How do I ensure that procmail is working?

If you already use procmail, skip to the next section. If not, ensure procmail is installed using which procmail or install it from Note that some systems use procmail by default, so the directions in the next paragraph may not be necessary for your installation. Also, some accounts require use of web-based configuration tools to specify that a given mailbox should "filter" to /usr/bin/procmail (for example).

In a traditional shell installation, create a .forward file (or .qmail as appropriate) in your home directory containing the below lines, but replacing user with your username (which you can discover by entering whoami) and entering the correct procmail path (which you can discover with which procmail):

"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"

The above does not fail gracefully and requeue with Postfix 2.3.0, however this does:

"|/usr/bin/procmail || exit 75"

It's worth noting that a lot of MTAs already use procmail as the default MDA (mail delivery agent), so setting up a .forward file is likely not necessary. For instance, in postfix's

mailbox_command = /usr/bin/procmail -a "$EXTENSION"

How do I use SpamAssassin with procmail?

Now, edit or create a .procmailrc file in your home directory containing the following lines, which come from the procmailrc.example.

# SpamAssassin sample procmailrc
# ==============================

# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 500 kB
# (500 * 1024 = 512000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
:0fw: spamassassin.lock
* < 512000
| spamassassin

# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
* ^X-Spam-Status: Yes

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
# NOTE: This is probably NOT needed in recent versions of procmail
* ^^rom[ ]
  LOG="*** Dropped F off From_ header! Fixing up. "
  :0 fhw
  | sed -e '1s/^/F/'

If you already have a .procmailrc file, add the above lines to it.

To minimize the chance of false positives, especially if you are using Bayes training, you may want to put these rules after any other rules which handle mail you don't want scanned, such as legitimate administrative and mailing list traffic. Alternatively, you may want to scan all mail but tweak your rules so that administrative and mailing list messages have to meet a higher threshold (X-Spam-Level) before they are treated as spam. There are pros and cons to each option.

If you don't currently have a .procmailrc file, you can use the procmailrc.example file from the Spamassassin docs directory, or import the current sample by entering, for example:

mv procmailrc.example .procmailrc

Detailed instructions

See SingleUserUnixInstall for very detailed instructions.

Important details

If you're running procmail as root, you need to add the line DROPPRIVS=yes at the top of the procmail script to avoid having an invalid owner of the processed email.

Another common (but more complicated) use of procmail is to forward mail to another account, after processing with SpamAssassin. This can also support mistake-based Bayes training. See ProcmailToForwardMail.

The spamc client program can be used instead of spamassassin, if you intend to install and use the spamd server system-wide.

Read 'man procmailrc' and 'man procmailex' for further details and explanation.


  • No labels