SpamAssassin will produce false positives (flagging non-spam mail as possible spam), and this will drive some of your users up the wall. Quite a few mail users still get very little spam.
Here's some tips:
Note that there may be legal issues with site-wide spam filtering. For example, in the UK, it is apparently illegal to hold emails for examination for longer than 2 days. Also, the MailScanner info page reckons that under section 3(3) of the Regulation of Investigatory Powers Act, care must be taken to ensure that no-one other than the sender and intended recipient of any message can read any part of that message.
A possible way to route around this, is by simply using SpamAssassin in it's default mode, so that it simply tags the mails with their estimated status, instead of full mail filtering where you redirect or delete mail without the user's intervention. This way, the user still has final choice in what to do; and they can also rest assured that nobody on your staff has been "reading their mail". However, take this advice with a grain of salt – I am not a lawyer, so if you're worried, ask one.
Also, there will be false positives, so simply deleting or bouncing mail based on SpamAssassin's judgement is not a wise thing to do and not recommended.
Some tests, such as the mail-abuse.org RBL tests, require payment for site-wide use.