Complete documentation for all MCP tools provided by the SpamAssassin MCP server.
The SpamAssassin MCP server provides 6 defensive security tools through the Model Context Protocol. All tools are designed for analysis and defensive security operations only.
- Rate Limiting: 60 requests per minute with burst capacity of 10
- No Authentication: Currently runs in trusted environment
- Request Size Limits: Maximum email size 10MB
Analyze email content for spam probability and rule matches using SpamAssassin.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
content |
string | ✅ | Raw email content including headers |
headers |
object | ❌ | Additional headers to analyze |
check_bayes |
boolean | ❌ | Include Bayesian analysis (default: false) |
verbose |
boolean | ❌ | Return detailed rule explanations (default: false) |
Request Example:
{
"tool": "scan_email",
"params": {
"content": "From: sender@example.com\nTo: recipient@example.com\nSubject: Test Email\n\nThis is a test email.",
"verbose": true,
"check_bayes": true
}
}Response:
{
"score": 2.1,
"threshold": 5.0,
"is_spam": false,
"rules_hit": [
{
"name": "MISSING_HEADERS",
"score": 1.0,
"description": "Missing some standard email headers"
},
{
"name": "SHORT_EMAIL",
"score": 1.1,
"description": "Email body is very short"
}
],
"summary": "Email analysis completed with detailed rule explanations...",
"timestamp": "2024-01-01T12:00:00Z"
}Error Responses:
400 Bad Request: Invalid email format or content too large429 Too Many Requests: Rate limit exceeded500 Internal Server Error: SpamAssassin processing error
Check sender reputation and domain/IP blacklists against configured security policies.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
sender |
string | ✅ | Email sender address |
domain |
string | ❌ | Sender domain (auto-extracted if not provided) |
ip |
string | ❌ | Sender IP address |
Request Example:
{
"tool": "check_reputation",
"params": {
"sender": "suspicious@spam-domain.com",
"domain": "spam-domain.com",
"ip": "192.168.1.100"
}
}Response:
{
"sender": "suspicious@spam-domain.com",
"domain": "spam-domain.com",
"ip": "192.168.1.100",
"reputation": "bad",
"blocked": true,
"reasons": [
"Domain spam-domain.com is blocked"
],
"details": {
"check_time": "2024-01-01T12:00:00Z",
"source": "spamassassin-mcp"
}
}Reputation Values:
good: Sender is whitelisted or trustedbad: Sender is blacklisted or suspiciousunknown: No reputation data available
Provide detailed explanation of how a spam score was calculated, including rule breakdown and reasoning.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
email_content |
string | ✅ | Raw email content to analyze |
Request Example:
{
"tool": "explain_score",
"params": {
"email_content": "Subject: URGENT: Free Money!\n\nClick here to claim your $1,000,000 prize!"
}
}Response:
{
"final_score": 12.5,
"rule_details": [
{
"name": "URGENT_SUBJECT",
"score": 3.0,
"description": "Subject contains urgent language"
},
{
"name": "MONEY_PRIZE",
"score": 4.5,
"description": "Content mentions money prizes"
},
{
"name": "SUSPICIOUS_LINK",
"score": 2.0,
"description": "Contains potentially suspicious links"
},
{
"name": "EXCLAMATION_MARKS",
"score": 1.5,
"description": "Excessive use of exclamation marks"
},
{
"name": "SHORT_BODY",
"score": 1.5,
"description": "Very short email body"
}
],
"bayes_score": 0.95,
"network_tests": [
"DNSBL_CHECK_PASSED",
"SPF_CHECK_FAILED"
],
"explanation": "Final Score: 12.50 (Threshold: 5.00)\nClassification: SPAM\n\nRules Triggered:\n URGENT_SUBJECT: 3.00 - Subject contains urgent language\n MONEY_PRIZE: 4.50 - Content mentions money prizes\n SUSPICIOUS_LINK: 2.00 - Contains potentially suspicious links\n EXCLAMATION_MARKS: 1.50 - Excessive use of exclamation marks\n SHORT_BODY: 1.50 - Very short email body\n\nBayesian Analysis: 95% spam probability\n\nNetwork Tests:\n ✓ DNSBL check passed\n ✗ SPF validation failed"
}Retrieve current SpamAssassin configuration and server status information.
