spam: use Sieve for rewriting subject with Rspamd & SA/Amavis (#3820)

2025-08-04 18:15:29 +02:00 · 2024-01-29 13:38:01 +01:00 · 2024-01-29 13:38:01 +01:00 · afb0093939
commit afb0093939
parent 3b11a8305e
16 changed files with 262 additions and 179 deletions
--- a/test/tests/parallel/set1/spam_virus/amavis.bats
+++ b/test/tests/parallel/set1/spam_virus/amavis.bats
@ -2,8 +2,9 @@ load "${REPOSITORY_ROOT}/test/helper/common"
 load "${REPOSITORY_ROOT}/test/helper/setup"

 BATS_TEST_NAME_PREFIX='[Amavis + SA] '
-CONTAINER1_NAME='dms-test_amavis_enabled'
-CONTAINER2_NAME='dms-test_amavis_disabled'
+CONTAINER1_NAME='dms-test_amavis-enabled-default'
+CONTAINER2_NAME='dms-test_amavis-enabled-custom'
+CONTAINER3_NAME='dms-test_amavis-disabled'

 function setup_file() {
  export CONTAINER_NAME
@ -12,13 +13,25 @@ function setup_file() {
  _init_with_defaults
  local CUSTOM_SETUP_ARGUMENTS=(
    --env ENABLE_AMAVIS=1
-    --env AMAVIS_LOGLEVEL=2
    --env ENABLE_SPAMASSASSIN=1
  )
  _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'

  CONTAINER_NAME=${CONTAINER2_NAME}
  _init_with_defaults
+  local CUSTOM_SETUP_ARGUMENTS=(
+    --env ENABLE_AMAVIS=1
+    --env AMAVIS_LOGLEVEL=2
+    --env ENABLE_SPAMASSASSIN=1
+    --env SA_TAG=-5.0
+    --env SA_TAG2=2.0
+    --env SA_KILL=3.0
+    --env SPAM_SUBJECT='***SPAM*** '
+  )
+  _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
+
+  CONTAINER_NAME=${CONTAINER3_NAME}
+  _init_with_defaults
  local CUSTOM_SETUP_ARGUMENTS=(
    --env ENABLE_AMAVIS=0
    --env ENABLE_SPAMASSASSIN=0
@ -27,11 +40,37 @@ function setup_file() {
 }

 function teardown_file() {
-  docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}"
+  docker rm -f "${CONTAINER1_NAME}" "${CONTAINER2_NAME}" "${CONTAINER3_NAME}"
 }

-@test '(Amavis enabled) configuration should be correct' {
+@test '(Amavis enabled - defaults) default Amavis config is correct' {
  export CONTAINER_NAME=${CONTAINER1_NAME}
+  local AMAVIS_DEFAULTS_FILE='/etc/amavis/conf.d/20-debian_defaults'
+
+  _run_in_container grep 'sa_tag_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
+  assert_success
+  assert_output --partial 'sa_tag_level_deflt = 2.0;'
+
+  _run_in_container grep 'sa_tag2_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
+  assert_success
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_tag2_level_deflt = 6.31;'
+
+  _run_in_container grep 'sa_kill_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
+  assert_success
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_kill_level_deflt = 10.0;'
+
+  # This feature is handled by our SPAM_SUBJECT ENV through a sieve script instead.
+  # Thus the feature here should always be disabled via the 'undef' value.
+  _run_in_container grep 'sa_spam_subject_tag' "${AMAVIS_DEFAULTS_FILE}"
+  assert_success
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_spam_subject_tag = undef;'
+}
+
+@test '(Amavis enabled - custom) configuration should be correct' {
+  export CONTAINER_NAME=${CONTAINER2_NAME}

  _run_in_container postconf -h content_filter
  assert_success
@ -41,47 +80,47 @@ function teardown_file() {
  _run_in_container grep -F '127.0.0.1:10025' /etc/postfix/master.cf
  assert_success

-  _run_in_container_bash '[[ -f /etc/cron.d/amavisd-new.disabled ]]'
-  assert_failure
-  _run_in_container_bash '[[ -f /etc/cron.d/amavisd-new ]]'
-  assert_success
+  _file_does_not_exist_in_container /etc/cron.d/amavisd-new.disabled
+  _file_exists_in_container /etc/cron.d/amavisd-new
 }

