I've submitted an enhancement request via Zimbra's Bugzilla for SMTP send quotas.
Here's the problem that makes this a necessity: 1) email client applications that leak spam, or 2) a password that has been stolen.
The difference between what a person would send, and the amount of spam that a bot would send is widely different. So quotas don't have to be restrictive, right? And when the user complains it may be inconvenient for them, but it's a sign of a bigger problem. A sign you nor I have today to help us address compromised workstations or accounts.