This is the current version of the FAQ which was
produced for early versions of SpamPal. Although some
of the content is still relevant, there may be some slightly inaccurate
information. This will be updated later. |
|
|
| SpamPal
- Installation & Configuration |
23.
When I start SpamPal it reports "SpamPal
is unable to use port 110 (error 10049)
24. How do I change the level of spam filtering?
25. My email headers are incorrect when using Hamster and
SpamPal
26. How did I get Spampal to work with my ISP SBC Yahoo?
27. I get an error message saying port 110 in use, what do
I do?
28. Using VPOP3 no messages are being filtered into the correct
mailbox
29. VPOP3 download rules don't work correctly
30. I'm using XP's "switch user" feature
and port is already in use
31. How do I get YahooPops to work with SpamPal?
32. How do I upgrade to a new version of SpamPal?
33. In advanced whitelist, what IP address range does a network
prefix notation use?
34. How can I get popfile to work with SpamPal?
35. How do I get Hotmail, Yahoo or AOL to work with SpamPal?
36. Does SpamPal work with an SSL email host?
37. Error Message: There was a problem logging
onto your mail server.
38. My ISP requires the pop3 username to be in the form username@isp.com
39. The connection to the server has failed?
40. SpamPal times out on very large messages?
41. I’ve downloaded a plugin but there
is no plugin directory. What do I do now?
42. How do I change the location of the Configuration Directories?
43. What setup do I use with WinGate proxy?
44. I am sometimes not able to receive mails with Mozilla
and SpamPal
45. Where I can find out more on how to configure SpamPal?
46. How do I setup SpamPal for Multi-Users?
47. My mail program says "server not found"?
48. SpamPal says it can't find my mailserver!
49. I've installed SpamPal and now I can't send email!
50. SpamPal gives me regular "unable to resolve server
name" errors!
51. Some non-spam mail has been filtered into my spamtrap
folder.
52. Lots of non-spam mail has been filtered into my spamtrap
folder
53. All my non-spam mail has been filtered into my spamtrap
folder!
54. SpamPal is hardly catching any spam.
55. Lots of spam is getting passed with the header PASS TIME-OUT
56. SpamPal makes fetching my mail very slow.
57. I installed SpamPal but it downloaded all my old messages!
|
| SpamPal
- E-Mail-Client Configuration and Rules |
58.
I cannot change the POP3 server with Outlook Express as
it's greyed out!
59. I have been receiving duplicate messages in my inbox?
60. I use Eudora 5.2 and cannot get it work with SpamPal
61. I use Eudora 5.2 but after setup with SpamPal, I cannot
send emails
62. Why don't my Outlook filters work?
63. How can I put all those different senders of mailinglists
into the whitelist
64. Using Pegasus and SpamPal, some of my sent emails have
not been received?
65. Is there anyway to use Spampal to mark existing messages
in my Outlook Inbox?
66. Using Spampal and Pegasus. Spampal claims not to find
a valid server address
67. My Outlook message rules won't work
68. SpamTrap folder keeps disappearing in Outlook/Outlook
Express
69. I am using The Bat! and I keep getting old emails back
from the server?
70. How do I create a pop3.log error log for Forte Agent?
71. How do I create a pop3.log error log for Outlook Express?
72. How can I hide the SpamPal Icon in system tray?
73. I have a rule in OE6 that doesn't work when using the
UrlBody plugin
74. How do I create a pop3.log error log for Mozilla?
75. When using rules, SpamPal tagged messages with attachments
aren't deleted
76. My Outlook Express rule won't move Spam to the Spam Folder?
|
| SpamPal
- Filters |
77.
My bigfoot email address is marked as spam, how can I stop
this?
78. Why am I getting a lot of spam with A-WLIST headers
79. Mail coming from PayPal is being marked as Spam
80. Some of my spam is passing through the filters and being
accepted.
81. Many spammers use subdomains, how can I setup a wildcard
to block them?
82. Why is an email address not being added to my AutoWhitelist?
83. How do I whitelist EBay addresses?
84. I am a subscriber to more than a few yahoo groups, how
do I whitelist them?
85. A Spam email, with my whitelisted From address was marked
as spam?
|
| SpamPal
- Virus scanners and Firewalls |
86.
Is SpamPal infected with the SDBOT trojan?
87. How do I setup Spampal and Norton Internet Security 2003?
88. PC-Cillin virus checker loses the account settings
89. Why does Zone Alarm ask for server rights?
90. Using NOD32 and SpamPal together, the email transfer
rate is slow
91. How do you get Spampal to work with Trend PC-Cillin?
92. PC-Cillin virus checker loses the "@localhost" tag
93. I'm using Zone Alarm with SpamPal and I find that sometimes
I have problems!
94. ZoneAlarm™sometimes reports a log
entry for SpamPal
95. My firewall says SpamPal is trying to connect to the
Internet!
96. SpamPal gives me "No such file or directory" errors
97. SpamPal froze while I was trying to download my mail!
|
| Plugins
- BadWords - General Questions |
98.
What is the plugin BadWords for?
|
| Plugins
- Bayesian Filter - General Questions |
99.
Using the Bayesian plugin, everything is being marked as
spam?
100. Will the Bayesian plugin work with the HTMLModify plugin?
101. How long does a typical Bayesian teaching mode last?
Days, weeks?
102. Can a Bayesian filter be taught to detect virus attachments?
103. Can wordlist.dat from one computer, be copied to another?
104. How do I tell when Spampal crashes, if it's a SpamPal
crash or a Bayesian crash
105. Does my wordlist.dat get deleted every time a new version
is installed?
106. On installing a new version of the plugin, I'm asked
to restart the computer
107. What is a Bayesian Spam Filter?
108. Does the Bayesian plugin learn from whitelisted emails?
109. How exactly does the "word expiry" option
work?
110. How do I get the plugin to ignore certain words?
111. Can a Bayesian filter be taught to detect virus attachments?
|
| Plugins
- RegExFilter - General Questions |
112.
Where is the logfile stored?
113. Which program has tagged my email? SpamPal or RegEx?
114. E-Mails are not tagged when using the preview modus...
115. What does RegEx do?
116. I’ve used an external editor on
my filters.dat file and they are not working
117. How do I know which RegEx rule matched?
118. How do I know which filters/configuration file RegEx
is using?
119. What does "Found: Content-Transfer-Encoding: base64" mean
in the regexfilter.log
120. In the headers of my email I have the odd headers. How
do I avoid this?
|
| Plugins
- RegExFilter - Regular Expressions (RegEx) & Filterrules |
121.
How do I write the regular expressions that RegEx uses?
122. How can I stop junk email with numerous To:'s?
123. How do I stop the word "analytical" being
marked as Spam?
124. How do I mark email addresses, without
an "@" sign,
as Spam?
125. I've added a rule to whitelist opera users but it doesn't
work all the time
126. Why does my filter rule not work? There
is an error message in the logfile.