-@test '(Amavis enabled) SA integration should be active' {
-  export CONTAINER_NAME=${CONTAINER1_NAME}
+@test '(Amavis enabled - custom) SA integration should be active' {
+  export CONTAINER_NAME=${CONTAINER2_NAME}

  # give Amavis just a bit of time to print out its full debug log
  run _repeat_in_container_until_success_or_timeout 20 "${CONTAINER_NAME}" grep 'SpamControl: init_pre_fork on SpamAssassin done' /var/log/mail/mail.log
  assert_success
 }

-@test '(Amavis enabled) SA ENV should update Amavis config' {
-  export CONTAINER_NAME=${CONTAINER1_NAME}
-
+@test '(Amavis enabled - custom) ENV should update Amavis config' {
+  export CONTAINER_NAME=${CONTAINER2_NAME}
  local AMAVIS_DEFAULTS_FILE='/etc/amavis/conf.d/20-debian_defaults'
-  # shellcheck disable=SC2016
-  _run_in_container grep '\$sa_tag_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
-  assert_success
-  assert_output --partial '= 2.0'

-  # shellcheck disable=SC2016
-  _run_in_container grep '\$sa_tag2_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
+  _run_in_container grep 'sa_tag_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
  assert_success
-  assert_output --partial '= 6.31'
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_tag_level_deflt = -5.0;'

-  # shellcheck disable=SC2016
-  _run_in_container grep '\$sa_kill_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
+  _run_in_container grep 'sa_tag2_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
  assert_success
-  assert_output --partial '= 10.0'
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_tag2_level_deflt = 2.0;'

-  # shellcheck disable=SC2016
-  _run_in_container grep '\$sa_spam_subject_tag' "${AMAVIS_DEFAULTS_FILE}"
+  _run_in_container grep 'sa_kill_level_deflt' "${AMAVIS_DEFAULTS_FILE}"
  assert_success
-  assert_output --partial "= '***SPAM*** ';"
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_kill_level_deflt = 3.0;'
+
+  # This feature is handled by our SPAM_SUBJECT ENV through a sieve script instead.
+  # Thus the feature here should always be disabled via the 'undef' value.
+  _run_in_container grep 'sa_spam_subject_tag' "${AMAVIS_DEFAULTS_FILE}"
+  assert_success
+  # shellcheck disable=SC2016
+  assert_output --partial '$sa_spam_subject_tag = undef;'
 }

@test '(Amavis disabled) configuration should be correct' {
-  export CONTAINER_NAME=${CONTAINER2_NAME}
+  export CONTAINER_NAME=${CONTAINER3_NAME}

  _run_in_container postconf -h content_filter
  assert_success
@ -91,8 +130,6 @@ function teardown_file() {
  _run_in_container grep -F '127.0.0.1:10025' /etc/postfix/master.cf
  assert_failure

-  _run_in_container_bash '[[ -f /etc/cron.d/amavisd-new.disabled ]]'
-  assert_success
-  _run_in_container_bash '[[ -f /etc/cron.d/amavisd-new ]]'
-  assert_failure
+  _file_exists_in_container /etc/cron.d/amavisd-new.disabled
+  _file_does_not_exist_in_container /etc/cron.d/amavisd-new
 }
--- a/test/tests/parallel/set1/spam_virus/rspamd_dkim.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd_dkim.bats
@ -62,8 +62,7 @@ function teardown_file() { _default_teardown ; }
  assert_output --partial "Supplying a default configuration (to '${SIGNING_CONF_FILE}')"
  refute_output --partial "'${SIGNING_CONF_FILE}' exists, not supplying a default"
  assert_output --partial "Finished DKIM key creation"
-  _run_in_container_bash "[[ -f ${SIGNING_CONF_FILE} ]]"
-  assert_success
+  _file_exists_in_container "${SIGNING_CONF_FILE}"
  _exec_in_container_bash "echo 'blabla' >${SIGNING_CONF_FILE}"
  local INITIAL_SHA512_SUM=$(_exec_in_container sha512sum "${SIGNING_CONF_FILE}")

