i have already install postfix, dovecot, Clamav, Spamassassin and amavisd-new on my centos 5.10. The tutorial is in here : http://catatanlepas.com/komputer/aplikasi/server-mail/postfix/359-instalasi-postfix-menggunakan-dovecot-di-centos-5-5

I just not install Razor, Pyzor, dan DCC on that tutorial.

Everything is work fine in /var/log/maillog, if there is a spam email n not come to inbox, but i want to move spam email to spam folder.

My Question is : 1. How to auto create spam folder on my webmail because it is just create inbox, draft and sent item only and there is no spam folder on my webmail. 2. How to move spam email to that spam folder per user (i create user on /var/vmail)

Please help me, i have search in google for a 5 days and i am stack on this :(

Thank you.

I - Set your email delivery to use Dovecot LDA:

The original website the OP linked is offline, however I believe the email delivery was happening over sendmail program, which it should be done over Dovecot LDA for what you need. (To avoid email origin header changes).

Edit Postfix's master.cf (at the beginning):

smtp      inet  n       -       -       -       -       smtpd -o content_filter=spamassassin

And at the end of the file:

spamassassin unix -     n   n   -   -   pipe
    flags=DROhu user=vmail:vmail argv=/usr/bin/spamc -f -e 
    /usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} 

Now edit Postfix's main.cf and add (optional, check (3) bellow):

spamassassin_destination_recipient_limit = 1

Now your email will be delivered via Dovecot LDA without header changes. For the curious ones, here are some details on my config:

1. This config can be used with plus-addressing / sub-addressing / recipient delimiters (emails addressed to [email protected] will be delivered into [email protected] inbox) - That's why I added -d ${user}@${nexthop} this will remove the + and everything until the domain. To enable this feature, also be sure to add recipient_delimiter = + into main.cf;
2. My flags flags=DROhu, they don't add anything abnormal but they can be understood here: http://www.postfix.org/pipe.8.html;
3. spamassassin_destination_recipient_limit = 1 is required to make sure that every recipient gets individually processed by spamassassin. This is required due due to the D flag above (Includes X-Original-To header). If you don't care about this header you can remove the flag and this isn't needed.

II - Move your SPAM to the Junk folder:

(With some help from @Electronic Technologies at https://mcmap.net/q/596241/-how-to-move-spam-to-spam-folder-closed)

You can also configure Dovecot to move email detected as SPAM to the Junk IMAP folder. Just follow this:

1. Edit /etc/dovecot/conf.d/15-mailboxes.conf and uncomment / add the Junk folder with (should be on the namespace inbox section near mailbox Trash):

   mailbox Junk {
      special_use = \Junk
   }
   

2. Install dovecot-sieve with apt-get install dovecot-sieve;

3. Edit /etc/dovecot/conf.d/90-sieve.conf and comment the line: #sieve = ~/.dovecot.sieve

4. Edit /etc/dovecot/conf.d/90-plugin.conf as:

   plugin {
       sieve = /etc/dovecot/sieve/default.sieve
   }
   

5. Edit /etc/dovecot/conf.d/15-lda.conf and /etc/dovecot/conf.d/20-lmtp.conf to match:

   protocol lda/lmtp { # do not copy/paste this line!
     mail_plugins = $mail_plugins sieve
   }
   

   WARNING: You might have another settings under the protocol selections, keep them. The line protocol lda/lmtp changes in the files, keep the original.

6. Create folder /etc/dovecot/sieve/

7. Create file /etc/dovecot/sieve/default.sieve with this content:

   require "fileinto";
   if header :contains "X-Spam-Flag" "YES" {
       fileinto "Junk";
   }
   

8. Change folder permissions to your virtual email user and group like: chown vmail:vmail /etc/dovecot/sieve/ -R. If you miss this dovecot will complain!

9. Restart everything: service postfix restart; service dovecot restart; service spamassassin restart

10. Try to send an email to some email on the server (from an external server), first a normal email and then another one with this subject: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X. The second email should to into the Junk folder and the first to your inbox.

