Without sounding like I am downing Zimbra, I have prefered to put a MailScanner installation infront of Zimbra. The rationale around that is that I do not have to tweak Zimbra and leave it to what it is very good at without attacking the command line.
We use multiple RBLs with high success rate, plus image recognition, CRM114, MSRBL with Clam, and rolled our own RBL using the MailScanner/MailWatch MySQL integration. A script looks for certain criteria and generates a RBL which DNSRBLD uses.
We have had a couple of FPs due to Kanji characters, but on the whole .4% SPAM is getting through.
This does take management time, but has reaped the rewards, well that is what management tells me
