diff --git a/Dockerfile b/Dockerfile
index 40e26c4..37122f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -60,6 +60,7 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
 	libsasl2-modules \
 	ssl-cert \
 	ca-certificates \
+	bogofilter-sqlite \
   && rm -rf /var/lib/apt/lists/* \
   && cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \
   && mkdir -p /etc/postfix/rules \
@@ -71,6 +72,8 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
 	/etc/postfix/rules/postscreen_dnsbl_mask.pcre \
   && mkdir -p /ssl \
   && chmod 700 /ssl \
+  && groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
+  && mkdir -p /vmail/bogofilter && chown vmail:vmail /vmail
   && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
   && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
   && postconf -F \
@@ -96,9 +99,9 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
      scache/unix/chroot=n
 
 ADD confd /etc/confd/
-ADD postmap_all /usr/local/bin/
+ADD postmap_all spamfilter /usr/local/bin/
 
-VOLUME ["/etc/postfix","/ssl","/var/spool/postfix"]
+VOLUME ["/ssl","/var/spool/postfix"]
 EXPOSE 25/tcp 587/tcp
 
 CMD ["postfix","start-fg"]
diff --git a/confd/templates/setup_main.tmpl b/confd/templates/setup_main.tmpl
index 80c2e17..7fb6977 100644
--- a/confd/templates/setup_main.tmpl
+++ b/confd/templates/setup_main.tmpl
@@ -57,3 +57,14 @@ postconf maillog_file=/dev/stdout
 {{ with getv "/message/size/limit" }}postconf message_size_limit='{{.}}'{{ end }}
 {{ with getv "/smtpd/helo/required" }}postconf smtpd_helo_required='{{.}}'{{ end }}
 {{ with getv "/biff" }}postconf biff='{{.}}'{{ end }}
+
+postconf -M spamfilter/unix | grep -q spamfilter || {
+    postconf -M spamfilter/unix="spamfilter unix - n n - - pipe"
+}
+postconf -F spamfilter/unix/private=- \
+         spamfilter/unix/unprivileged=n \
+         spamfilter/unix/chroot=n \
+         spamfilter/unix/wakeup=- \
+         spamfilter/unix/process_limit=- \
+         spamfilter/unix/command='pipe flags=Rq user=vmail argv=/usr/local/bin/spamfilter -oi -f ${sender} ${recipient}'
+postconf -P smtp/inet/content_filter=spamfilter
diff --git a/spamfilter b/spamfilter
new file mode 100755
index 0000000..99fb97d
--- /dev/null
+++ b/spamfilter
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# pass mail through spam filter Bogofilter
+# arguments are passed on to sendmail
+
+/usr/bin/bogofilter -p | /usr/sbin/sendmail "$@"