How to Fix Missing X-Spam-Status Headers in AMaViS/Postfix/Dovecot Mail Server Setup


2 views

After configuring AMaViS with Postfix and Dovecot on Debian, while spam filtering works (subject rewriting occurs), critical SpamAssassin headers like X-Spam-Status and X-Spam-Score are missing from processed emails. This prevents proper spam score visualization and client-side filtering.

The key settings in /etc/amavis/conf.d/50-user show proper tagging thresholds:

$sa_tag_level_deflt = -9999; # Always add info headers
$sa_tag2_level_deflt = 6.31; # Add spam detection headers
$sa_spam_subject_tag = '*** SPAM *** ';
$final_spam_destiny = D_PASS;

Yet the headers aren't appearing. This suggests either:

  • SpamAssassin isn't properly integrated
  • Header filtering is occurring elsewhere
  • AMaViS isn't processing the full message pipeline

First verify AMaViS is actually processing messages by checking logs:

grep -i 'amavis' /var/log/mail.log
tail -f /var/log/amavis.log

Look for lines containing Passed SPAM or similar indicators.

Add these to your 50-user configuration file:

$enable_dkim_verification = 0; # Temporarily disable for testing
$log_level = 2; # Increased verbosity
$sa_debug = 1; # Enable SpamAssassin debugging
@bypass_spam_checks_maps = (); # Ensure no spam checks are skipped

Create a test configuration file /etc/amavis/conf.d/15-header-tests:

# Force header injection for testing
@local_domains_maps = (1); 
$policy_bank{'MYNETS'} = { 
    bypass_spam_checks => 0,
    spam_admin_maps => ['admin@example.com'],
    warnbadhsender => 1,
    warnspamsender => 1,
};

Verify your /etc/postfix/main.cf contains proper content filter settings:

content_filter = smtp-amavis:[127.0.0.1]:10024

And in master.cf:

smtp-amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=

After making changes, test with GTUBE:

sendmail recipient@domain.com < /usr/share/doc/spamassassin/examples/sample-spam.txt

The processed message should now show full headers including:

  • X-Spam-Flag: YES
  • X-Spam-Score: 1000.0
  • X-Spam-Status: Yes, score=1000.0 required=5.0 [...]
  • Check $final_spam_destiny isn't set to D_DISCARD
  • Verify SpamAssassin is running: ps aux | grep spamd
  • Ensure no firewall rules block 10024/10025
  • Check SELinux/AppArmor permissions if enabled

After setting up a mail server with Dovecot, Postfix and AMaViS on Debian following the popular ISPmail tutorial, I noticed an important discrepancy: while spam filtering was working (evidenced by subject modifications), key spam-related headers weren't being added to messages.

The missing headers are particularly crucial for mail filtering and logging:

- X-Spam-Flag
- X-Spam-Score  
- X-Spam-Level
- X-Spam-Status

My /etc/amavis/conf.d/50-user contained standard settings:

$sa_spam_subject_tag = '*** SPAM *** ';
$final_spam_destiny = D_PASS;

$sa_tag_level_deflt = -9999;
$sa_tag2_level_deflt = 6.31;

Theoretically, these settings should enable spam headers at all levels (due to -9999 threshold). The MySQL integration was working properly as evidenced by successful mail delivery.

After extensive testing, I discovered two critical issues:

  1. The $sa_tag_level_deflt was actually being overridden elsewhere
  2. AMaViS wasn't properly processing the spam score through all header injection stages

Here's the corrected configuration that worked:

use strict;

$sa_spam_subject_tag = '*** SPAM *** ';
$final_spam_destiny = D_PASS;

# Force header injection regardless of score
$sa_tag_level_deflt = -100;
$sa_tag2_level_deflt = 4.0; # Medium threshold for spam detection

# Explicitly enable all spam report headers
$sa_auto_learn = 1;
$sa_auto_learn_threshold_nonspam = -1;
$sa_auto_learn_threshold_spam = 6;

@lookup_sql_dsn = ([
    'DBI:mysql:database=mailserver;host=127.0.0.1;port=3306',
    'mailuser',
    'password'
]);

# Additional debug logging
$log_level = 2;
$enable_db = 1;

After making these changes:

  1. Restart AMaViS: service amavis restart
  2. Send test spam using GTUBE: sendmail test@domain.com < /usr/share/doc/spamassassin/examples/sample-spam.txt
  3. Check received email headers for X-Spam-Status

A successful test will show headers like:

X-Spam-Flag: YES
X-Spam-Score: 1000.6
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.6 required=5.0 tests=GTUBE,NO_REAL_NAME,
    autolearn=no version=3.4.2

If headers still don't appear:

# Check AMaViS logs
tail -f /var/log/amavis/amavis.log

# Verify SpamAssassin is actually processing messages
grep 'spamd: identified spam' /var/log/mail.log

# Test spamassassin directly
spamassassin -D < /usr/share/doc/spamassassin/examples/sample-spam.txt

Adding these headers does create additional processing overhead. For high-volume mail servers, consider:

# Process only suspicious messages
$sa_mail_body_size_limit = 256000;
$sa_timeout = 60;

# Enable caching
$enable_dkim_verification = 1;
$enable_ldap = 0;