We are providing a free email service to the public. We use separate servers for the MTA inbound and MTA outbound. The problem we are having relates to the outbound MTA.

Unfortunately we have problems stopping users creating SPAM accounts and then obviously spamming.

We have been able to stop the spammers (not %100) by using postifix header_checks to match patterns on known spam subjects or from addresses and then reject the messages which match. This is not the best option as it is a manual change. What I wish to do is match the spamassasin X-Spam headers to check if it is spam and then use the header_checks to reject these emails if they are tagged as SPAM.

The problem I'm having is that I although I can match From, To, Subject headers etc.. I am not able to match X-Spam headers with header_checks. It feels like the X-Spam headers are added after header_check has been parsed.

If anyone has ideas why the X-Spam headers are not being matched or any pointers to other ways outbound SPAM is captured (other than policyd) please let me know.