spam is a very serious topic for many email admins. Spam and viruses are only expected to get WORSE in the coming months/years.
I'd like to suggest an addition to zimbra that would make controlling spam easier. First of all, greylisting should be a standard component of zimbra. I've implemented this at various sites and it works amazingly well!
After that, the smtpd_restrictions help out a lot. But this needs to have a whitelist section due to so many email servers on the internet that aren't setup correctly.
These things are not too hard to setup on a clean Postfix installation. But zimbra does things differently, so I'm not too eager to experiment (or possibly break) the zimbra setup.
My vote is to implement greylisting (gld is a nice/easy one) and smtpd_restrictions with an easy to use whitelist component.