check what emails were blocked in case I am blocking important customer emails. Any anti-spam advice in general for Exchange 2016 would be appreciated. Thanks!
The most basic and easiest? Get an upstream vendor to do it.
I'm going to make an assumption that your site is small (under 100 users), given that you aren't talking about other staff you have. In 2016, I'm hard-pressed to find a good reason for email to be in-house. Even enterprise installs are going cloud on email. Google, Office 365, or hosted Exchange will all do it better and cheaper once you factor in hardware, software, services, and skillsets.
If you absolutely must keep it in-house, at least put an integrated email security system in front of it. We use Mimecast, Barracuda if you're getting hardware, but doing it all in Exchange alone, when you have other things to do? I don't see added business value there.