It is usually best to limit attachment sizes from within your mail server. If it is an AD environment you can limit attachment size per user.
I have found that if I am trying to block it from the user level, I will setup a quick acl that blocks traffic from the user to the mail server. This works well when someone is re-downloading their 3GB mail box across a T1 during normal business hours. As an aside we don't have network wide QoS set up yet. So I have to use duct tape in the mean time.