Have you completely maxed out all your possibilities with tweaking the defaults of Zimbra's AS?
See this thread for ideas (it's only a few days old):
/forums/administrators/11142-i-dont-think-rbls-bayes-working-me.html#post58026
I just realized that that wiki article doesnt' actually describe what postgrey does, it just goes right into setting it up. (I'll add some notes)
It's Postfix Greylisting Policy Server, the original authors site
http://postgrey.schweikert.ch is down right now so Google or see
Greylisting.org for some examples.
A brief rundown of the concept of graylisting:
You take the mail 'hold it', then you send back a temporary error; so that they try mail delivery again. Then when a legit connection is attempted again the mail goes through. Spammers just tend to move on and not bother. The preferred method (and every graylisting software is different): If no retry is made within say 1hr you add x points to it's score and still deliver it. Thus no mail is really ever lost to accidental graylisting. And usually you whitelist domains/IP's somewhere so they don't accidentally spend time in your own graylist hold later on (and pick a day value for this auto-whitelist to expire) AND/OR you might permanently whitelist your frequent sender domains.
The basic idea is that spammers mail servers are not respecting RFC standards specifications which basically says that when an email could not be delivered, the mail server should try again later on. By sending so many emails, spammers can't afford to spend to much resources on resending emails when they could not be delivered, so they ignore return codes.
So if the email could not be delivered in the first place, they won't send it back to you.
From this idea, greylisting simply rejects any untrusted mail domain by giving a 450 response code, which means "I can't deal with your request now, please try again later". As spam mail server are not usually RFC compliant, they won't try back and therefore you won't get the spam.
For postgrey, when a request for mail delivery is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen less than x minutes ago (which prevents a spammer from trying 3 in a row in one minute etc; normally servers wait for say 10 minutes before retrying mail delivery-not something you set it's done on their end), then the mail gets rejected with a 450 temporary error. The sending server, according to correct behavior, should re-send the message. Legitimate mail servers will do this, but spam and virus servers rarely do. If the sending server is still trying after x minutes, Postfix accepts the message and could be configured to add the sender information to its whitelist database. So then you would be just seeing a x minute delay the first time they receive a message from a new source.
In all it helps derail a significant amount of spam, personally I'd love to see it officially built into zimbra (not necessarily enabled by default, but easily turned on).
Bugzilla
Wiki
Source
[SOLVED] anti-spam - postgrey 
Linear Mode
