~2 min read • Updated Jan 27, 2026
1. What is SpamAssassin?
SpamAssassin is a rule‑based + score‑based spam detection system. It:
- Analyzes each email using a set of rules
- Assigns a score to each rule
- Final score determines whether the message is spam or clean
SpamAssassin does not reject or accept emails by itself. It only provides a score. The final decision is made by Amavis.
2. SpamAssassin’s Role in iRedMail Architecture
Internet ↓ Postfix ↓ Amavis ↓ SpamAssassin ← (Scoring) ↓ Dovecot / Mailbox
SpamAssassin is the detection engine, not the final filter.
3. How SpamAssassin Runs in iRedMail
In iRedMail, SpamAssassin is typically used in two ways:
- Embedded inside Amavis (recommended)
- As a standalone daemon (
spamd)
Check service status:
systemctl status spamassassin
4. Important SpamAssassin Paths
| Path | Description |
|---|---|
| /etc/mail/spamassassin/ | Main configuration directory |
| /etc/mail/spamassassin/local.cf | Custom configuration |
| /var/lib/spamassassin/ | Bayes database and cache |
| /var/log/maillog | Logs |
Only edit local.cf for custom settings.
5. How Scoring Works
Each rule has a score. Example:
| Rule | Score |
|---|---|
| SPF_FAIL | +2.0 |
| DKIM_FAIL | +1.5 |
| HTML_ONLY | +1.0 |
| BAYES_99 | +3.5 |
If total score ≥ 5 → Spam
6. Default Thresholds in iRedMail
Configured in Amavis:
$sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = 10.0;
- 5–10 → Spam (tagged)
- 10+ → Rejected
7. Important local.cf Settings
7.1 Enable Bayes
use_bayes 1 bayes_auto_learn 1
7.2 Language Optimization (important for Persian emails)
ok_languages en fa ok_locales en fa
7.3 Rewrite Subject for Spam
rewrite_header Subject [SPAM]
7.4 Whitelist Trusted Domains
whitelist_from *@example.com
8. Bayes Filtering (Machine Learning)
Bayes helps SpamAssassin learn what is spam and what is ham.
Train manually:
sa-learn --spam /path/to/spam sa-learn --ham /path/to/ham
Check Bayes status:
sa-learn --dump magic
9. DNS‑Based Checks
SpamAssassin uses:
- RBL (Realtime Blackhole Lists)
- SPF
- DKIM
- DMARC
A fast and reliable DNS server is essential.
10. Testing SpamAssassin
GTUBE Test (standard spam test)
Place this text inside an email:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
If it is not detected as spam, something is wrong.
11. Logs & Debugging
View logs:
tail -f /var/log/maillog | grep spam
Deep debugging:
spamassassin -D < test.eml
12. Security & Performance Tips
- Avoid installing too many extra rules
- Back up the Bayes database regularly
- Ensure Bayes expiration cron is active
- Do not run
spamdunless necessary
13. Common Issues
Too many false positives
- Language settings incorrect
- Threshold too low
High CPU usage
- Too many rules
- Standalone spamd without tuning
Conclusion
SpamAssassin is the intelligence engine behind spam detection in iRedMail. It scores messages, while Amavis makes the final decision. Proper configuration ensures a balance between strong spam protection and minimal false positives. Understanding rules, Bayes learning, thresholds, and logs allows administrators to build a precise and reliable anti‑spam system.
Written & researched by Dr. Shahin Siami