127. How do I create a new regex filter for this yahoo x-header?
128. I?ve setup a whitelist in RegEx but it doesn?t
seem to work
129. A SPAM mail has not been tagged by RegExFilter?
130. What is the difference between Body: and Line:?
131. When does the option "-" tag
an email as Spam?
132. Regular expression that does not ignore upper and lower
case characters?
|
| Plugins
- Quarantine - General Questions |
133.
What does the Quarantine Plugin do?
134. Is it possible to change the quarantine directory?
|
| Plugins
- URLBody - General Questions |
135.
What does the URL Body Plugin do?
|
| Plugins
- HtmlModify - General Questions |
136.
What does the HtmlModify Plugin do?
137. What is a web bug?
138. which HTML TAGS are classed as Malicious?
|
| SpamPal
- General Questions |
1. What
is "Attempt APOP authentification"?
Question: What is "Attempt APOP authentification"?
Answer: It's one of those things that, if you don't
know what it is, you probably don't need it.
When you normally log in to a POP3 mailbox, your username
and password are sent as plain text. This means that
the owner of any network the connection passes through
could theoretically spy on it and discover your password.
(For most people, the only network the connection passes
through is their ISP's, and they know your password anyway.)
APOP sends for Authenticated POP3; if you select the "attempt
APOP connection" option, SpamPal will encrypt your password
before sending it to your mailserver, for that little
bit of added security. Of course, it only works if your
mailserver supports APOP.
An alternative method of authenticated POP3 connections
is SASL, which is what Microsoft call "secure password
authentication" in Outlook Express.
2. I head a rumour that SpamPal gives you more spam?
Question:
I've heard rumours that SpamPal add user's email addresses
to spam lists, which means you receive even more spam.
Is this true?
Answer:
This came about from an entry in download.com's Spampal
page (in the negative section)
So, no, SpamPal doesn't add your or anyone else's email
addresses to spam lists.
Feel free to have a look at SpamPal's source code, or
use a packet sniffer to examine SpamPal's network activity,
or do any other test you want. If you don't feel technically
competant to do this, do a search on Google to see if
anyone else has;
SpamPal has been around for about a year now, and in
that time plenty of people will have looked at what it
does,
and someone would surely have found some actual evidence if it were doing
anything dodgy.
But I'm confident you won't find anything suspect.
As for the guy on download.com, sometimes people don't realise numerically
how much spam they get until it's all collected together in one folder;
it can be a bit of a shock just how much spam you were wading through.
My guess is that's what happened to that guy. Or his experience could
just be a coincidence, or maybe he's trying
to further the cause of a rival spam-filtering solution...
3. Can Spampal bounce error messages back to spammers?
Question:
Is there any facility within Spampal to bounce error messages back to
the spammers, indicating an invalid email address?
Answer:
No, SpamPal cannot create error messages or so called "bounce messages".
The usual reason people like to bounce messages back to a spammer, is
that they think a bounced message will tell the Spammer that an email
account does not exist and their address will be removed from the spammer's
database and therefore that they won't receive any more spam.
But in reality bounce messages are normally useless because:
1. A Spammer sends, in a few minutes, millions of emails at once. Why
should he spend time on deleting a few thousand addresses that do not
exist? Usually the same addresses are spammed again next time (it does
not cost the spammer any time or money, to send a few emails more). Bounces
from users will only increase traffic over the internet and end up costing
the user either time or money, to bouce back a lot of messages, back
to the spammer.
2. 99.9% of the spam, has an invalid return address that has nothing
to do with the real spammer.
Here are a few "real world" examples:-
a) the sender does not exist and the error message cannot be delivered.
So you return the (fake) message again and since most Spammers can recognize
that this is not a real error message, you end up wasting time and money.
b) the (innocent) sender exists and the spammer has used their email
address for his spam.
Spammers often use email addresses of innocent persons (very often they
use addresses of persons who have tried to stop the spammer by their
complaints).
These persons receive thousands of real bounces and additional bounces
(ie. Fake) sent by software, that allow you, to send fake bounce messages.
c) the sender is the spammer (in a very few cases).
The spammer can verify that your account exists (when he is clever enough
to identify your error message as fake).
When you want to fight against spam, you should read the news.admin.net-abuse.email
newsgroup and ask one of the experts there, how to fight back and how
to avoid spam.
4. How do I back up both my Whitelist and my Blacklist.
Question:
I am about to do a clean install of Windows XP on
my computer.
How do I back up both my Whitelist and my Blacklist.
Answer:
First you need to locate the directory where your Spampal configuration
files are stored.
This directory will also have settings for any plugins you currently
use.
Do a right click on the umbrella in the systray and select options.
Now select the "advanced" menu.
You should now see at the bottom of that screen a box that says "Spampal's
configuration is stored in this folder:"
Now, use windows explorer (or your fave zip program) and backup the whole
folder.
5. Blacklisted by SpamCop but SpamPal says it was clean
Question:
MailWasher has identified an email as being blacklisted by SpamCop.
SpamPal reports the same email as "PASS" in the header, even though SpamCop
is a selected DNS blacklist
Answer:
This can be caused by Spampal caching the results of any DNSBL checks,
in order to speed up processing your emails.
You can force SpamPal to 'forget' about it's cached results by renaming
the dnsbl_cache_neg.dat and dnsbl_cache_pos.dat files and then recheck
your email again.
Notes:
In SpamPal's Advanced settings, you can select how many days, the positive
(spam) and negative DNSBL checks are stored/cached, that SpamPal used.
In Beta versions of SpamPal >=1.19 you can now set the number of hours,
the positive (spam) and negative DNSBL checks are stored/cached, that
SpamPal used.
6. How do I run SpamPal as a system service under WinNT/2K/XP??
Question:
How do I run SpamPal as a system service under WinNT/2K/XP??
Answer:
Try using
FireDaemon
in demo mode or
Srvstart
which is free GNU GPL software.
A quick start to Srvstart can be found
here
.
7. How does SpamPal work?
Question:
How does SpamPal work?
Answer:
Briefly, there's two different types of addresses - email addresses and
I.P. addresses.
An email address looks something like this - me@myisp.com - and generally
appears in the From: header of an email message.
However, the value of this is given by the sender when they send the
email message - if you're using Outlook Express or whatever, when you
send an email the From: address will be whatever you've set in the options.
You can set it to whatever you like. Spammers use special programs to
generate random From: addresses, or set this to the addresses of people
who've annoyed them.
I.P. addresses are numbers (usually given as four period-separated octets,
e.g. 194.198.73.1) that identify computers on the internet.
As an email message travels between mail servers on the Internet, most
servers add a "Received:" header line, giving the I.P. address of the
machine they received it from.
Spammers can and do add fake Received: headers containing forged I.P.
addresses to try to confuse spamfighters, but they cannot interfere with
the addition of Received: headers by other mailservers, because this
takes place after the spam has left their computers.
