Spam messages often seem to have a theme for the day. The same or very similar message over and over again. My spamd scripts used to run against messages I’d marked as spam overnight using a simple script invoked from cron. The downside was that multiple copies of very similar messages would sometimes slip through between nightly runs. This snippet shows how to use inotify to watch for messages you’ve moved to your junk mail folder (or which have been moved by a rule), and tell SpamAssassin to learn from them immediately.

This snippet requires that you’re using Maildir to store your mail - I don’t know how you would go about a similar thing using mbox or any other format which adds multiple messages to the same file.

#!/bin/bash

watchforspam() {
        logger watching for new spam in $1
        inotifywait -m "$1" -e create -e moved_to |
                while read path action file; do
                        sa-learn --spam "$1/$file"
                        #echo "'$file' appeared in '$path' via '$action'"
                done
}

watchforspam /var/junkmail/cur &
watchforspam /var/honeypot_address/cur &
watchforspam /var/honeypot_address/new &

Note that for the folder /var/junkmail, I only need to watch the ‘cur’ directory as the messages in there are moved manually using an email client. Whilst new messages are dropped into ‘new’, as soon as an IMAP client sees them, it must move them to ‘cur’, so all messages moved manually (at least by the IMAP clients I’ve tested) end up in ‘cur’ immediately.

With a folder into which you deliver messages that you never look at, such as my /var/honeypot-address above, messages will queue up in the ‘new’ folder.