What I've do now is:
1) Spam over a certain score goes to /dev/null
2) Spam under a certain score, and over a certain score go to spamtrap incase someone's looking for something.
3) Low scoring spam gets delivered the user with **SPAM** in the subject which the users have a client side rules to move those to a spam folder.
That seems sane. What levels do you set?
First off, I use Postfix Policyd to greylist delivery.
With all the sare rules for SA 3.x, Razor, Dcc, and pyzor, I set our thresholds to:
Over 15 --> /dev/null Over 9 --> /spamtrap Over 5.5 --> Rewrite Subject
Most false positives fall between 5.5 & 6.5 (maybe 2 a day and it is usually due to a raher high score RBL). I have yet to have to into spamtrap to find good mail and I've used this for 4 months now. Just once was I given a false negative.