What SpamPal does is look at the Received: headers, extract the I.P.
addresses, and check if the addresses are on any blacklists. It'll do
this for both real and forged I.P. addresses, but since spammers are
the only people with a reason to forge Received: headers, there isn't
really a downside to this.
8. Why is there no "plugins" menu option, when right-clicking
on the tray menu?
Question:
Why is there no "plugins" menu option, when right-clicking on the tray
menu?
Answer:
the "plugins" menu item on the tray menu will only appear if you've enabled
the plugin from the "plugins" tab of the Options window.
9. Can I use Telnet to troubleshoot my problems with SpamPal?
Question:
Can I use Telnet to troubleshoot my problems with SpamPal?
Answer:
Yes. For some problems, like the one with Outlook Express reporting connection
refused, it is sometimes helpful to test the connection with Telnet,
with the hope of eliminating your email client from the equation.
Telnet is not the easiest to use, and you have to type things right first
time (delete key probably doesn't work for you), but to test SpamPal,
do the following:
Some ISP's also don't allow you to Telnet into a POP3 account, so the
following tests, don't always work.
In the following example, it assumes that you are currently running SpamPal
on the default port 110, if you're running SpamPal on port 1110 for example,
than you need to change all the 110's below, to 1110.
Windows 95/98 ONLY:
1) Run Telnet. It comes with Windows and you should just be able to type
TELNET into the Start/Run box.
2) On Telnet menu select TERMINAL, Preferences and make sure Local_echo
is ticked
3) On Telnet menu select CONNECT the REMOTE SYSTEM.
Type in these values.
Host Name: 127.0.0.1
Port: 110
Term Type: VT100
Windows 2000/XP ONLY:
1) Run Telnet. It comes with Windows and you should just be able to type
TELNET into the Start/Run box.
2) Type in: SET local_echo
3) Type In: OPEN127.0.0.1 110
Windows 95/98/2000/XP:
You should now see:
" +OK POP3 (Spampal) server ready (USER command must include mailserver
name)"
4) Type in: USER addr@pop.server.name
and press enter. You should get the response of +OK. Use your own address/mailserver
name. This is the one that is like your email address but often has pop3
or mail or similar after the "@" symbol. Remember that you must get it
right first time. You cannot use backspace to delete typing errors.
5) Type in: PASS password
and press enter. You should get the response of +OK. If it goes wrong
because you've typed in the wrong values, just close Telnet and start
again.
6) Type in: LIST
and press enter. You should get a list of message numbers and the size
of each one, with a dot at the end of the list. e.g.
+OK
1 4772
2 6971
3 3619
.
7) Test retrieving one of them. e.g. Type: RETR 3
This will list all the text for that message. If the message is not too
long, and if it is a spam, then you will be able to find the Subject
line which SpamPal will hopefully have tagged as **SPAM** for you.
8) Terminate the session by typing: QUIT
You should get "+OK" and "Connection to host lost".
If you can do all this, then you know SpamPal is working and you have
got the correct settings for user name etc. You can see the dialog between
your computer and SpamPal and see whether or not it is responding.
10. What order is Spam checked, using SpamPal (and other plugins)
Question:
What order is Spam checked, using SpamPal (and other plugins)
Answer:
The Internal processing ordering basically goes like this:
1) Black & Whitelists
2) Cached DNSBL query results
3) Plugins (Such As RegEx)
4) Other DNSBL query results
11. My blacklist is getting quite large and has duplicate entries.
Question:
My SpamPal blacklist/whitelist is getting quite large and no doubt has
duplicate entries.
How can I help solve this?
Answer:
Try using
SpamSort
which manages all entries of a spamlist and removes dupes.
12. Is it possible to use SASL or APOP authentification together with
SpamPal?
Question:
My ISP and my mail-client offer SASL or APOP authentification. Is it
possible to use SASL or APOP together with SpamPal?
Answer:
Yes, SpamPal supports SASL and APOP authentification beginning with version
1.08. You have to enter the mailserver and user name into SpamPal. Beginning
with version 1.09 SpamPal automatically tries to use APOP. If you can't
use APOP you can disable it.
13. What do I have to take care of if I want to update SpamPal?
Question:
What do I have to take care of if I want to update SpamPal?
Answer:
If you put SpamPal into your startup folder and added a commandline parameter
you have to use the option "custom" on setup. This is a new option of
version 1.09x. By default all parameters are being deleted in any icon
properties. Also, don't have SpamPal started but use your icon to start
it manually.
14. Who wrote SpamPal?
Question:
Who wrote SpamPal?
Answer:
SpamPal was written by James J. Farmer. He's British and works at the
University of Birmingham. In his spare time he writes SpamPal. In addition
to that, James is the author or the "news.admin.net-abuse.email FAQ" (SpamFaq)
which proves his knowledge and competence of fighting against spam.
If you have any further questions you can write him to:
jjf@twinlobber.org.uk
15. I think an email is spam but why isn’t the email being marked
as **SPAM**
Question:
I think an email is spam but why isn’t the email being marked as
**SPAM**
Answer:
The following items are worth looking at:
1) Check the whitelists, including AutoWhitelist
2) If using RegEx, check the use of the % command
3) The DNSBL’s haven’t marked the message as spam, as it’s
unknown/new
4) RegEx hasn’t got a rule that matches your message
16. Will SpamPal be updated automatically?
Question:
When there's a new version out, will SpamPal be updated automatically,
or does the person have to do something to update?
Answer:
When it checks for updates, SpamPal will pop up a window listing any
available updates but it won't download them automatically; you (or someone
else) would have to come to the website and download them. (An exception
is the list of DNSBL services, which is updated automatically.)
17. SpamPal's Umbrella Icon disappears
Question:
I have Windows XP™ and the icon that should be down in the system
tray (i.e. the Umbrella) is not there after I reboot or it just disappears.
Why?.
Answer:
This is usually caused by a strange XP™ ‘feature’.
Users have reported that if you disable the ssdp & upnp services then
it seems to solve the problem.
This site has a utility to toggle these services for you:
http://grc.com/UnPnP/UnPnP.htm
Also see this GoogleGroups
post
for more information
18. How do I only download or preview email headers?
Question:
How do I use SpamPal to only download or preview the headers to check
suspicious emails?
Answer:
You can use a third party utility called
POPTray
with SpamPal to preview emails on the server
19. Will SpamPal work with the Microsoft Exchange Server?
Question:
Will SpamPal work with the Microsoft Exchange Server?
Answer:
SpamPal currently doesn't work on an Exchange Server, but a version might
eventually appear.
However, you can simply access you Exchange Server, not through the MS
Mail interface, but via the pop3 protocol.
20. What does the Status item, in SpamPal, relate to?
Question:
What does the Status item, in SpamPal, relate to?
