That depends on the environment. For a large server with international clients, I would stick to a more or less "vanilla" spamassassin configuration. For smaller or localized services, it should be customized for the mail usage of the customers on the server. We're a small host serving mostly english speaking customers, so the default install (with Razor, DCC and bayes all enabled) works pretty well, but we also added a few things:
1) We skip Spamassassin's RBL checks and do our own via rblsmtpd. That way we can change RBLs on the fly and order them by effectiveness and response times. I believe Spamassassin allows turning on and off each RBL test, but I'm not sure if you can order them.
2) We watched the spam ratings for several months, then set qmail-scanner to delete anything rated above a certain level, quarantine anything over a lower level and just tag the rest. We check the logs weekly to make sure we don't quarantine valid mail.
3) We provide spam forwarding addresses for our customers ([email protected]) to forward any junk they may receive to. Then we retrain the bayes system several times a week on a server by server basis.
4) We make use of IP and address whitelists to make sure that certain addresses can always get mail from certain sources.
Besides checking the debug output to make sure everything is working correctly, one of the best things you can do is learn to write your own rule sets. Spamassassin is already great against the "normal" spam that everyone gets, but being able to filter more "targetted" spam your customers get can be invaluable.