I describe herein how to set up Postfix, Procmail, and SpamAssassin for system-wide processing, with a great deal of user flexibility. The biggest downfall of this approach is computational cost, as it creates one procmail process for each incoming message.
The basic idea is that you set postfix's "mailbox_command" to be procmail. That is, it delivers the mail by passing each message to procmail. You then create a system-wide procmailrc file, which passes all messages through SpamAssassin (actually, spamc/spamd).
Advantages:
A default install of SpamAssassin will probably do the trick, whether it's from the deb, rpm, or tarball. Remember to start the daemon and turn it on with chkconfig (or whatever you use).
This may already be set (it is the default in Red Hat Linux). Just make sure that you have
mailbox_command = /usr/bin/procmailin the main postfix config file (/etc/postfix/main.cf). You'll have to have postfix reload the config for the changes to take effect (run /usr/sbin/postfix reload).
This is not specific to postfix, although you'll have to figure out the config for your program yourself.
Note: There are a couple of quirks with this approach. The first is that you must make sure root's mail is being forwarded to a regular user. Postfix doesn't like to execute unknown programs as root. Also, you may need to be careful with spool creation. Depending on the permissions of the mail directory, procmail may not be able to create mail spools if they don't already exist.
Create the file /etc/procmailrc with the following contents:
:0fw | /usr/bin/spamc
You may want to configure SpamAssassin by editing /etc/mail/spamassassin/local.cf. By default, SpamAssassin modifies messages heavily. I recommend the the following options in order to minimally annoy people who don't want to be pestered with this crap:
rewrite_subject 0 report_header 1 defang_mime 0