Filter spam to a folder with procmail and qmail

Posted on Feb 25, 2009 in Mail | 33 comments

This post is inspired by Russ Whittmann and Europheus’ solutions , with these goals/improvements in mind:

  • Move spam marked by spamassassin into a special Spam folder in each account (flabergasted this isn’t standard on something like PLESK!)
  • Allow for quota, which is available on some PLESK servers (I previously thought it was available on all servers until recently) .
  • Make a solution with as minimal manual labour as possible outside the PLESK control panel, which relates most specifically to having to edit and create .qmail and .procmailrc files each time you change or add an email account.
  • Avoid having to have a special .procmailrc file for every user, one recipe for all!


The problem with Russ’ solution is that should you want to use procmail to filter spam and other emails into respective folders, replacing the .qmail file with just

| /usr/local/psa/bin/psa-spamc accept
| preline /usr/bin/procmail -m -o .procmailrc user

gets rid of quota restrictions, which is normally controlled by

| /usr/bin/deliverquota ./Maildir

this is far from ideal on a server with many email accounts.

A point to note
People that aren’t using psa-spamassassin (e.g. people using qmail-scanner) you don’t need that first line, “| /usr/local/psa/bin/psa-spamc accept” in your .qmail file, since qmail-scanner already already takes it though spamassassin.

Europheus has a (pretty good) stab at making administration of the tweaks to all email accounts on the server at once, but there are limitations to this too because it overrides all settings written by PLESK onto the .qmail file and assumes that everyone wants a mailbox on their account and nothing more. Some people may want have mail redirects, mailgroups etc. Between these two and some imagination, a solution much closer to my needs arose.

The solution is to pipe in the quota command within the .procmailrc recipe, and also pass variables into the procmail recipe so that all qmail files can reference one procmailrc file. Here’s what I did:

The .procmailrc file

There are a couple of ways of doing this. I’ve personally chosen not to include spam deletion after 30 days on here and add it as a shell script run from crontab every day, so you can seperate as much as possible from mail handling, and also avoid running a command EVERY time a spam message is received. I supply both options:

Click here to view/download the .procmailrc file which autodeletes spam within the recipe (the link sends you to a script with indented code)

Click here to view/download the .procmailrc file and Click here to view/download the .spam-purge file, which deletes spam from all accounts that is older than 30 days

Put these in your /var/qmail folder. You can change the location, but then remember to change the .qmail-repair script to reflect the location in the .qmail file.

Don’t know why but I kept getting an error from procmail in the qmail log about not being able to change directory to /var/qmail/popuser, so when I created a directory and made it owned by popuser, the problem went away…. anyone know where that would come from?

The .qmail-repair script

In order to make these changes play nice with PLESK, I created a script, loosely based on Europheus’ one so that it will “repair” .qmail files rewritten by PLESK. Basically, all it does is replace the line in .qmail which runs it through deliverquota and runs it through the server-wide .procmailrc file. Each .qmail file is given a slightly tailored line so arguments containing the user and domain are passed to the .procmail file.

There is mention in some places that PLESK completely replaces the content of the .qmail file. This is not the case from at least PLESK 8.6 (tested) and possibly lower (not tested), where it just removes the line in question, such as redirects.

There is one limitation to this script. If you disable the mailbox of a user in PLESK, this won’t disable it in the .qmail file since PLESK looks for the line it added, which it doesn’t find since it got modified by this script. This means mail will still be delivered into the mailbox, although the user won’t be able to connect anymore via POP or IMAP. If you want to disable a mailbox be sure to also remove the line pointing to the procmail recipe, and when enabling the mailbox you shouldn’t have any problems by doing it within PLESK.

Click here to view/download the .qmail-repair script.

Put this in your /var/qmail folder as well. Again, the location is a suggestion, I like to keep all these qmail manipulation files in one place

Finally, instead of a crontab entry, you can add this to PLESK’s even manager so it only runs when a mail account is changed, therefore requiring the .qmail file to be repaired. You can do this by going to Server > Event Manager and having it run the script on these conditions : Mail account created & Mail account updated. (Updated – thanks atomicturtle from