Answer:
You should see lines appear in here while you're fetching mail. If you're
on a fast connection or you don't receive much mail, they may only be
there for a fraction of a second, so they'd be easy to miss.
21. What does the header X-SpamPal: SPAM SPCOP mean?
Question:
I noticed that messages marked as SPAM have a header, such as:
X-SpamPal: SPAM SPCOP 212.210.202.35
What does this mean?
Answer:
When SpamPal detects a spam it puts the offending IP address in the SpamPal
header,
e.g.
X-SpamPal: SPAM SPCOP 212.210.202.35
This one shows a result on SpamCop DNSBL.
To see why SpamCop is blocking it, go to
http://spamcop.net/bl.shtml
and type in 212.210.202.35 and SpamCop will give you stats on numbers
of reports, examples of the reported spam, etc.
The same thing can be done on SpamBag using:
http://www.spambag.org/query.html
You can also check 99% of all other DNSBL's using the following sites:
http://www.moensted.dk/spam/
http://www.openrbl.org/
22. Has the messaged been tagged by SpamPal or by the plugin?
Question:
Has the messaged been tagged as SPAM by SpamPal or by the plugin?
Answer:
Firstly, view the complete headers of your email and looks for the SpamPal
header:
X-SpamPal: PASS
(means the email was clean)
X-SpamPal: SPAM
(means the message has been tagged by SpamPal or a plugin)
X-SpamPal: REGEX ID#xxxxxxxxx-x
(means the message has been processed by RegExFilter)
|
| SpamPal
- Installation & Configuration |
23. When
I start SpamPal it reports "SpamPal is unable to
use port 110 (error 10049)
Question:
When I start SpamPal it reports "SpamPal is unable to
use port 110 (error 10049) is this port in use by another
program?
I've tried shutting down everything in sight and I still
get this error message
Answer:
Error 10049 is the winsock error meaning you've tried
to create a socket with an invalid IP number.
Try checking the IP number in the options/advanced/ipconfig/ip
address box and put the IP number back to your own local
IP.
24. How do I change the level of spam filtering?
Question:
When I first installed Spampal, I was asked to choose
between 3 levels of spam filtering.
I first chose Safe mode. But now I'd like to switch to
Medium, but I can't find the place to change this...
I uninstalled Spampal completely and re-installed it,
but it doesn't ask me to choose from the 3 levels of
protection.
Answer:
The three default levels Safe/Medium/Aggressive modify
the list of DNSBL's that are selected.
Once spampal is installed you can change these by doing
a right click on the umbrella icon in the system tray,
select options and then click on the DNSBL Lists section.
You can now choose which DNSBL's you want to use.
The levels of spam filtering are normally:-
Safe:
SITES (ie spamsites.org) (included in OSIRU for other
schemes)
SBL (included in OSIRU for other schemes)
PROXIES
ORDB
Medium:
OSIRU
PROXIES
DSBL
Aggressive:
OSIRU
SPCOP
SPBAG
FORMAIL
PROXIES
WIREHUB
DSBL
25. My email headers are incorrect when using Hamster
and SpamPal
Question:
I currently have hamster setup with SpamPal, like this:-
client (xp pro) -> hamster(w2k server) -> SpamPal -> ISP
However, SpamPal doesn't seem to mark the email headers
correctly
Answer:
Try using hamster in the following way:-
outlook on client -> spampal on server -> hamster -> isp
26. How did I get Spampal to work with my ISP SBC
Yahoo?
Question:
How did I get Spampal to work with my ISP SBC Yahoo?
Answer:
If your original working settings are:
Username: sigga@yahoo.com
Server: pop.yahoo.com
Are those the settings you use to collect mail when you
are NOT trying to go via SpamPal? If they are correct,
then the settings you need to work via SpamPal would
be:
Username: sigga@yahoo.com@pop.yahoo.com
Server: localhost or 127.0.0.1
If your mail client objects to that username because
it contains two @ symbols, code it as:
Username: sigga@yahoo.com%pop.yahoo.com
Another example is for the Pacbell ISP, which also uses
Yahoo.com:-
Set User Id: user@pacbell.net%pop.pacbell.yahoo.com
POP server: localhost
Under SPAMPAL options/ports/properties select POP3
(specify server name) box and specify pop.pacbell.yahoo.com
on port 110
27. I get an error message saying port 110 in use,
what do I do?
Question:
I get an error message saying port 110 in use and the
help section suggest using port 1110 Where do I find
a list of port settings?
Answer:
A: SpamPal uses the following default ports:-
110 is the default for POP3, 143 for IMAP4.
Port 80 will be used for checking for updates (although
it will use a HTTP proxy if there's one specified in
IE and could use ports 80/8080/3128)
It uses Windows calls to make DNS queries, which probably
means either UDP packets sent on port 53 or TCP connections
on port 53.
You should be safe using 1110, 1111, 1112 and 1113.
In you need to daisy chain SpamPal with other things,
you can often use port 111, 112, 113 without any problems.
Some other port numbers most frequently used are:
110 POP3
25 SMTP
80 Webserver
21 FTP
23 Telnet
137-139 Netbios
143 IMAP
119 NNTP
389 LDAP
443 SSL
1503 Microsoft Net Meeting
5631 PC Anywhere
6667 and 7000 IRC
1080 Socks
These numbers tend to be "standards". The higher numbers
(above 1023) are a bit more open-ended.
A good list of usages can be found at:
http://www.iana.org/assignments/port-numbers
28. Using VPOP3 no messages are being filtered into
the correct mailbox
Question:
I use VPOP3™ (www.pscs.co.uk) with SpamPal and
have setup a filter as per the setup in the manual.
However, no messages are being filtered into the correct
mailbox, when using the X-SpamPal: PASS download rule,
in the dlrules.dat file?
Answer:
Make sure you are using a version of vpop3™ higher
than 1.4.6 beta
You can also change the download rule to:
+>spam%Redirect spam into the 'spam' mailbox
Subject: "**SPAM**"
29. VPOP3 download rules don't work correctly
Question:
When you use VPOP3 and download rules, it does not work
correctly as SpamPal (or RegEx) can not cope with the
TOP/RETR command order correctly.
Using VPOP3 only works correctly if "Use download rules" is
disabled?
Answer:
c2j2 has written an add-on to VPOP3 to fix the download
rules issue with VPOP3 and SpamPal
a) get RUBY (http://www.ruby-lang.org/en/) and install
it on the VPOP3 computer (putting the ruby-bin dir in
the path)
b) run the appended script as "exterrnal router" (it
assumes that the VPOP3Protect is installed, else uncomment
that line):
" ruby spamredirect.rb"
It redirects SPAM-Mails to a different mailbox (spam@combit.net),
which is being polled by another script that returns
the mails to the sender,
telling them that their mail is detected as possible
SPAM and that they need to add a certain word in the
body, if they want to re-send the mail, which will allow
the mail to pass (a word whitelisted in the RegEx plugin).
