#
# Procmail snippet to hook into SpamAssassin
# Allows per-user hard discard opt-out
#
# Put into /etc/procmail/ with rw-r--r-- permissions
# Users opt in to SA processing by adding 
#     INCLUDERC=/etc/procmail/spamassassin.procmail
# to their local .procmailrc (logging will be incomplete),
# or enable for all users by adding that to /etc/procmailrc
#
# If you run the Email Sanitizer, run this first and
# don't try to tune SA to catch executable attachments.
#
# MUST BE CUSTOMIZED TO YOUR MTA CONFIGURATION!
#
# (C) 2006 John Hardin <jhardin@impsec.org>
# Master copy at http://www.impsec.org/~jhardin/antispam/spamassassin.procmail
# Licensed under the GPL v2 or later.
# Contact the author for commercial licensing.
#


NL="
"

# add any list-IDs for mailing lists that discuss spam, to avoid FPs
# allow abuse@ to receive evidence
# to opt-out of SA completely, have user "touch $HOME/Disable_SpamAssassin"
:0
* < 200000
* ! ^TO_abuse@
* ! ^List-Id: .*<?users[@.]spamassassin\.apache\.org>?
* ! ^List-Id: <devel-spam.lists.own-hero.net>
* ! ? test -f $HOME/Disable_SpamAssassin
{

	# modify the Received IPs to exclude any netblocks you trust
	# e.g. localhost, private network, etc.
	# and substitute your local MTA name!
	:0
	* ! ^Received: from .* \(.*\[(207\.14\.61\.(100|254)|127\.[0-9]+\.[0-9]+\.[0-9]+)\].*by [a-z]+\.impsec\.org
	{
		# allow only one SA process
		# If your server has enough oomph to run multiple children, remove the ":/var/spool/mail/spamc.lock"
		:0 fw :/var/spool/mail/spamc.lock
		| /usr/bin/spamc -f

		# send score 10+ to the Great Beyond
		# substitute your local MTA name!
		:0 a
		* ^X-Spam-Checker-Version: SpamAssassin .* on (ga|www)\.impsec\.org
		* ^X-Spam-Status: Yes, \/(hits|score)=(1[0-9]|[2-9][0-9]|[1-9][0-9][0-9]+)\.[0-9]
		{
			STAT="$MATCH"
			LOGMSG1="Discarding spammy message, ${STAT} ${NL}"
			LOGMSG2=""

			:0
			* ^Message-ID:.*\/<[^>]+>
			{
			  LOGMSG1="Discarding spammy message, ${STAT} ID=${MATCH} ${NL}"
			  LOGMSG2="`tail -100 /var/log/maillog | grep \"$MATCH\" | grep 'spamd: result: Y' | sed -e 's/^.*spamd:/SpamAssassin/' -e 's/,size=[0-9].*//'` ${NL}"
			}

			DROPPRIVS=YES
			LOG="${LOGMSG1}${LOGMSG2}"
			LOGABSTRACT=ALL

			# to opt-in to keeping all spam messages, have user "touch $HOME/Keep_All_Spams"
			:0
			* ? test -f $HOME/Keep_All_Spams
			{
				DUMMY=`test -d $HOME/mail || mkdir $HOME/mail`

				:0
				$HOME/mail/SpamAssassin-INBOX
			}

			:0
			/dev/null
		}

	}

}