@ -87,8 +86,7 @@ function teardown_file() { _default_teardown ; }
  assert_success

  _count_files_in_directory_in_container /tmp/docker-mailserver/rspamd/dkim/ 3
-  _run_in_container_bash "[[ -f ${SIGNING_CONF_FILE} ]]"
-  assert_success
+  _file_exists_in_container "${SIGNING_CONF_FILE}"

  __check_path_in_signing_config "/tmp/docker-mailserver/rspamd/dkim/rsa-2048-mail-${DOMAIN_NAME}.private.txt"
  __check_selector_in_signing_config 'mail'
@ -241,8 +239,7 @@ function __check_rsa_keys() {
 function __check_key_files_are_present() {
  local BASE_FILE_NAME="${1:?Base file name must be supplied to __check_key_files_are_present}"
  for FILE in ${BASE_FILE_NAME}.{public.txt,public.dns.txt,private.txt}; do
-    _run_in_container_bash "[[ -f ${FILE} ]]"
-    assert_success
+    _file_exists_in_container "${FILE}"
  done
 }

--- a/test/tests/parallel/set1/spam_virus/rspamd_full.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd_full.bats
@ -29,6 +29,7 @@ function setup_file() {
    --env RSPAMD_GREYLISTING=1
    --env RSPAMD_HFILTER=1
    --env RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=7
+    --env SPAM_SUBJECT='[POTENTIAL SPAM] '
  )

  cp -r "${TEST_TMP_CONFIG}"/rspamd_full/* "${TEST_TMP_CONFIG}/"
@ -43,7 +44,7 @@ function setup_file() {
  _wait_for_service postfix
  _wait_for_smtp_port_in_container

-  # We will send 4 emails:
+  # We will send 5 emails:
  #   1. The first one should pass just fine
  _send_email_with_msgid 'rspamd-test-email-pass'
  #   2. The second one should be rejected (Rspamd-specific GTUBE pattern for rejection)
@ -56,6 +57,9 @@ function setup_file() {
  #      ref: https://rspamd.com/doc/gtube_patterns.html
  _send_email_with_msgid 'rspamd-test-email-header' \
    --body "YJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"
+  #   5. The fifth one will have its subject rewritten, but now spam header is applied.
+  _send_email_with_msgid 'rspamd-test-email-rewrite_subject' \
+    --body "ZJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"

  _run_in_container cat /var/log/mail.log
  assert_success
@ -73,11 +77,18 @@ function teardown_file() { _default_teardown ; }
  assert_output 'rspamd_milter = inet:localhost:11332'
 }

+@test 'Rspamd base configuration is correct' {
+  _run_in_container rspamadm configdump actions
+  assert_success
+  assert_line 'greylist = 4;'
+  assert_line 'reject = 11;'
+  assert_line 'add_header = 6;'
+  refute_line --regexp 'rewrite_subject = [0-9]+;'
+}
+
@test "contents of '/etc/rspamd/override.d/' are copied" {
  local OVERRIDE_D='/etc/rspamd/override.d'
-
-  _run_in_container_bash "[[ -f ${OVERRIDE_D}/testmodule_complicated.conf ]]"
-  assert_success
+  _file_exists_in_container "${OVERRIDE_D}/testmodule_complicated.conf"
 }

@test 'startup log shows all features as properly enabled' {
@ -89,6 +100,7 @@ function teardown_file() { _default_teardown ; }
  assert_line --partial 'Enabling greylisting'
  assert_line --partial 'Hfilter (group) module is enabled'
  assert_line --partial "Adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module to"
+  assert_line --partial "Spam subject is set - the prefix '[POTENTIAL SPAM] ' will be added to spam e-mails"
  assert_line --partial "Found file '/tmp/docker-mailserver/rspamd/custom-commands.conf' - parsing and applying it"
 }

@ -114,7 +126,7 @@ function teardown_file() { _default_teardown ; }
  _print_mail_log_for_msgid 'rspamd-test-email-pass'
  assert_output --partial "stored mail into mailbox 'INBOX'"

-  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 1
+  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 2
 }

