User Tools

Site Tools


SpamAssassin and Postfix

Note: This page has been resurrected from my old site (R.I.P.). As I still see hits in my logs from people looking at it, I managed to get its content and put it here.

SpamAssassin (SA) updates its bayesian filter with the command sa-learn. However, if one use a setup using for instance AMaViS to activate an antivirus and SA for all the mails going through the server, it can be useful to provide 2 mail aliases (eg and to report false positives and false negatives that could have gone through SA. Theses aliases would allow, just by forwarding the offending mail, to transmit them to sa-learn.

To achieve this we will configure several parts of Postfix and use a wrapper script for sa-learn.

Beware: for this to work with the provided script, your forwarded message must be in the form of message/rfc822. Ths is possible for example with Thunderbird or Mozilla by choosing to forward messages as attachments in Options/Composition. A following version will accept Outlook forwarded messages. If you want to do this yourself, please tell me and I will include your patch. Thomas A. Luther tells me that if you compose a new message with Outlook, then drag and drop the spams/hams to it they will be sent as message/rfc822. So this can be a method.

Postfix configuration

/etc/postfix/aliases file

In this file, add the two first and optionally the third aliases like this:

spam:		spam@spam.spam
ham:		ham@ham.ham
notspam:	ham@ham.ham

You can now issue the command newaliases, it causes no harm. These aliases will redirect the mail towards the special domains that we will define later.

N.B. : The aliases spam and ham are examples. To avoid their spreading and thus being targetted by spammers, choose other aliases at your convenience.

/etc/postfix/ file

Here we are going to define the transport file (if this is not already done) :

transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport file

You must create this file with the following lines, or just add them is it already exists:

spam.spam	sa-spam:
ham.ham		sa-ham:

These lines define (fictitious) domains for which we will use a special transport defined in /etc/postfix/

Don't forget to issue the command postmap /etc/postfix/transport.

/etc/postfix/ file

Here we are going to setup the domain transports defined previously:

# Spam & Ham
sa-spam	unix	-	n	n	-	-	pipe user=amavis:amavis argv=/usr/local/bin/ spam ${sender}
sa-ham	unix	-	n	n	-	-	pipe user=amavis:amavis argv=/usr/local/bin/ ham  ${sender}

Replace the user=amavis:amavis parameter with the user:group that executes SA in your configuration.


The script is available here. Download it in /usr/local/bin and edit it to set variable $UNPACK_DIR on a directory that you create in the $HOME directory of the user that execute SA (for instance amavis) and the $SA_LEARN variable to the path of the sa-learn executable. the $DEBUG variable purpose is to verify the correct setup of this hack (see below). The @DOMAINS variable has been added to check the sender against predefined values to allow only some senders to use these aliases. Set it to the domains you want to allow. Don't forget to set the rights and / or owner of the script to allow executing by amavis user and / or group.

Note: The script use the MIME::Tools package that is either already available for your distribution (for instance perl-MIME-tools-5.411-6mdk for Mandrake 9.2 (wow, not really recent :-P)), or at CPAN.

Final setup

Issue a postfix reload.

To check the correct configuration, set the $DEBUG variable to 1 in the wrapper script and forward a spam to the address where is your domain. Check any error in the logfiles and wait until a line like this:

Jan 10 05:12:49 moulin postfix/pipe[8288]: 72C167E0C: to=<spam@spam.spam>, orig_to=<>, relay=sa-spam, delay=15, status=sent (spam.spam)

appears in the mail logfile (or in /var/log/syslog). Then check the file(s) /tmp/ (where pid is the PID of the process) to see if the SA tokens match the text of the spam that you forwarded. Do this test again but with a normal mail that you forward to Don't forget to set the $DEBUG variable back to 0 if everything seems OK. The $DEBUG variable also ask the script to output some MIME::Tools info to /tmp/spam_err.log.

In case of problem, suggestion or question, email me to

publications/sa-postfix-en.txt · Last modified: 2013/12/14 00:27 (external edit)