Mail service random behaviour

I am stuck with this.

For about a week - evenings only - I have been trying
to configure a system that would automatically check
for SPAM and filter that in different folders. The
system itself consists of:
- ADSL connection to ISP
- internal network separated by a firewall
- one server PC
- one client PC

server runs fetchmail to get the email from two email
accounts, the configuration is:

set logfile "/tmp/timo_fetchmail.log"
poll "popaccount1.domain1.com" protocol POP3 : user "account1" there with
password "my-password" is "localuser" here ;
poll "popaccount2.domain2.com" protocol POP3 : user account2 there with
password "my-password2" is "localuser" here no flush;
smtphost localhost

Fetchmail should push the stuff to local postfix. The Postfix
service itself has following configuration:
Things I have changed in /etc/postfix/main.cf:
--8<----8<----8<----8<----8<----8<--
inet_interfaces = $myhostname, localhost
mynetworks = 192.168.5.0/24,127.0.0.0/8
mailbox_command = /usr/bin/procmail -f- -a "$EXTENSION"
mailbox_transport = procmail
# smtpd_recipient_restrictions
--8<----8<----8<----8<----8<----8<--
Otherwise it is the default of SuSE Linux 8.1 Professional

Things I have changed in /etc/postfix/master.cf:
--8<----8<----8<----8<----8<----8<--
smtp inet n - n - - smtpd
-o smtpd_recipient_restrictions=permit_mynetworks,che ck_relay_domains
-o content_filter=spamassassin
192.168.5.2:smtp inet n - n - -
smtpd
-o smtpd_helo_restrictions=reject_unknown_hostname,pe rmit
-o content_filter=spamassassin
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=cyrus argv=/usr/bin/procmail -t -m USER=${user} \
EXTENSION=${extension} /etc/procmailrc
--8<----8<----8<----8<----8<----8<--
Other settings from default.

As far as I understand this means that:
1) fetchmail gets the mail from ISPs mailboxes
2) fetchmail sends the mail to local postfix
3) postfix filters the mail with spamassassin
4) spamassasin marks the SPAM value for each mail
5) postfix delivers the mail with procmail

The procmail settings are as follows:
--8<----8<----8<----8<----8<----8<--
DELIVERTO="/usr/lib/cyrus/bin/deliver"
# USERINBOX="$DELIVERTO -e -a $USER -m user/$USER"
USERINBOX="/var/spool/mail/$USER"
USERSAVE="/var/spool/mail/save_$USER"
LOGFILE="/var/log/mail.$USER.log"

INCLUDERC="/home/$USER/.procmailrc"

:0 w
$USERSAVE
--8<----8<----8<----8<----8<----8<--

I understand this as the default storage is
/var/spool/mail/save_$USER UNLESS the user rules
store the data? OK, my user rules are then:
--8<----8<----8<----8<----8<----8<--
LOGFILE="/tmp/localuser_procmail.log"
DELIVERMAIL="/usr/lib/cyrus/bin/deliver"

IMAPINBOX="$DELIVERMAIL -e -a timo -m user/localuser"
TESTMAIL="$DELIVERMAIL -e -a timo -m user/localuser/test"
MEDSPAM="$DELIVERMAIL -e -a $USER -m user/localuser/medspam"
HIGHSPAM="$DELIVERMAIL -e -a $USER -m user/localuser/highspam"

:0w:/tmp/highspam.lock.$USER
* ^X-Spam-Status: .*hits=[1-9][0-9]
| $HIGHSPAM

:0w:/tmp/medspam.lock.$USER
* ^X-Spam-Status:.*hits=[4-9][\ \.]
| $MEDSPAM

:0w:/tmp/medspam.lock.$USER
* ^(Subject).*SPAM*
| $MEDSPAM

:0w
| $IMAPINBOX
--8<----8<----8<----8<----8<----8<--

Cyrus-imap is used to deliver(?) the mail and as IMAP
service for MUAs reading the mail. Mozilla 1.5 shows the
folders with their correct contents. Everything seems to
be ok.

But the thing is that the system sometimes destroys all
mail. The LOG FILE /tmp/localuser_procmail.log (which
belongs to user cyrus probably due cyrus running the
procmail from postfix?) shows everything as delivered
to the correct folder/destination of each message.
This meaning that it shows log messages such as following:

--8<----8<----8<----8<----8<----8<--
Subject: **SPAM** Buy sleeping aid pills cheap ....
Folder: /usr/lib/cyrus/bin/deliver -e -a localuser -m \
user/localuser/highspam 5959
--8<----8<----8<----8<----8<----8<--

And these messages are there even if the folders are empty.

From cyrus-imap settings, only things I changed was enabling
line from /etc/cyrus.conf:
lmtp cmd="lmtpd" listen="lmtp" prefork=0

The imapd.conf was changed by adding/modifying the following:

sasl_mech_list: pam
sasl_saslauthd_path: /var/run/sasl2//mux
sasl_pwcheck_method: saslauthd

sendmail: /usr/sbin/sendmail
unixhierarchysep: yes
altnamespace: yes

Finally the /etc/mail/spamassassin/local.cf has additions
made by me:

allow_user_rules 1
rewrite_subject 1

subject_tag **SPAM**
required_hits 4.0

report_safe 1
use_terse_report 0

use_bayes 1
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
ok_languages all
=================================================

For me there certainly is something like too many
moving parts here. I suspect that something might
happen when too many mails come through the thing.
Maybe it can not push everything through the filtering
and starts loosing mail?
Granted, I haven't yet fully understood the whole
setting but I am gaining more understanding every
evening... It is just getting a bit boring to have
it "almost work".

I have written a description of this whole setup
as a document for postfix/fetchmail/procmail/spamassassin/
cyrus-imap newbies like me. Currently the booklet
is in finnish so it is no use showing it here.
Once I get it working and corrected I will translate
it and deliver english version too. But first I need
to get it working.

Anybody to volunteer? I can provide logs, all
settings (whole files) and sample mail headers
but I feel it is waste of bandwidth to add 300
more lines - this message is already long (176 lines)

help, please!

br,

timo
ps. yes, I can be reached at timo.raty@kotinet.com
and Yes, I will get even more spam for supplying my
email address here...