It seems undesirable to divulge the auto spam and ham training addresses at all, let alone trusting users to use them properly.
The ability to train on a user spam folder exists
That is essentially what I do on my existing non-zimbra server with a daily cronjob, but passwords are a non-issue when using Maildir.
./zmtrainsa <server> <user> <pass> <spam|ham> [folder]
Zmtrainsa calls zmspamextract which calls `zmjava com.zimbra.cs.util.SpamExtract`. By default no username is given and it seems to login as zimbra and extract email from presumably the "spam" and "ham" accounts (depending on a -s or -n argument). Correct?
It would be really nice to run zmtrainsa on a user without knowing their password. Can this be done?