I've found that SA works well by default, except that I'm really intolerant of any spam in my inbox, so I use thresholds that others consider unreasonably low. I retrain on all spam and all ham daily (moving uncaught spam to a spam.manual group, letting correctly-tagged spam stay in spam groups, and moving false positives to the right place). This is fairly fast because already-learned mail is reasonably quickly skipped.
Recently I paid attention more and spiffed up my config, and two things made a big difference: enabling razor2 (just installing the perl package) adding every legitimate host that accepts mail for me from the internet to trusted_networks (an example is mail.netbsd.org). This enables address-based blacklist checking on the previous hops.
