I just found this reading through the spamass-milter man page (and tested it, though a little scarily).
spamass-milter suports a -b and -B option. Both say "Messages that ARE spam (have met or exceeded the required spam score) forward them to this address."
spamass-milter starts in the /etc/init.d dir, but it's config file lives in /etc/sysconfig. If you were to open the file in /etc/sysconfig (the file is spamass-milter) the last line says (or might say) EXTRA FLAGS="-m -r 15"
(the -m says DON'T change the subject line, the -r says reject msgs with a score of 15 or higher.) to make this work, add the -b or -B (-b says send a copy to my systemwide spambox PLUS to the intended user, -B says just send a copy to my systemwide spambox).
Here's the catch, and what spooked me! I left -r in there. So here comes a spam that scores 20. It's SPAM, so off it goes to my systemwide spambox, but root also gets a copy of the rejected spam. This is apparently accomplished by firing off another sendmail, so you start a loop, because sending the message to root, why it's spam, so send it to my spam box, but it's spam, so notify root, but it's spam so notify my systemwide spambox...etc. I was amazed when i did 'tail -f /var/log/maillog' and just watched messages spinning by!
I want to try this some more tomorrow. But I think the fix is to remove the -r (be careful, sometimes the extra flags are set in the /etc/init.d script too) and use -B, and then sort it once in a while. For some that get thousands of spams, this wouldn't work. But for those of us with smaller loads, this might be perfect.
I will test this more on my test box tomorrow and report back.