SPAMC/SPAMD Protocol As Implemented by SpamAssassin
Requests and Responses
The structure of a request is similar to an HTTP request. [1] The method/verb,
protocol name and version are listed followed by headers separated by newline
characters (carriage return and linefeed or \r\n). Following the headers
is a blank line with a newline (\r\n). If there is a message body it will
be added after all headers.
The current requests are CHECK, HEADERS, PING, PROCESS, REPORT, REPORT_IFSPAM, SKIP, SYMBOLS, and TELL:
METHOD SPAMC/1.5\r\n
HEADER_NAME1: HEADER_VALUE1\r\n
HEADER_NAME2: HEADER_VALUE2\r\n
...
\r\n
REQUEST_BODY
The structure of responses are also similar to HTTP responses. The protocol name, version, status code, and message are listed on the first line. Any headers are also listed and all are separated by newline characters. Following the headers is a newline. If there is a message body it’s included after all headers:
SPAMD/1.5 STATUS_CODE MESSAGE\r\n
HEADER_NAME1: HEADER_VALUE1\r\n
HEADER_NAME2: HEADER_VALUE2\r\n
...
\r\n
RESPONSE_BODY
Note
The header name and value are separated by a : character. For built-in headers the name must not have any whitespace surrounding it. It will be parsed exactly as it’s represented.
The following are descriptions of the requests that can be sent and examples of the responses that you can expect to receive.
CHECK
Instruct SpamAssassin to process the included message.
Request
Required Headers
Optional Headers
Required body
An email based on the RFC 5322 standard.
Response
Will include a Spam header with a “True” or “False” value, followed by the score and threshold. Example:
SPAMD/1.1 0 EX_OK
Spam: True ; 1000.0 / 5.0
HEADERS
Process the included message and return only the modified headers.
Request
Required Headers
Optional Headers
Required Body
An email based on the RFC 5322 standard.
Response
Will return the modified headers of the message in the body. The Spam header is also included.
SPAMD/1.1 0 EX_OK
Spam: True ; 1000.0 / 5.0
Content-length: 654
Received: from localhost by debian
with SpamAssassin (version 3.4.0);
Tue, 10 Jan 2017 11:09:26 -0500
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Subject: Test spam mail (GTUBE)
Date: Wed, 23 Jul 2003 23:30:00 +0200
Message-Id: <GTUBE1.1010101@example.net>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on debian
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,NO_RECEIVED,
NO_RELAYS autolearn=no autolearn_force=no version=3.4.0
MIME-Version: 1.0Content-Type: multipart/mixed; boundary="----------=_58750736.8D9F70BC"
PING
Send a request to test if the server is alive.
Request
Required Headers
None.
Optional Headers
None.
Response
Example:
SPAMD/1.5 0 PONG
PROCESS
Instruct SpamAssassin to process the message and return the modified message.
Request
Required Headers
Optional Headers
Required Body
An email based on the RFC 5322 standard.
Response
Will return a modified message in the body. The Spam header is also included. Example:
SPAMD/1.1 0 EX_OK
Spam: True ; 1000.0 / 5.0
Content-length: 2948
Received: from localhost by debian
with SpamAssassin (version 3.4.0);
Tue, 10 Jan 2017 10:57:02 -0500
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Subject: Test spam mail (GTUBE)
Date: Wed, 23 Jul 2003 23:30:00 +0200
Message-Id: <GTUBE1.1010101@example.net>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on debian
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,NO_RECEIVED,
NO_RELAYS autolearn=no autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5875044E.D4EFFFD7"
This is a multi-part message in MIME format.
------------=_5875044E.D4EFFFD7
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "debian",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: This is the GTUBE, the Generic Test for Unsolicited Bulk Email
If your spam filter supports it, the GTUBE provides a test by which you can
verify that the filter is installed correctly and is detecting incoming spam.
You can send yourself a test mail containing the following string of characters
(in upper case and with no white spaces and line breaks): [...]
Content analysis details: (1000.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
-0.0 NO_RECEIVED Informational: message has no Received headers
------------=_5875044E.D4EFFFD7
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
------------=_5875044E.D4EFFFD7--
REPORT
Send a request to process a message and return a report.
Request
Required Headers
Optional Headers
Required body
An email based on the RFC 5322 standard.
Response
Response returns the Spam header and the body containing a report of the message scanned.
Example:
SPAMD/1.1 0 EX_OK
Content-length: 1071
Spam: True ; 1000.0 / 5.0
Spam detection software, running on the system "debian",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: This is the GTUBE, the Generic Test for Unsolicited Bulk Email
If your spam filter supports it, the GTUBE provides a test by which you can
verify that the filter is installed correctly and is detecting incoming spam.