@test 'detects and rejects spam' {
@ -129,7 +141,7 @@ function teardown_file() { _default_teardown ; }
  refute_output --partial "stored mail into mailbox 'INBOX'"
  assert_failure

-  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 1
+  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 2
 }

@test 'detects and rejects virus' {
@ -144,14 +156,13 @@ function teardown_file() { _default_teardown ; }
  refute_output --partial "stored mail into mailbox 'INBOX'"
  assert_failure

-  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 1
+  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 2
 }

@test 'custom commands work correctly' {
  # check `testmodule1` which should be disabled
  local MODULE_PATH='/etc/rspamd/override.d/testmodule1.conf'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F '# documentation: https://rspamd.com/doc/modules/testmodule1.html' "${MODULE_PATH}"
  assert_success
  _run_in_container grep -F 'enabled = false;' "${MODULE_PATH}"
@ -161,8 +172,7 @@ function teardown_file() { _default_teardown ; }

  # check `testmodule2` which should be enabled and it should have extra options set
  MODULE_PATH='/etc/rspamd/override.d/testmodule2.conf'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F '# documentation: https://rspamd.com/doc/modules/testmodule2.html' "${MODULE_PATH}"
  assert_success
  _run_in_container grep -F 'enabled = true;' "${MODULE_PATH}"
@ -181,8 +191,7 @@ function teardown_file() { _default_teardown ; }

  # check whether adding a single line writes the line properly in `testmodule4.something`
  MODULE_PATH='/etc/rspamd/override.d/testmodule4.something'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  # shellcheck disable=SC2016
  _run_in_container grep -F 'some very long line with "weird $charact"ers' "${MODULE_PATH}"
  assert_success
@ -193,37 +202,31 @@ function teardown_file() { _default_teardown ; }

  # check whether spaces in front of options are handles properly in `testmodule_complicated`
  MODULE_PATH='/etc/rspamd/override.d/testmodule_complicated.conf'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F '    anOption = anotherValue;' "${MODULE_PATH}"

  # check whether controller option was written properly
  MODULE_PATH='/etc/rspamd/override.d/worker-controller.inc'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F 'someOption = someValue42;' "${MODULE_PATH}"
  assert_success

  # check whether controller option was written properly
  MODULE_PATH='/etc/rspamd/override.d/worker-proxy.inc'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F 'abcdefg71 = RAAAANdooM;' "${MODULE_PATH}"
  assert_success

  # check whether basic options are written properly
  MODULE_PATH='/etc/rspamd/override.d/options.inc'
-  _run_in_container_bash "[[ -f ${MODULE_PATH} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_PATH}"
  _run_in_container grep -F 'OhMy = "PraiseBeLinters !";' "${MODULE_PATH}"
  assert_success
 }

@test 'MOVE_SPAM_TO_JUNK works for Rspamd' {
-  _run_in_container_bash '[[ -f /usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve ]]'
-  assert_success
-  _run_in_container_bash '[[ -f /usr/lib/dovecot/sieve-global/after/spam_to_junk.svbin ]]'
-  assert_success
+  _file_exists_in_container /usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve
+  _file_exists_in_container /usr/lib/dovecot/sieve-global/after/spam_to_junk.svbin

  _service_log_should_contain_string 'rspamd' 'S (add header)'
  _service_log_should_contain_string 'rspamd' 'add header "Gtube pattern"'
@ -231,14 +234,38 @@ function teardown_file() { _default_teardown ; }
  _print_mail_log_for_msgid 'rspamd-test-email-header'
  assert_output --partial "fileinto action: stored mail into mailbox 'Junk'"

-  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 1
+  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/new/ 2
  _count_files_in_directory_in_container /var/mail/localhost.localdomain/user1/.Junk/new/ 1
 }