Parameters: None
Request Example:
{
"tool": "get_config",
"params": {}
}Response:
{
"version": "3.4.6",
"threshold": 5.0,
"bayes_enabled": true,
"rule_count": 1247,
"settings": {
"host": "localhost",
"port": 783,
"timeout": "30s",
"max_email_size": 10485760,
"rate_limit_per_minute": 60
}
}Update SpamAssassin rule definitions from official sources (defensive updates only).
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
source |
string | ❌ | Rule source: "official" or "custom" (default: "official") |
force |
boolean | ❌ | Force update even if recent (default: false) |
Request Example:
{
"tool": "update_rules",
"params": {
"source": "official",
"force": false
}
}Response:
{
"status": "success",
"message": "Rules updated successfully",
"timestamp": "2024-01-01T12:00:00Z",
"rules_updated": 1247,
"last_update": "2024-01-01T11:30:00Z"
}Test custom SpamAssassin rules against sample emails in a safe, isolated environment.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
rules |
string | ✅ | Custom rule definitions in SpamAssassin format |
test_emails |
array | ✅ | Array of sample email strings to test |
Request Example:
{
"tool": "test_rules",
"params": {
"rules": "header LOCAL_TEST Subject =~ /test/i\ndescribe LOCAL_TEST Test rule for subject\nscore LOCAL_TEST 2.0",
"test_emails": [
"Subject: This is a test email\n\nTest content here.",
"Subject: Normal email\n\nRegular content here."
]
}
}Response:
{
"results": [
{
"email": "Subject: This is a test email...",
"score": 2.0,
"is_spam": false,
"rules_matched": ["LOCAL_TEST"]
},
{
"email": "Subject: Normal email...",
"score": 0.0,
"is_spam": false,
"rules_matched": []
}
],
"summary": "Tested 2 emails against custom rules. 1 email matched the test rule."
}| Code | Description | Solution |
|---|---|---|
400 |
Bad Request - Invalid parameters | Check parameter format and requirements |
413 |
Request Entity Too Large | Reduce email size (max 10MB) |
429 |
Too Many Requests | Wait before retrying (rate limit: 60/min) |
500 |
Internal Server Error | Check server logs and SpamAssassin status |
503 |
Service Unavailable | SpamAssassin daemon not responding |
{
"error": {
"code": "400",
"message": "Invalid email format",
"details": "Email content must include valid headers",
"timestamp": "2024-01-01T12:00:00Z"
}
}All tools are subject to rate limiting:
- Limit: 60 requests per minute
- Burst: Up to 10 requests in quick succession
- Reset: Rate limit window resets every minute
- Headers: Rate limit information included in response headers
Content-Type: application/jsonUser-Agent: claude-code-mcp-client/1.0
Content-Type: application/jsonX-RateLimit-Limit: 60X-RateLimit-Remaining: 59X-RateLimit-Reset: 1640995200
- All email content is validated for format and size
- Headers are sanitized to prevent injection attacks
- IP addresses and domains are validated with regex patterns
- Custom rules are parsed safely in isolated environment
- No email content is permanently stored
- All processing is done in memory
- Logs contain only metadata, not email content
- Temporary files are automatically cleaned up
- All API calls are logged with timestamps
- Security events are logged at WARN level
- Rate limit violations are tracked
- Errors include correlation IDs for debugging
# Connect to MCP server
claude --mcp-server spamassassin tcp://localhost:8080
# Scan suspicious email
/scan_email --content "$(cat suspicious.eml)" --verbose
# Check sender reputation
/check_reputation --sender "unknown@suspicious-domain.com"
# Get detailed score explanation
/explain_score --email_content "Subject: Free Money!\n\nClaim your prize!"
# Test custom rules
/test_rules --rules "header CUSTOM_RULE Subject =~ /urgent/i" --test_emails '["Subject: Urgent message\n\nContent"]'For direct integration with other tools, the server accepts standard HTTP POST requests to the MCP endpoint with JSON payloads following the MCP specification.
- Response Times: Typical scan takes 50-200ms
- Throughput: ~300 emails/minute sustained
- Memory Usage: ~100MB base + 1MB per concurrent scan
- Disk Usage: ~50MB for rules + log files
- Health Endpoint: Built-in health check script
- Metrics: Response times, error rates, rule hit counts
- Alerts: Automatic alerts for high error rates or long response times
- Logging: Structured JSON logs for easy parsing