Advanced Spam Filtering with Amavis and SpamAssassin: An sa-learn Tutorial

Managing spam effectively is a critical task for email administrators. Integrating SpamAssassin with Amavis provides a powerful toolset for identifying and filtering spam. This tutorial will guide you through the process of using sa-learn for training SpamAssassin’s Bayesian filter, including handling individual emails and folders, and interpreting the relevant logs in /var/log/mail.log.

Step 1: Switching to the Amavis User

To ensure that sa-learn interacts with the correct environment, switch to the amavis user. This can be done with the following command:

su - amavis --shell=/bin/bash

Step 2: Training SpamAssassin with sa-learn

SpamAssassin learns what constitutes spam or ham through the sa-learn command.

  • Training with Individual Emails: If you have specific email files (either spam or ham), you can train SpamAssassin using:
    sa-learn --spam /path/to/spam/email.eml
    sa-learn --ham /path/to/ham/email.eml
  • Training with Folders: To train on a collection of emails stored in a folder:
    sa-learn --spam /path/to/spam/folder/
    sa-learn --ham /path/to/ham/folder/

Step 3: Handling Pre-Processed Emails

If you are training SpamAssassin with emails that have already been processed and had their subject lines modified (e.g., with spam tags), ensure you remove these modifications before training. This step is crucial for maintaining the integrity and accuracy of the learning process.

Step 4: Correcting Training Mistakes

Mistakes in training can be rectified using sa-learn --forget. This command allows you to ‘unlearn’ data from the Bayesian database:

sa-learn --forget /path/to/misclassified/email.or.folder/

Step 5: Monitoring SpamAssassin’s Performance in Logs

To monitor SpamAssassin’s performance and see how emails are being processed and classified, you should regularly check the /var/log/mail.log file. This log provides insights into:

  • Autolearn Status: Check if SpamAssassin is automatically learning from incoming emails.
  • Spam Tagging: See how emails are being tagged as spam or ham.
  • Bayesian Filtering Effectiveness: Assess the effectiveness of the Bayesian filter in classifying emails.
🔎  How the Connectivity Cloud Revolutionizes IT and Security Integration

Look for entries related to Amavis and SpamAssassin to understand how emails are being processed. For instance, lines containing spamd or amavis will often include information about spam scoring, autolearn decisions, and other relevant actions.


By following these steps and regularly training SpamAssassin, you ensure a more effective spam filtering system. It’s important to remember that the learning process is ongoing; regularly adding new spam and ham samples keeps the system accurate. Regularly reviewing the mail logs also provides valuable feedback on the system’s performance and areas that may need adjustment. With diligent management, SpamAssassin and Amavis can significantly reduce unwanted emails, making your email ecosystem more secure and efficient.