You can send yourself a test mail containing the following string of characters
(in upper case and with no white spaces and line breaks): [...]
Content analysis details: (1000.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
-0.0 NO_RECEIVED Informational: message has no Received headers
REPORT_IFSPAM
Matches the REPORT request, with the exception a report will not be generated if the message is not spam.
SKIP
Sent when a connection is made in error. The SPAMD service will immediately close the connection.
Request
Required Headers
None.
Optional Headers
None.
SYMBOLS
Instruct SpamAssassin to process the message and return the rules that were matched.
Request
Required Headers
Optional Headers
Required body
An email based on the RFC 5322 standard.
Response
Response includes the Spam header. The body contains the SpamAssassin rules that were matched. Example:
SPAMD/1.1 0 EX_OK
Content-length: 27
Spam: True ; 1000.0 / 5.0
GTUBE,NO_RECEIVED,NO_RELAYS
TELL
Send a request to classify a message and add or remove it from a database. The message type is defined by the Message-class. The Remove and Set headers are used to choose the location (“local” or “remote”) to add or remove it. SpamAssassin will return an error if a request tries to apply a conflicting change (e.g. both setting and removing to the same location).
Note
The SpamAssassin daemon must have the --allow-tell option enabled to
support this feature.
Request
Required Headers
Optional Headers
Required Body
An email based on the RFC 5322 standard.
Response
If successful, the response will include the DidRemove and/or DidSet headers depending on the request.
Response from a request that sent a Remove:
SPAMD/1.1 0 EX_OK
DidRemove: local
Content-length: 2
Response from a request that sent a Set:
SPAMD/1.1 0 EX_OK
DidSet: local
Content-length: 2
Headers
Headers are structured very simply. They have a name and value which are separated by a colon (:). All headers are followed by a newline. The current headers include Compress, Content-length, DidRemove, DidSet, Message-class, Remove, Set, Spam, and User.
For example:
Content-length: 42\r\n
The following is a list of headers defined by SpamAssassin, although anything is allowable as a header. If an unrecognized header is included in the request or response it should be ignored.
Compress
Specifies that the body is compressed and what compression algorithm is used.
Contains a string of the compression algorithm.
Currently only zlib is supported.
Content-length
The length of the body in bytes. Contains an integer representing the body length.
DidRemove
Included in a response to a TELL request. Identifies which
databases a message was removed from.
Contains a string containing either local, remote or both seprated by a
comma.
DidSet
Included in a response to a TELL request. Identifies which
databases a message was set in.
Contains a string containing either local, remote or both seprated by a
comma.
Message-class
Classifies the message contained in the body.
Contains a string containing either local, remote or both seprated by a
comma.
Remove
Included in a TELL request to remove the message from the
specified database.
Contains a string containing either local, remote or both seprated by a
comma.
Set
Included in a TELL request to remove the message from the
specified database.
Contains a string containing either local, remote or both seprated by a
comma.
Spam
Identify whether the message submitted was spam or not including the score and
threshold.
Contains a string containing a boolean if the message is spam (either True,
False, Yes, or No), followed by a ;, a floating point number
representing the score, followed by a /, and finally a floating point
number representing the threshold of which to consider it spam.
For example:
Spam: True ; 1000.0 / 5.0
User
Specify which user the request will run under. SpamAssassin will use the configuration files for the user included in the header. Contains a string containing the name of the user.
Status Codes
A status code is an integer detailing whether the request was successful or if an error occurred.
The following status codes are defined in the SpamAssassin source repository [2].
EX_OK
Code: 0
Definition: No problems were found.
EX_USAGE
Code: 64
Definition: Command line usage error.
EX_DATAERR
Code: 65
Definition: Data format error.
EX_NOINPUT
Code: 66
Definition: Cannot open input.
EX_NOUSER
Code: 67
Definition: Addressee unknown.
EX_NOHOST
Code: 68
Definition: Hostname unknown.
EX_SOFTWARE
Code: 70
Definition: Internal software error.
EX_OSERR
Code: 71
Definition: System error (e.g. can’t fork the process).
EX_OSFILE
Code: 72
Definition: Critical operating system file missing.
EX_CANTCREAT
Code: 73
Definition: Can’t create (user) output file.
EX_IOERR
Code: 74
Definition: Input/output error.
EX_TEMPFAIL
Code: 75
Definition: Temporary failure, user is invited to retry.
EX_PROTOCOL
Code: 76
Definition: Remote error in protocol.
EX_NOPERM
Code: 77
Definition: Permission denied.
EX_CONFIG
Code: 78
Definition: Configuration error.
EX_TIMEOUT
Code: 79
Definition: Read timeout.
Body
SpamAssassin will generally want the body of a request to be in a supported RFC email format. The response body will differ depending on the type of request that was sent.