Rspamd learn ham/spam

In our setup we have two mail MX servers that do spam filtering, running rspamd, and relay mail to RT server.

I recently created my first custom action, to move messages to ‘Junk’ queue if the X-Spam-Flag header exists in message and is set to ‘Yes’.

Now I want to extend the spam handling capabilities so that if tickets are moved to the ‘Junk’ queue, it gets sent as learn_spam to rspamd (and learn_ham if a ticket as moved out of ‘Junk’).
This is similiar to what we do on our IMAP server with sieve scripts.

To achieve this I need to call rspamc with either path to email message or pipe it to stdin. If I create a custom action with condition ‘On Queue Change’ can I access the file path to the mail message? If not, any tips on using qx{ } to call rspamc and pipe in the message?

Once the mail message is in RT, it usually* exists in the RT database, rather than a file, so there isn’t a filesystem path you can provide to this tool.

However if you can feed the email into rspamd via stdin, you might be able to reconstruct the original email from RT’s transactions. You’ll need to have your RT custom action get the transactions associated with the Ticket and then look for transactions that are of type “Create”, as those transactions should have associated attachments table entry(s) that contain what was in the original email message. This should all be possible using the normal Perl RT objects in your scrip - I don’t think you’d need any funky handcrafted database calls.

Note*: I say usually, because some sites put the attachments into the filesystem rather than the database. You’d still need to look at the RT tickets and transactions to find them though I think.