If by "dump" you mean "discard", this simple test might be better done in
your MTA. However, "poison pill" rules (absent certain DNSBLs) are
generally discouraged.
Probably because even if it's a good spam sign, it isn't very common or it
appears together with enough other spam signs that it's not scored very
highly by itself.

If you post some spamples of such to pastebin we'll take a look.
Yes, it does. There are rules that check for no TO or CC. For example:

http://ruleqa.spamassassin.org/20140902-r1621946-n/REPLYTO_WITHOUT_TO_CC/detail

If you want to score for "no TO or CC header", you could do this:

meta NO_TO_CC !__TOCC_EXISTS
"autolearn" is submission of the message to the Bayes backend for
training. This can affect the scoring of subsequently-scanned messages,
but it does not affect the score of that message.

Also: SA does not directly have anything to do with the delivery process.
All it does is generate a spamminess score. *Something else* has to
interpret that score to decide the ultimate destination of the message:
inbox, quarantine or bit bucket.
That would seem to indicate a problem with Bayes.
You will see BAYES_* rule hits on messages if Bayes is working. You have
to learn a minimum number of spam *and* ham messages before it will start
working.

This will report statistics about the Bayes database.

/usr/bin/sa-learn --dump magic

The most common mistake is to train Bayes as a user that is not the same
user that SA is running under to scan messages - i.e., you're training the
wrong Bayes database. Check which user spamd is running under, and which
user you're running sa-learn as. They should be the same user.
The definitive test to check whether SA is scanning messages is to send a
message containing the GTUBE string, it should always be detected and
score 1000 points. Google "spam GTUBE" for more details.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
***@impsec.org FALaholic #11174 pgpk -a ***@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The tree of freedom must be freshened from time to time
with the blood of tyrants and tyrannosaurs.
-- DW, commenting on the GM6 Lynx .50BMG bullpup
-----------------------------------------------------------------------
13 days until the 227th anniversary of the signing of the U.S. Constitution

You may be surprised if you actually check spam and ham.
SA never removes mail under any circumstances.
For the record, using sql for babes is considerably faster.
If you see X-Spam headers, it’s working. If in the X-Spam-Report you see BAYES_ then that is working.

Others have gracefully answered as to the substance of your message.

I'll have to be a pest and ask that you please do not use "Reply" or
"Followup" when you're starting a new topic. For list readers with user
agents that thread the standard (RFC standard) way, that breaks
threading.

The way to start a new topic is to copy the list address, do a "New
Message" or similar, and paste the address into the destination field.
You can also save the address in your contact list / address book to
avoid the copy and paste in the future.

Thanks for your cooperation.

No, unfortunately not... I understand why the large messages bypass SA
but not the small ones.

As a slightly related aside, what do people typically do about larger
messages containing virus laden zip files?

Many thanks,
Geoff

I don't think a lockfile achieves anything because it's a call to a
program. Procmail has some weird syntax so hopefully someone with some
procmail-fu can tell us if a lock on a procmail system call does
anything. In the meantime, here's a good resource about procmail and
lockfiles:
http://www.techrepublic.com/article/all-the-wonders-of-procmail-part-2-lockfiles-and-nondelivering-recipes/

regards,
KAM