Ruby Program
-------------
DEBUG = !ARGV.empty?
SCAN_ACTIVE = DEBUG
if SCAN_ACTIVE
$MAILFILE = "routing.dat"
if DEBUG
$MAILFILE = "s:\\routing.dat"
end # if DEBUG
if ENV["RCPT1"] =~ /antispam_demon@/ # a reply to me?
puts "To: None"
exit
end
if ENV["SUBJECT"] =~ /^\(SPAM\)/
sContents = File.new($MAILFILE,"r").read
sFilename = "e:/spam-mails/" + Time.now.strftime('%Y-%m-%d
%H-%M-%S')
+ ".txt"
# open log file and issue date/time stamp
logfile = File.new('e:/spamredirect.log','a')
logfile.puts "------ <" + sFilename + >"
# dump header to log file
sContents.each do |sLine|
break if sLine.strip.empty?
logfile.puts sLine
end # sContents.each
# keep a copy in the special folder
File.new(sFilename,"w").write(sContents)
# redirect the mail
puts "To: spam@combit.local"
# done - don't pass it on!
exit
end # if SUBJECT...
end # if SCAN_ACTIVE
# chain to the VPOP3 protector
exec "d:/program files/vpop3/VPOP3Protect.exe", "infected" if
!DEBUG
30. I'm using XP's "switch user" feature
and port is already in use
Question:
I'm using XP's "switch user" feature with SpamPal but
when I switch users, SpamPal (not surprisingly) complains
that the port is already in use.
Answer:
Try using the SpamPal startup script on the Plugins download
page
http://www.spampal.org.uk/plugins.html
It checks whether SpamPal is running or not. If yes,
then it is not started, if not, it's fired up
31. How do I get YahooPops to work with SpamPal?
Question:
How do I get YahooPops to work with SpamPal?
Answer:
Set SpamPal to accept connections on port 112 (Options
-> Servers)
Set your email client to use:
1. myusername@yahoo.com@localhost as the username
2. my yahoo password as the password
3. localhost as the POP3 server
4. To connect to the pop3 server on port 112
A quick "diagram" of how everything is chained together:
Email Client (connect on 112) <-> (accept on 112) SpamPal
(connect on 110) <-> (accept on 110) YahooPops (connect
on 80) <-> (http server) yahoo.com
Note, if you change SpamPal to accept on port 112, you
must change all your email accounts to connect to the
server on port 112...not port 110 as this is where YahooPops
is listening (and it won't understand requests for anything
other than yahoo accounts).
32. How do I upgrade to a new version of SpamPal?
Question:
How do I upgrade to a new version of SpamPal?
Answer:
A1: No need to uninstall. Exit spampal first, i.e. right
click on pink (not purple, it only looks purple but it
is pink really) umbrella icon, select exit, then just
run the newly downloaded version and SpamPal does the
rest.
A2: Be careful moving from a beta to a non-beta version,
as you will lose all your current SpamPal settings
33. In advanced whitelist, what IP address range does
a network prefix notation use?
Question:
In the advanced blacklist/whitelist, what IP address
range will the network prefix notation,
80.196.0.0/15, use?
Answer:
This method to write down a network is also called CIDR
(Classless Inter-Domain Routing).
80.196.0.0/15 means addresses:
80.196.0.0 -> 80.197.255.255
These two sites have an online calulator:
http://www.csgnetwork.com/ipinfocalc.html
http://www.camtp.uni-mb.si/books/Internet-Book/IP_AddressCalculator.html
But for the more technical user - try to write it in
binary notation:
So, 80.196.0.0/15 means:
Network address (80.196.0.0):
01010000.11000100.00000000.00000000
Netmask (/15 means 15 x 1):
11111111.11111110.00000000.00000000
So this is the address range:
01010000.11000100.00000000.00000000
11111111.11111110.00000000.00000000 (AND)
====================================
01010000.1100010-.--------.-------- (network address; "-" indicates
host number)
Note: each "-" is a don't care, so it can be "0" or "1" for
the host number.
So in decimal notation it is
80.196.x.x (first "-" is "0") and
80.197.x.x (first "-" is "1").
Both addresses belong to the same network (the first "-" from
the left belong to the host number).
When you have "/14" then the first 14 bit belong to the
network address and 18 bit are used for the host number.
With the network mentioned about you have following networks:
80.196.0.0/14 means:
80.196.x.x (first two "-" are "00")
80.197.x.x (first two "-" are "01")
80.198.x.x (first two "-" are "10")
80.199.x.x (first two "-" are "11")
or in shorter notation:
80.196.0.0 -> 80.199.255.255
More infomation about CIDR (Classless Inter-Domain Routing)
can be found here:
http://public.pacbell.net/dedicated/cidr.html
34. How can I get popfile to work with SpamPal?
Question:
How can I get popfile (http://sourceforge.net/projects/popfile/)
to work with SpamPal?
Answer:
To make them work together is a bit of a fiddle. Try:
SpamPal listens on 110
PopFile listens on 111
In the email client, set up the following account:
Incoming Mail (POP3): 127.0.0.1
Incoming POP3 Port: 111 (i.e. POPfile)
Account Name: 127.0.0.1:myuserid@mypop.server.com
35. How do I get Hotmail, Yahoo or AOL to work with
SpamPal?
Question:
How do I get Hotmail, Yahoo or AOL to work with SpamPal?
Answer:
SpamPal should work with the above services, ONLY when
using a third party programs,
such as these below, or for more information, See
http://www.spampal.org.uk/webmail.html
HotMail™:
HotPOP3 is a NT service which acts as a proxy between
an HTTPMail server (MSN Hotmail)
and any POP3 email client.
http://sourceforge.net/projects/hotpop3
You can also use Foxmail, which is an email client that
has a built-in Hotmail proxy:
http://fox.foxmail.com.cn/english.htm
Hotmail Popper:
http://www.boolean.ca/
Yahoo™:
YahooPOPs! emulates a POP3 mail server and provides free
POP3 access to Yahoo!:
http://sourceforge.net/projects/yahoopops/
AOL2Pop acts as a POP3 and SMTP standard mail interface
for AOL e-mail accounts. AOL2Pop converts AOL mail into
a standard mail format. This means that AOL users can
retrieve their e-mail from their favourite e-mail client
(such as Microsoft Outlook, Eudora E-mail, Incredimail,
etc) instead of using AOL's proprietary mail interface:
Other:
Web2Pop: Web2Pop
You'll need to add "@localhost" to your POP3 username,
and change the POP3 port number (in the Advanced tab
of your account properties dialog) to whatever SpamPal
is using (it's in the servers tab of SpamPal's options
dialog). If SpamPal is using 110, you might need to add
a colon, then the port
number YahooPops is using, to your username, too.
