I'm sorry, but anyone who knows anything about mail and keeping their users from bitching due to blocked emails from receipients would never including the list;
SPAMHAUS
ORDB
SORBS SMTP LIST
SORBS IP LISTS
SORBS NAME-BASED LIST
SPAMCOP
NJABL
CBL
RBL's are so yesterday. There are better way to kill spam that will lower the false positives dramatically. There are only one or two RBLS that actually work to the point of not triggering false positives and neither of those two are listed above. The combination of MS + SURBL lookups at SMTP TIME, SA + PYZOR + DCC + TOP 200 SPAMCOP DOWNLOADS, RULES DU JOUR, would kill 94% - 96% of all your spam while keeping your users happy and bitch free. We have been using this combo for over 2yrs. In the past 2 yrs we have had less than 10 clients who have complained about blocked mail. Using the above list exclusively would be a huge mistake.
.... I find it amusing that so many are installing SA at the user level, including SPAMD/C. First of all, SPAMD/C are huge system resource hogs. If you have installed SPAMD/C on your server and its running high in resrouces you'd better check SPAMD. Not to mention what would happen if all of a sudden the box was spam bombed, brute force attacked or dictionary style attacked, SPAMD would we whirrling out of control at about 99% cpu cycles which would surely bring your box to a grinding hault. Second, why would anyone want to scan mail twice? If you are implementing a decent combo, like we are using above, SA at the user level becomes a useless installation. Why? Because mail would be scanned, not only at the server level, but then once again at the user level. What for? Why push your servers resources to the absolute limit? I mean, if you can't catch your spam the first time, without relying on SPAMD to score it, you shouldn't be running spam filters.
I just dont get this thinking. Its very possible, that most people just dont get it or don't know any better and thinking they should be offering their users just one more feature called SpamAssassin controllable from the user control panel, is just another great feature to include. I beg to differ, trust me, i should know. I am the author of countless documents, howtos and other article on the subject posted in various forums. Good luck with this.