Configuring the Spam Trap

Installation

Unzip the spamtrap.zip file into a directory on your computer. It does not have to be the same computer as the one where your Mail Server or your DNS are running. In fact, they can all run on separate systems if that's what suits your needs. You should have:

• doc - The folder containing this documentation
• activation.jar - The Java Activation Facility
• mail.jar - The JavaMail extensions
• spamtrap.jar - The Peacham Spam Trap.

Initial Setup

Launch the spamtrap.jar file. In Windows you double click it, in Linux you may have to issue the command "java -jar spamtrap.jar". The program will start and bring up the configuration dialog. Fill in all the blanks and close the window.

Mail Configuration

On this panel you fill in information about the account used to capture the spam.

• Update ... - How often the program should retrieve new mail, analyze it, and update the DNS. Leave it zero for now.
• POP3 ..., Account, Password - The information that you would supply to an e-mail client so that it could read the mail.
• Delete incoming mail ...  - The inbox can get pretty full, but you may need to go back and inspect an incoming message. If this is set to zero, the incoming messages will not be deleted automatically.

DNS Configuration

On this panel you supply the IP address of your DNS server and the name of the blacklist sub-domain.

Spam Configuration

On this panel you specify the parameters for the algorithm that decides when to blacklist a site:

• The name of your incoming mail server. This is used to identify the address that transferred the mail to you. Look in the headers for a piece of e-mail for the "Received: by" field for this name.
• Blacklisting threshold - How many e-mails from an address are needed to identify him as a spammer? I have this set to 1.
• Hits in n1.n2.n3.* ... - A spammer doesn't send all of his junk from the same address. Often he will have access to a whole block of 256 addresses, and use them randomly. How many addresses from the same block have to send you spam before you decide to blacklist the whole block?
• Retention days - How long do you hold a grudge? After four months you can remove the blacklisting and see if he comes back. After that long, he may be in one of the other, public, blacklists, or he may have moved to another address. More important, somebody innocent may be using that address now.

Deferring to Public Blacklists

There is no need to retain spammers in your private blacklist if they have been listed in an available public blacklist that your mail server is using. Once a day the Peacham Spam Trap can check your oldest active listings against the lists that you use.

• Hour for defer check - At what time of day do you want to start the check? Values are 0 to 23. Enter -1 to say that it will be started manually from the File menu.
• Check how many oldest? - No need to check all of your listings, limit your bandwidth use.
• Check one every n seconds - Space out the requests. For each item checked, the Spam Trap sends an inquiry to each of your public blacklists.
• Check against which DNSBLs - This is where you list the names of the public blacklists that you have configured your mail server to use. For a list of lists. go to http://www.dnsstuff.com/

Ignoring Spam from Major Providers

Some spam comes from the major e-mail providers despite their efforts to block it. You don't want to block everything from these sources because of a few Spam, so you add them to the whitelist (the opposite of a blacklist.) Spam Trap will ignore Spam that comes from mail servers in these domains. It does not use the reply address since that is almost always spoofed.

Initial Runs

The main window can be resized and repositioned and the changes will be remembered. This applies to the Configuration and DataBase windows also.

Select File/Read mail to test retrieval of spam. It will report on the number of messages read. Select View/Data to see what it got.
None of the entries are yellow yet because they have not been uploaded to the DNS, and none of the address blocks have been identified. After you have verified that all of the entries are spam, select File/Update DNS and you are on your way. Check your logs, make sure everything is operating, and then go back and set an update frequency of ten minutes.