I've got exim configured similarly to Jed's configuration, so that it rejects invalid email before involving a lot of resources.
Passing that, mail goes through spamassassin. Way back in the day, I used to run bogofilter, and have multiple folders for training. When I switched to spamassassin I was worried about leaving that behind, but it has been 100% successful. I have no complaints about the filtering, and it's just so much easier to not have to deal with training. spamassassin does have built-in Bayesian learning which works a treat.
Of course exim also runs everything through ClamAV. And any time a mail is going to be rejected, the connection is "tarpitted" for a good long while first. Really slows the spammers down.
Recently I've also implemented
Nolisting, as well as a modified version of
Unlisting. (Modified in that a failure isn't an automatic rejection, just a tightening of the spam score leash.)
Also, incidentally, I don't believe in having a Spam folder at all. When you implement a Spam folder, you're treating outright, blatant spam with more courtesy (a rejection notice) than you are the borderline stuff (which is effectively a delivery failure with no notice to anybody). I either accept mail or reject it, none of this limbo business.