+@test 'Rewriting subject works when enforcing it via GTUBE' {
+  _service_log_should_contain_string 'rspamd' 'S (rewrite subject)'
+  _service_log_should_contain_string 'rspamd' 'rewrite subject "Gtube pattern"'
+
+  _print_mail_log_for_msgid 'rspamd-test-email-rewrite_subject'
+  assert_output --partial "stored mail into mailbox 'INBOX'"
+
+  # check that the inbox contains the subject-rewritten e-mail
+  _run_in_container_bash "grep --fixed-strings 'Subject: *** SPAM ***' /var/mail/localhost.localdomain/user1/new/*"
+  assert_success
+
+  # check that the inbox contains the normal e-mail (that passes just fine)
+  _run_in_container_bash "grep --fixed-strings 'Subject: test' /var/mail/localhost.localdomain/user1/new/*"
+  assert_success
+}
+
+@test 'SPAM_SUBJECT works' {
+  _file_exists_in_container /usr/lib/dovecot/sieve-global/before/spam_subject.sieve
+  _file_exists_in_container /usr/lib/dovecot/sieve-global/before/spam_subject.svbin
+
+  # we only have one e-mail in the junk folder, hence using '*' is fine
+  _run_in_container_bash "grep --fixed-strings 'Subject: [POTENTIAL SPAM]' /var/mail/localhost.localdomain/user1/.Junk/new/*"
+  assert_success
+}
+
@test 'RSPAMD_LEARN works' {
  for FILE in learn-{ham,spam}.{sieve,svbin}; do
-    _run_in_container_bash "[[ -f /usr/lib/dovecot/sieve-pipe/${FILE} ]]"
-    assert_success
+    _file_exists_in_container "/usr/lib/dovecot/sieve-pipe/${FILE}"
  done

  _run_in_container grep 'mail_plugins.*imap_sieve' /etc/dovecot/conf.d/20-imap.conf
@ -305,8 +332,7 @@ function teardown_file() { _default_teardown ; }

@test 'hfilter group module is configured correctly' {
  local MODULE_FILE='/etc/rspamd/local.d/hfilter_group.conf'
-  _run_in_container_bash "[[ -f ${MODULE_FILE} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_FILE}"

  _run_in_container grep '__TAG__HFILTER_HOSTNAME_UNKNOWN' "${MODULE_FILE}"
  assert_success
@ -315,8 +341,7 @@ function teardown_file() { _default_teardown ; }

@test 'checks on authenticated users are disabled' {
  local MODULE_FILE='/etc/rspamd/local.d/settings.conf'
-  _run_in_container_bash "[[ -f ${MODULE_FILE} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_FILE}"

  _run_in_container grep -E -A 6 'authenticated \{' "${MODULE_FILE}"
  assert_success
--- a/test/tests/parallel/set1/spam_virus/rspamd_partly.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd_partly.bats
@ -55,6 +55,7 @@ function teardown_file() { _default_teardown ; }
  assert_line --partial 'Intelligent learning of spam and ham is disabled'
  assert_line --partial 'Greylisting is disabled'
  assert_line --partial 'Disabling Hfilter (group) module'
+  assert_line --partial 'Spam subject is not set'
 }

@test 'antivirus maximum size was not adjusted unnecessarily' {
@ -64,8 +65,7 @@ function teardown_file() { _default_teardown ; }

@test 'learning is properly disabled' {
  for FILE in learn-{ham,spam}.{sieve,svbin}; do
-    _run_in_container_bash "[[ -f /usr/lib/dovecot/sieve-pipe/${FILE} ]]"
-    assert_failure
+    _file_does_not_exist_in_container "/usr/lib/dovecot/sieve-pipe/${FILE}"
  done

  _run_in_container grep 'mail_plugins.*imap_sieve' /etc/dovecot/conf.d/20-imap.conf
@ -83,14 +83,13 @@ function teardown_file() { _default_teardown ; }
 }

@test 'hfilter group module configuration is deleted' {
-  _run_in_container_bash '[[ -f /etc/rspamd/local.d/hfilter_group.conf ]]'
+  _file_does_not_exist_in_container /etc/rspamd/local.d/hfilter_group.conf
  assert_failure
 }

@test 'checks on authenticated users are enabled' {
  local MODULE_FILE='/etc/rspamd/local.d/settings.conf'
-  _run_in_container_bash "[[ -f ${MODULE_FILE} ]]"
-  assert_success
+  _file_exists_in_container "${MODULE_FILE}"