If this doesn't work at your first try, look at the logs: tail -f /var/log/mail.log and send the email while tail is running. A good working setup should report stored mail into mailbox 'INBOX' or stored mail into mailbox 'Junk'.

for Dovecot 2.1+ modify /etc/dovecot/dovecot.conf:

namespace {
    type = private
    separator = .
    inbox = yes
  mailbox Trash {
    auto = subscribe # autocreate and autosubscribe
    special_use = \Trash
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
}

plugin {
    sieve = /home/spam/default.sieve
}

protocol lda {
            auth_socket_path = /var/run/dovecot/auth-master
            mail_plugins = $mail_plugins sieve
}

then /etc/postfix/master.cf - add

spamassassin unix -     n   n   -   -   pipe
  user=vmail argv=/usr/bin/spamc -f -e  /usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

(!!) user=vmail - change the user to the one that is set up for spamassassin

and add content filter to smtp

smtp  inet  n  - - - -  smtpd -o content_filter=spamassassin

in /etc/mail/spamassassin/local.cf

add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ version=_VERSION_
#rewrite_header Subject *****SPAM*****
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status

I will add X-Spam headers to the message that will be used for later sieve filtering Restart spamassassin, reload dovecot and postfix

Junk folder will be created automatically. All Junk mail will be locally delivered to mailbox Junk

I also add an example of sieve filter to move all marked as Spam messages (spamassassin configuration above) to Junk folder.

require "fileinto";
  if exists "X-Spam-Flag" {
          if header :contains "X-Spam-Flag" "NO" {
          } else {
          fileinto "Junk";
          stop;
          }
  }

Well, there are several ways, but this is what I've found to work. After you have postfix, dovecot, spamassassin, and (I recommend procmail) setup, you can tell procmail/spamassassin how to distrubute spam into various folders. With dovecot. I use the following 4 folders:

spam          (for known spam based on Bayes setting)
spam-learn    (for spam that slipped through, you move it here)
spam-probably (for spam ID'd as probably spam by Bayes setting)
spam-unlearn  (messages flagged as spam, that are NOT spam go here)

with the folders setup and postfix configured to filter mail through procmail with:

mailbox_command = /usr/bin/procmail -a "$EXTENSION"

you can now setup your procmailrc to put the spam in the correct place as it comes to your inbox. Your ~/.procmailrc should look something like this:

PATH=/usr/bin/vendor_perl:/usr/bin:/bin:/usr/local/bin:.
MAILDIR=$HOME/Mail/
LOGDIR=$HOME/log
#DEFAULT=$HOME/Mail/
LOGFILE=$LOGDIR/procmail.log
VERBOSE=ON
## with spamc
:0fw: spamc.lock
* < 256000
| spamc
#| /usr/bin/vendor_perl/spamc
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
spam
#Mail/spam

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
spam-probably
#Mail/spam-probably

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "

:0 fhw
| sed -e '1s/^/F/'
}

Now the final key to making it all work automatically is to use fetchmail to scan messages as they arrive in your inbox handing off to procmail to put the spam/spam probably in the right folders and to read the messages in the spam (to delete) and spam-unlearn (to learn as ham). A typical fetchmail script to do with is your ~/.fetchmailrc. It will simply contain commands to poll your mailbox:

poll mail.yourserver.com protocol IMAP : user yourname with password yourpass ssl \
sslfingerprint "D9:73:1A:FE:C6:7C:E7:9B:F1:31:F8:A1:A0:E1:F9:27"

(you can get your server fingerprint by simple running fetchmail --verbose against your .fetchmailrc file and it will print the server fingerprint, check your current one, tell you they don't match and close the connection -- but -- you just got the correct fingerprint for next time :-)

Lastly, set up a couple of cron jobs to run this whole thing by reading your spam-learn and spam-unlearn folders. Hourly is good enough. The script can look like this:

#!/bin/bash

## log file location and per-user name
LDIR=/home/admin/log
LFN="${LDIR}/${USER}.log"

## Retrieve and Process Spam & Ham from 'spam-learn' & 'spam-unlearn' folders
/usr/bin/fetchmail -a -s -n --folder spam-learn -m '/usr/bin/vendor_perl/sa-learn --spam' &>/dev/null
mss=$?
sleep 2
/usr/bin/fetchmail -a -s -n --folder spam-unlearn -m '/usr/bin/vendor_perl/sa-learn --ham' &>/dev/null
mhs=$?

## test and create log dir in noexist
[[ -d "$LDIR" ]] || mkdir -p "$LDIR"
if [[ -w "$LDIR" ]]; then

## check return from fetchmail and write log info
if [[ $(($mhs+$mss)) -le 2 ]]; then
    echo "$(date +'%b %e %R:%S') $HOSTNAME ${0##*/}: sa-learn completed successfully for user $USER" >>$LFN
else
    echo "$(date +'%b %e %R:%S') $HOSTNAME ${0##*/}: sa-learn FAILED for user $USER" >>$LFN
fi
fi

And the cron job simply execute the spamv.sh file above:

05 * * * * /usr/local/bin/spamv.sh

I have run servers like this for nearly a decade and it works well. The training files reside in the user's home dir and can be easily moved box-to-box to provide a good base set for new users. Good luck. I did a short howto on this setup years ago for openSuSE 11.0. There may be a little more info there as well.

P.S. Rayzor is worth loading.