An example setup of this would be:
Outlook account set to Port: 110, Spampal listens on
Port 110 and Web2Pop listens on Port 115
username: yourname@pop.mail.yahoo.com@localhost:115
incoming server: localhost
36. Does SpamPal work with an SSL email host?
Question:
Does SpamPal work with an SSL email host? As I'm getting
error message that says: The connection to the server
has failed. Account: '[acctname]', Server: 'localhost',
Protocol: POP3,
Port: 995, Secure(SSL): Yes, Socket Error: 10061
Answer:
You're going to need some sort of SSL Wrapper, in order
to get the current version of SpamPal to work with an
SSL host.
These links have info on how to setup a SSL wrapper called
Stunnel:
http://www.wurd.com/eng/setup/stunnel.htm
and
http://security.fi.infn.it/tools/stunnel/index-en.html
37. Error Message: There was a problem logging onto your mail server.
Question:
Q: I get the following error, when I click send/receive: There was a
problem logging onto your mail server. Your User Name was rejected. Account: ‘pop.myisp.com’,
Server: 'localhost', Protocol: POP3, Server Response: '-ERR Unable to
connect to POP3 server'
Answer:
Check that you've modified your username correctly - one common mistake
is in cases where your username is something like "fred", your POP3 server
is "pop.myisp.com" and your email address "fred@myisp.com" - in this
case you have to change your username to "fred@pop.myisp.com" and not "fred@myisp.com".
38. My ISP requires the pop3 username to be in the form username@isp.com
Question:
My ISP has a pop server called pop.isp.net but requires the username
to be in the form username@isp.com, how do I get this format to work
with SpamPal?
Answer:
Try using an % sign, ie. username@isp.com%pop.isp.net
39. The connection to the server has failed?
Question:
I’m getting the following error, when I try to check my mail: The
connection to the server has failed.
Account: 'pop3.xxxxxxx.net', Server: 'localhost', Protocol: POP3, Port:
110, Secure(SSL): No,
Socket Error: 10061
Answer:
Error 10061 is "connection refused". Make sure that SpamPal is running.
(There should be a
pink umbrella icon in the system tray.)
40. SpamPal times out on very large messages?
Question:
When I get a very large message, sometime SpamPal tries to fetch it but
then I receive an error, caused by a timeout from the server.
Answer:
A1: v1.07 fixes this, but only if you're not using a body-filtering plugin
like RegExFilter or BadWords.
A2: You can also get around it by disabling recent versions of SpamPal
from the system tray icon.
A3: Try increasing the server timeout on your email client.
In Outlook Express, for example, it's set to 1 minute by default, so
to change this:
Open Outlook Express.
On the "Tools" menu, click "Accounts", and then click the "Mail" tab.
Select your account, click "Properties'', and then click the "Advanced" tab.
Move the "Server Timeouts" slider to the right to increase Server Timeout
time.
Click "OK" and "Close".
41. I’ve downloaded a plugin but there is no plugin directory.
What do I do now?
Question:
I’ve downloaded a plugin but there is no plugin directory. What
do I do now?
Answer:
Just create it in SpamPal's installation directory. Or install the BadWords
or RegExFilter plugin using the auto-installing versions on the Plugins
page, which will create the plugin directory automatically. Otherwise
create the folder manually in %programFiles%\spampal
42. How do I change the location of the Configuration Directories?
Question:
How do I change the location of the Configuration Directories?
Answer:
SpamPal stores its configuration files in the user profile, or failing
that in it's own installation directory. Advanced users who wish to alter
this can do so by specifying an alternative directory on the command-line
using the -configdir switch.
For example: SpamPal.exe -configdir C:\myDir\mySpamPalConfigDir
If the specified directory does not exist, it will be created.
43. What setup do I use with WinGate proxy?
Question:
Q: We use a proxy server (WinGate) for internet access. Without using
SpamPal, I fill in the fields,
for my email client (The Bat) like this:
server: servinet
username: mymail@mail.com#pop.mail.com
password: *******
How do I fill in these fields for successful use of SpamPal?
Answer:
Try using the following format:
server: localhost
username: mymail@mail.com#pop.mail.com%servinet
44. I am sometimes not able to receive mails with Mozilla and SpamPal
Question:
I am sometimes not able to receive mails with Mozilla and SpamPal, No
errors are given.
Mozilla just indicates it is connecting in the status bar but that's
it.
Answer:
Mozilla will normally work with SpamPal, however, try using SpamPal with "Mailservers
specified in SpamPal" instead of "Mailservers specified in POP3 usernames".
45. Where I can find out more on how to configure SpamPal?
Question:
Where I can find out how more information, on how to configure SpamPal,
including my Email client?
Answer:
Try looking at the online manual, which is located here:
http://www.spampal.org.uk/manual/
46. How do I setup SpamPal for Multi-Users?
Question:
I installed SpamPal as the Administrator on a Win 2000 Portable. At my
offices, I have to log into a domain. So I have several users set up
depending on where I am. How do I get SpamPal to work for each user profile,
using the same SpamPal settings as the Administrator?
Answer:
You need to change the location of the Configuration Directories. So,
change your SpamPal shortcut(s), for all users, for example, to be:
SpamPal.exe -configdir C:\spampal
In that way, when SpamPal starts up under the different users, including
the Administrator, they all
get the settings from the SAME directory
47. My mail program says "server not found"?
Question:
My mail program says "server not found"?
Answer:
Check that you have changed the incoming POP3 server setting in your
mail program to "localhost" and that the port is 110 (unless SpamPal
told you it should be otherwise, in which case make sure it's the value
SpamPal gave you.)
You could also try changing "localhost" to 127.0.0.1
48. SpamPal says it can't find my mailserver!
Question:
SpamPal says it can't find my mailserver!
Answer:
Check that you've added your mailserver to your username correctly. Make
sure you've got the name of the mailserver right - and if you weren't
told it uses a non-standard port, the name shouldn't contain a colon
followed by a port number.
Netscape and some other elderly mail programs don't allow @ characters
in the username - but SpamPal will recognise a % instead.
49. I've installed SpamPal and now I can't send email!
Question:
I've installed SpamPal and now I can't send email!
Answer:
When you install SpamPal, you have to change the username that's sent
to your incoming mail (or POP3) server. However, some mail-clients will
use the same username for the outgoing mail (or SMTP) server. Obviously,
your outgoing server needs to see your original username, while your
incoming server needs your modified-for-SpamPal one.
Have a look in your mail program's configuration to see if you can set
the username for your outgoing mailserver separately. The setting may
be in a different tab, or in an "Advanced" dialog.
50. SpamPal gives me regular "unable to resolve server name" errors!
Question:
SpamPal gives me regular "unable to resolve server name" errors when
I'm not even online!