  _run_in_container grep -E 'authenticated \{' "${MODULE_FILE}"
  assert_failure
--- a/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
+++ b/test/tests/parallel/set1/spam_virus/spam_junk_folder.bats
@ -34,7 +34,7 @@ function teardown() { _default_teardown ; }
  local CUSTOM_SETUP_ARGUMENTS=(
    --env ENABLE_AMAVIS=1
    --env ENABLE_SPAMASSASSIN=1
-    --env SA_SPAM_SUBJECT="SPAM: "
+    --env SPAM_SUBJECT="SPAM: "
    --env SPAMASSASSIN_SPAM_TO_INBOX=1
    --env MOVE_SPAM_TO_JUNK=0
    --env PERMIT_DOCKER=container
@ -55,7 +55,7 @@ function teardown() { _default_teardown ; }
  local CUSTOM_SETUP_ARGUMENTS=(
    --env ENABLE_AMAVIS=1
    --env ENABLE_SPAMASSASSIN=1
-    --env SA_SPAM_SUBJECT="SPAM: "
+    --env SPAM_SUBJECT="SPAM: "
    --env SPAMASSASSIN_SPAM_TO_INBOX=1
    --env MOVE_SPAM_TO_JUNK=1
    --env PERMIT_DOCKER=container
@ -77,7 +77,7 @@ function teardown() { _default_teardown ; }
  local CUSTOM_SETUP_ARGUMENTS=(
    --env ENABLE_AMAVIS=1
    --env ENABLE_SPAMASSASSIN=1
-    --env SA_SPAM_SUBJECT="SPAM: "
+    --env SPAM_SUBJECT="SPAM: "
    --env SPAMASSASSIN_SPAM_TO_INBOX=1
    --env MARK_SPAM_AS_READ=1
    --env PERMIT_DOCKER=container
--- a/test/tests/parallel/set1/spam_virus/undef_spam_subject.bats
+++ b/test/tests/parallel/set1/spam_virus/undef_spam_subject.bats
@ -1,61 +0,0 @@
-load "${REPOSITORY_ROOT}/test/helper/setup"
-load "${REPOSITORY_ROOT}/test/helper/common"
-
-BATS_TEST_NAME_PREFIX='[Spam] (undefined subject) '
-
-CONTAINER1_NAME='dms-test_spam-undef-subject_1'
-CONTAINER2_NAME='dms-test_spam-undef-subject_2'
-CONTAINER_NAME=${CONTAINER2_NAME}
-
-function teardown() { _default_teardown ; }
-
-@test "'SA_SPAM_SUBJECT=undef' should update Amavis config" {
-  export CONTAINER_NAME=${CONTAINER1_NAME}
-  local CUSTOM_SETUP_ARGUMENTS=(
-    --env ENABLE_AMAVIS=1
-    --env ENABLE_SPAMASSASSIN=1
-    --env SA_SPAM_SUBJECT='undef'
-  )
-  _init_with_defaults
-  _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
-
-  _run_in_container_bash "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= undef'"
-  assert_success
-}
-
-# TODO: Unclear why some of these ENV are relevant for the test?
-@test "Docker env variables are set correctly (custom)" {
-  export CONTAINER_NAME=${CONTAINER2_NAME}
-
-  local CUSTOM_SETUP_ARGUMENTS=(
-    --env ENABLE_CLAMAV=1
-    --env SPOOF_PROTECTION=1
-    --env ENABLE_SPAMASSASSIN=1
-    --env REPORT_RECIPIENT=user1@localhost.localdomain
-    --env REPORT_SENDER=report1@mail.my-domain.com
-    --env SA_TAG=-5.0
-    --env SA_TAG2=2.0
-    --env SA_KILL=3.0
-    --env SA_SPAM_SUBJECT="SPAM: "
-    --env VIRUSMAILS_DELETE_DELAY=7
-    --env ENABLE_SRS=1
-    --env ENABLE_MANAGESIEVE=1
-    --env PERMIT_DOCKER=host
-    # NOTE: ulimit required for `ENABLE_SRS=1` until running a newer `postsrsd`
-    --ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)"
-  )
-  _init_with_defaults
-  _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
-
-  _run_in_container_bash "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'"
-  assert_success
-
-  _run_in_container_bash "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
-  assert_success
-
-  _run_in_container_bash "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
-  assert_success
-
-  _run_in_container_bash "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
-  assert_success
-}