That schema is okay, but you really shouldn't be connecting your border router to the switch AND to the firewall. It should be going Internet -> Gateway Router -> Firewall -> Switch. The Linux box is sort of in an odd position. If it's intended as a second firewall, that's kind of redundant given the rest of your design. If it's intended as a server it should be attached to the switch.

To answer your points about controls:
1. Squid is an HTTP proxy with the ability to filter out sites you don't want based on a ruleset.

2. Blocking junk mail can be done with a tool like Spam Assassin. Also, consider alternate mail clients such as Mozilla's, it has built-in junk mail flagging and IME is pretty good. If you need to keep email centralized, you want an IMAP server instead of POP3. The email is stored entirely on the server in IMAP which makes it simpler to back up the entire organization's emails.

3. Not quite sure what you mean by this, it sounds like more than just applying patches regularly, so please elaborate.

4. Viruses can be mitigated through the use of an email content scanner, as well as desktop virus scanners on each PC. If you go the linux route for the email server, Kaspersky offers several packages for servers that can do the email scanning as they come in. I used it for a few years, and it was stable, never really had many problems with false positives, but it did slow down the SMTP process a bit.
As for desktop virus scanning, all my experience has been with (now) Symantec Anti-Virus Corporate Edition. For network station management, it's fairly well done, though I haven't played with the latest versions.
As for popups, there is various popup-prevention software, however I think there are ways to configure squid to strip out specific javascript.