I've had a Zimbra 4 install just doing spam/virus filtering, and sending all messages to an external MTA. I recently had a reason to upgrade to Zimbra 5, and now all messages get virus checked, but bypass the spam filter. Here's how I've determined this:
I connect to port 25 using telnet (from an external address off the Zimbra box's localnet), create a message for a user whose domain is relayed, and paste in a spam message I received somewhere else. On the receiving MTA, the headers indicate the message was passed off to the virus scanner (X-Virus-Scanned: amavisd-new at xxx.xxxx.com), but the X-Spam headers are not there (also the message subject isn't prefixed).
If I repeat this procedure for the local admin account, the message gets flagged as spam, the Subject is prefixed, and the X-Spam headers are present along with the X-Virus headers.
I have searched for an answer, but didn't come up with anything at all related to this. It seems if this was the intended functionality (to bypass local filters if relaying to an external MTA), then virus filtering would be bypassed as well. Repeating this same test with the same spam message on 4.5.10 produces the desired result; both accounts receive the message tagged as spam, and the X-Spam headers are present.
This install is on Ubuntu 8.04, Zimbra 5.0.11 i386. The installation was completely clean (both OS and Zimbra installed fresh). Once Zimbra was installed, I added the Relay MTA setting, and changed the spam kill percent to 100, then restarted Zimbra completely. Also, I unchecked Block encrypted archives.
Let me know your thoughts...