2 min read 400 words Updated May 16, 2026 Created May 09, 2026
##email##server##spam#email#spam

Spam Filtering

This is how I filter #spam on my #email #server --Delimiter 21 September 2008

I follow the concept of defense in depth. There are multiple (3+) layers of defense.

Install Postfix, Amavisd-new, ClamAV and SpamAssassin.

Layer 1

This is the first line of defense. Roughly half of the spam is turned away by DNS block lists (DNS BL).

I configure postfix (main.cf) to check the following blocklists:

  • cbl.abuseat.org
  • bl.spamcop.net
smtpd\_client\_restrictions = permit\_mynetworks, 
reject\_rbl\_client bl.spamcop.net,
reject\_rbl\_client cbl.abuseat.org

Example rejection (from /var/log/mail.log)

Sep 23 08:13:20 durango postfix/smtpd\[26956\]: NOQUEUE: reject: RCPT from
ip67-153-103-44.z103-153-67.customer.algx.net\[67.153.103.44\]: 554 5.7.1
Service unavailable; Client host \[67.153.103.44\] blocked using bl.spamcop.net;
Blocked - see [http://www.spamcop.net/bl.shtml?67.153.103.44](http://www.spamcop.net/bl.shtml?67.153.103.44);
from=<i907@qop-re.com> to=<mark@foster.cc> proto=ESMTP
helo=<ip67-153-103-44.z103-153-67.customer.algx.net>

Layer 2

Configure Postfix to use amavisd as a content/virus filter (re-injection technique). This utilizes both SpamAssassin and ClamAV to determine if the message is "spammy" or has a virus, in which case it will be quarantined (into /var/lib/amavis/virusemails/) Postfix uses 127.0.0.1:10024 to forward e-mail internally to amavisd, which checks the content and routes back to postfix via 127.0.0.1:10025

Example rejection (from /var/log/mail.log)

Sep 23 08:11:19 durango amavis\[26713\]: (26713-05) Blocked SPAM, \[89.178.85.219\]
\[89.178.85.219\] <ghay@wcc.net> -> <mark@foster.cc>, quarantine: I/spam-IfTmYIbq993T.gz,
Message-ID: <01c91da9$90a23d80$db55b259@ghay>, mail\_id: IfTmYIbq993T, Hits: 31.469,
size: 4809, 4774 ms

To maximize effectiveness, it is possble to train spamassassin to differentiate between ham and spam using bayesian filters - see SpamAssassin. I do this with a script called salearn-root.sh which I run weekly via Crontab that aggregates users' mailboxes and feeds to sa-learn. However this should be done cautiously as this is a sytem-wide filter. Amavisd-new will not rewrite the message unless it is a rejection (quarantined) so there is less visibility here than might otherwise be desired. Alternatively, customized user filter can be done in 3rd-line.

Layer 3

Postfix is configured use procmail for local delivery. Procmail will do further processing and route or rewrite the message based on spam scores or other e-mail header data, for instance. This is optional, but if /home/user/.procmailrc contains the hook to spamassassin, further processing can be done.

Example procmail configuration $HOME/.procmailrc:

# SpamAssassin
:0fw
* < 256000
| spamassassin

# messages tagged as spam by spamassassin go into SpamTrap
:0:
* ^X-Spam-Flag: YES
$HOME/mail/Junk

Note that this also may require some tweaks to $HOME/.spamassassin/user_prefs, e.g.

Adjust how many points before a mail is considered spam.

required_score 3.5
score SUBJ_ILLEGAL_CHARS 1.0