Answer:
Most probably, your mail client is still trying to check your mail even
when you're offline. Normally this fails (because you're offline), and
it keeps quiet about this and doesn't tell you. However, now you're using
SpamPal your mail client manages to connect to SpamPal but then can't
connect to your server (because you're offline).
The solution is to call up the Servers pane of the "Options" dialog and
choose to suppress the "unable to resolve server name" error message.
51. Some non-spam mail has been filtered into my spamtrap folder.
Question:
Some non-spam mail has been filtered into my spamtrap folder.
Answer:
Sadly, in any filtering system there will be some false positives. If
it's just one or two, try adding the senders of those mails to your whitelist.
Alternatively, have a look at the X-SpamPal: header to see what I.P.
address is causing the message to be tagged as spam, and add that address
to the Advanced Whitelist.
52. Lots of non-spam mail has been filtered into my spamtrap folder
Question:
Lots of non-spam mail has been filtered into my spamtrap folder
Answer:
If all the non-spam mail in your spamtrap is from the same ISP, consider
adding the ISP to your whitelist or the ISP's netblocks to your Advanced
Whitelist.
Otherwise, have a look at the X-SpamPal header and see which list is
doing the blocking. If most of the wrongly-spamtrapped mails were caught
by the same list, it could be that that list is too aggressive for your
needs. Try disabling it from the Options dialog.
53. All my non-spam mail has been filtered into my spamtrap folder!
Question:
All my non-spam mail has been filtered into my spamtrap folder!
Answer:
If everything you haven't whitelisted is ending up in your spamtrap folder,
there could be a number of causes...
Your own ISP is on a DNSBL list. Have a look at the X-SpamPal header
to see which list is causing the inappropriate tagging. Call up the Options
dialog, find the list with that code, go to it's website and there should
be some way of checking if a given I.P. address is on the list. Enter
the I.P. address from the X-SpamPal header and see what it says. If it's
on the list, there are a number of possible solutions. You could simply
uncheck that list in the Options dialog. Alternatively, you could add
the I.P. address given, or even better all of your I.S.P.'s netblocks,
to the Advanced Whitelist.
However, although this will stop SpamPal tagging all your mail as spam,
the listing will prevent millions of email users all over the world from
receiving your email. You should contact your ISP. about the listing,
and if it doesn't get cleared up quickly you might want to consider getting
a new ISP.
A DNSBL list might be misconfigured. Occaisionally, usually after a DNSBL
list dies, it might start claiming that everything is on the list. Sometimes
this is done to stop people using the now-dead list, other times it is
just an accident. In this case, there will probably be a message on the
offending list's website - or the website itself might be dead. The solution
is simple - just uncheck the list in question in the Options dialog.
There might be a mistake in your blacklist. If the X-SpamPal header identifies
that the tagging is caused by your personal blacklist (BLIST FROM) or
your advanced blacklist (BLIST ), you should find and correct
the problem entry in your offending blacklist. Take special care with
wildcards in the normal blacklist, and when describing netblocks in the
advanced blacklist.
Your mail filter might be wrongly configured. If there's anything with
the X-SpamPal: PASS header in your spamtrap folder, you've configured
the filter in your mail program wrongly. Go back and correct it!
54. SpamPal is hardly catching any spam.
Question:
SpamPal is hardly catching any spam.
Answer:
Firstly, the obvious possibilities: check that your filter in your mail
program is correct, and that you do actually have some DNSBL lists checked
in the Options dialog.
Otherwise, it could well be that your ISP is already filtering your mail
based upon the DNSBL lists you have chosen. So lots of spam mail is refused
by your ISP before it even gets to SpamPal. You could try selecting some
alternative DNSBL lists.
Future versions of SpamPal will include different types of filters that
will catch more spam.
55. Lots of spam is getting passed with the header PASS TIME-OUT
Question:
Lots of spam is getting passed with the header PASS TIME-OUT
Answer:
Seeing PASS TIME-OUT in the X-SpamPal header line means that one or more
DNSBL queries timed out while this message was being processed. This
means that SpamPal got tired of waiting for a DNSBL service to respond,
and decided to pass your message anyway.
If you see this message a lot, you could try increasing the time-out
period from the Advanced pane of the options dialog. This will slow down
mail fetching, however, as SpamPal will wait longer before timing out.
A future version of SpamPal will incorporate more efficient querying
of DNSBL services, which should mean less time-outs.
56. SpamPal makes fetching my mail very slow.
Question:
SpamPal makes fetching my mail very slow.
Answer:
Initially, SpamPal has to check every single mailserver that every single
email message passed through against the DNSBL services, in order to
see just what is spam and what isn't. However, after a week or so of
regular use, the Automatic Whitelist will start to contain the email
addresses and mailservers from which you receive most of your mail, and
these won't have to be checked anymore. Thus, as you use it. the speed
of SpamPal should improve.
57. I installed SpamPal but it downloaded all my old messages!
Question:
I installed SpamPal but it downloaded all my old messages!
Answer:
If you are using a "Leave Messages On Server" (or similar) option in
your mail program, then the first time you use SpamPal your mail program
may well forget which messages you have already seen and download them
all again. This cannot be avoided, but will only happen the once.
|
| SpamPal
- E-Mail-Client Configuration and Rules |
58. I
cannot change the POP3 server with Outlook Express as
it's greyed out!
Question:
I tried to change the POP3 server, to localhost with
Outlook Express, but the servers are greyed out?
Answer:
Sometimes ISP's (when you use their setup program) grey
out the server section to stop users changing things
by accident.
Answer 1:
Make you sure you are looking at the right box.
In OE, when you go into the properties of the mail account
and look at the servers tab, the first line reads:
My incoming mail server is a [ PO3 ] server
You cannot change the value in this box, despite it looking
like you should be able to.
The next line down,
Incoming Mail (POP3): [localhost]
is the one you need to change.
Answer 2:
The simple way around this problem is to create a new
account in Outlook Express,
Tools -> Accounts -> Add
then put in the properties you want:
use 127.0.0.1 or localserver instead of the Freeserve
server in the incoming pop mail, etc, and call it "My
Mail via SpamPal".
Then if you go into Properties/General page for your
original account, you can untick the box which says "Include
this account when receiving mail or synchronising".
Answer 3:-
open notepad and copy the following lines into it:
[Outlook_Express_Global]
Read_Only=0
Disable_Account_Access=0
Go to File --> Save As (to your desktop)
Filename: noread.ins
Change Filetype to: All files(*.*)
Click Save
If all has gone to plan you will have a new file on your
desktop called noread or noread.ins with a green background
and a cusor in it.
Double click this and it will say it is making changes
to your internet settings.
Click OK.
You will now be able to edit your mail settings.
59. I have been receiving duplicate messages in my
inbox?
Question:
I am running Outlook 2002, XP, on a local network with
a W2K server has my connection to the net. SpamPal is
running on my XP box.
I have been receiving duplicate messages in my inbox.
Messages marked as Spam is not being duplicated. Any
ideas?
