I run a Zimbra mail server at the K-12 school district where I work. Overall I really like the system, but my user base is very susceptible to phishing spam so once a month or so someone will give up their password to a spammer who then proceeds to use our mail server to send out their spam. Since 2011 I have had a script that tails the log files and disables an account if it sees 7 messages or more in a 2 minute window that include more than 20 non company addresses in the header fields.
For me there were two primary take aways from LISA'13. The first is that because of the "internet of things", the fact that we carry phones with us everywhere, and that data collection and storage costs become much smaller than the costs to sort through data to determine what data to keep; we have ubiquitous data or surveillance of our daily lives. Corporations and governments just sweep up all data instead of doing targeted data acquisition because it is cheaper and easier to do so. In fact they have lots of tricks such as asking for more data than needed on forms, reward cards, etc.