Execute script/program for outbound mail

Question

I want to have SpamAssassin learn outgoing mails as ham so the recipients automatically get added to the whitelist. But I've got trouble setting that up.

Ideally, I just want to have Postfix pass the email to a script and continue processing normally.

I already came up with a solution with a content_filter, but it doesn't seem to work reliably: especially when I send to several people some mails don't get delivered. In the logs I can see that for some recipients the script is called, but even then only for some of those the email is actually sent.

So if possible I would like to avoid using content_filter. Is there are another way? If not, what may be wrong with my setup?

Here's what I got right now:

master.cf:

submission inet n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=spamassassin-outgoing

spamassassin-outgoing unix -     n       n       -       -       pipe
  flags=u user=spamd:spamd argv=/usr/local/bin/learnoutgoing.sh ${sasl_username} ${sender} ${recipient}

learnoutgoing.sh:

#!/bin/bash

if [ -z "$3" ] ; then
        echo "$0: <user> <sender> <recipient>"
        exit 1
fi

/usr/bin/logger Learn outgoing: ''"$1"'' ''"$2"'' ''"$3"''

# Save the stdin into a temporary file, we need to feed it into two
# different programs.
TMPFILE=`mktemp /tmp/outgoing.XXXXXXXXXX`
cat >$TMPFILE

# The user passed in $1 is in format 'user@domain' but we just want the user
USER=`sed 's/@.*//' <<<$1`
# Learn the mail as ham.
/usr/bin/spamc -u "$USER" --learntype ham <$TMPFILE &>/dev/null || true

# Send it.
/usr/sbin/sendmail -oi -f "$2" "$3" <$TMPFILE
# Save the return value of sendmail
RETCODE=$?

# Cleanup and exit
rm -f $TMPFILE
exit $RETCODE

Answer 1

I want to have SpamAssassin learn outgoing mails as ham so the recipients automatically get added to the whitelist

You may want to take into account the advice given on the sa mailing list about a similar setup:

It's possibly a good idea, but you want to be really careful of one thing: Make sure your users are savvy enough not to have their accounts phished. It'll take just one compromised account that blasts out a spam run to destroy the usefulness of your Bayes data.

Is there an issue with your inbound email that is motivating your question, or are you trying to 'think ahead' and solve a potential issue you are not yet seeing?

The suggestion (found at the link I provided above) to use a pipe with sa-learn --ham would, I think, work for your case - but do consider the issues this could introduce.

To expand a little on my answer based on your comments:

Part of your issue is down, I think, to your script - a similar script found on the Apache.org SpamAssassin wiki uses $@, rather than $1/$2/$3 - which sounds like it might go some way to explaining your symptoms. They instead use:

logger <<<"Spam filter piping to SpamAssassin, then to: $SENDMAIL $@"
${SPAMASSASSIN} | ${SENDMAIL} "$@"

Depending on your specific needs, Spamassassin flagged something as spam that is not spam. How do I tell it so? might be of some help: it suggests periodically having spamc or sa-learn run on user inboxes to learn.

However, I personally have a bit of a conceptual problem with the setup you seem to be describing: in essence, you seem to be saying you are creating a Spam folder for users, but are concerned they won't check it, so that you would like to whitelist all response emails.

I would have thought it might be easier in such a case to not have the Spam folder, and simply allow email flagged as potentially spammy go to users 'normally', but with spam-related flags (unless it is really bad, and then it should be quarantined).

That is pure opinion on my part, though: you presumably know and understand your users better than I can. I would just have thought that overall, users would know to check the spam folder for something really important.