I've been noticing that a lot of spam is getting "helped through the system" by BAYES_00 of -2.5 or so. In a majority of these cases, the spam would actually be caught without that change, since they'd be above the 3.0 threshold I have set. (For the most common spam, I'm also seeing the automatic whitelist kick in and give the spam even more help.)
I suspect that the problem is because there's no way for IMAP-using users to indicate to Zimbra that something was spam, so it ends up on the AWL or in Bayes' ham data by default.
How are people dealing with this? If my mental model here is correct, it seems like this would plague all installations that are dominantly IMAP, so I hope I'm missing something easy. Resetting my bayesian database makes me quite nervous (would I need to tweak my tag/kill settings back to the originals and nudge them back down?), but I could entertain it.
I'm running 4.5.10 at the moment.