I'm using SA as well; it's fine for me. My big trick is to route a bunch of stuff right into the spam training system. E.g., when a tagged address I've given out is compromised, that goes right to training. The same goes for spam to random names: also right to SA spam training.

My theory here is that statistically, by the time a spammer tries to send one to an active address, they're likely to have already fed things into the trainer, often multiple times.