Answer:
Double check your Outlooks rules and email accounts for
duplication.
60. I use Eudora 5.2 and cannot get it work with SpamPal
Question:
I use Eudora 5.2 and cannot get it work with SpamPal?
Answer:
Firstly read the manual, paying close attention to the
text in the green boxes:
http://www.spampal.org//usermanual/clients/eudora/eudora.html
Also check that in your personality (account) properties
dialog, turn to the Incoming page.
Now set the server to "localhost" or "127.0.0.1" (without
the quotes).
You may also need to edit eudora.ini:-
Eudora uses "eudora.ini" ini file to hold settings. The
file is located in Eudora's main installation directory
("C:\Program Files\Qualcomm\Eudora" for example). If
you manually (using notepad or another plain text editing
tool) add these lines
POPPort=xxx
SMTPPort=yyy
(replace XXX and YYY with some number)
into [Settings] section the Eudora will use XXX port
when it is starting a POP3 session and port YYY when
it is starting a SMTP session.
Note: the big disadvantage of the settings mentioned
above is the port settings are global options. It looks
like there is no way how to change the port numbers for
one selected account. So it means if you change POP3
port number all defined accounts will download the messages
using the new POP3 port value
61. I use Eudora 5.2 but after setup with SpamPal,
I cannot send emails
Question:
I use Eudora 5.2 and have two email accounts. Downloading
emails went fine, but now I'm trying to send an email
to someone I get an error message when trying to send
it, saying '550 Unable to relay for ***@planet.nl'
Answer:
In your Eudora profile(s) : check the settings for "SMTP
Server Outgoing" and make sure you have different
outgoing server names, that match each of your isp's
smtp servers
eg:-
SMTP Server Outgoing : mailhost.hetnet.nl
SMTP Server Outgoing : mail.somewherelse.com
62. Why don't my Outlook filters work?
Question:
Why don't my Outlook filters work.. SpamPal seems to
tag the spams but the tagged messages are not always
moved to the Spams folder. I even tried uninstalling
SpamPal but that doesn't fix the problem.
Answer:
A: Regardless of which folders mail ends up in, if some
of the mail being marked with SPAM in the subject line
then it means that SpamPal is working fine, and uninstalling
and reinstalling it isn't going to make it work any better.
If SpamPal is tagging subject lines then SpamPal is working
fine and the problem, therefore,
lies only in the filtering rules you've set up in your
mail client.
A1: If you are using Outlook 2002, make sure you are
using the latest version, including all the service packs.
It seems that Service Pack Two (SP2) fixes problems with
filters (see
http://www.slipstick.com/outlook/ol2002sp2.htm
for more information)
You could also try turning off the automatic downloading of mail and
do it manually.
A2: Try using only one filter it as all possible, or if you need to use
other filters, try using the following
rule, as the first rule to be processed (or even as the last:):
Apply this rule after the message arrives
Where the Subject line contains '**SPAM**'
Move it to the SPAM folder
and Stop processing more rules
A3: If you're using Outlook's built-in Junk-Email filter, try tuning
this feature off, otherwise it will try to move spam, into it's own junk
folder (or delete it without you seeing it.)
As SpamPal probably does a better job anyway, turning off Outlook's Junk-Email
filter, will also speed things up, especially if you had previously setup
a large number of (pre-SpamPal) Junk filters.
63. How can I put all those different senders of mailinglists into
the whitelist
Question:
How can I put all those different senders of mailinglists into the whitelist
Answer:
Mailinglists have the problem of many different participants with always
changing sender addresses. Instead of adding all adresses one by one
to the whitelist you can add the REPLY-TO address of the mailinglist.
The header line REPLY-TO describes the address to which replying postings
are sent.
64. Using Pegasus and SpamPal, some of my sent emails have not been
received?
Question:
Using Pegasus and SpamPal, some of my sent emails have not been received?
Answer:
You need to check the "Use the email address I supplied for SMTP envelope" in
Pegasus' Internet options, under the "SMTP (outgoing)"
See the following, for more details:-
http://groups.google.co.uk/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=9v0ukb.3utkn1l.1%40nautilus.ruge-online.de&rnum=11&prev=/groups%3Fq%3Dpegasus%2Blocalhost%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D10%26sa%3DN
http://groups.google.co.uk/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=3a3bf018.16817196%40news.demon.co.uk&rnum=34&prev=/groups%3Fq%3Dpegasus%2Blocalhost%2Bgroup:comp.mail.pegasus-mail.ms-windows%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26start%3D30%26sa%3DN
65. Is there anyway to use Spampal to mark existing messages in my
Outlook Inbox?
Question:
Is there anyway to use Spampal to mark existing messages in my Outlook
Inbox, as spam?
Answer:
Sorry, SpamPal cannot do that.
Also as DNSBLs are dynamic, an IP that was listed on SpamCop or Spews
three months ago, might not be listed today, (and vice versa).
66. Using Spampal and Pegasus. Spampal claims not to find a valid
server address
Question:
I am using Spampal and Pegasus Mail. Spampal claims not to find a valid
server address.
Answer:
Pegasus is having a problem with the @ symbol
Try using a % instead, e.g. username%127.0.0.1
67. My Outlook message rules won't work
Question:
I have two rules in OE6
1. If subject contains **SPAM**, then delete from server
2. if subject contains BODY**, then move to foder "Spam"
The first rule is fine but the second NEVER works, the (Bodyspam) mail
goes to my inbox.
Any cures?
Answer:
Try swapping the order of the two rules around
68. SpamTrap folder keeps disappearing in Outlook/Outlook Express
Question:
In Outlook and Outlook Express, why does my spamtrap folder disappears
every time I boot up?
Answer:
If you create your spamtrap folder as a sub-folder of the Deleted Items
folder, it gets deleted every time Outlook starts up. You should create
your spamtrap folder at the root of the tree, or within a folder other
than Deleted Items.
69. I am using The Bat! and I keep getting old emails back from the
server?
Question:
I am using The Bat! with periodical mail checking and 'leave messages
on server' option enabled.
After I disconnect from the net, The Bat! tries to get new mail from
the server (periodical checking). Later, when I reconnect to the net,
The Bat! then downloads all the *same* messages again.
Is there any way to work around this problem?
Answer:
Make sure the "suppress connection errors" option is enabled in SpamPal
and use SpamPal (beta version) 1.09 (or later) to fix this problem.
70. How do I create a pop3.log error log for Forte Agent?
Question:
How do I create a pop3.log error log for Forte Agent, to help with troubleshooting?
Answer:
The Agent debug log file ("agent.log" in your Agent data directory) is
controlled by the menu options
Online -> Debug Log to AGENT.LOG
Online -> Debug Log Options
If those two menu items are not there, then
* dismiss the "Online" menu,
* press Ctrl+Shift+D,
* pull down the "Online" menu again.
71. How do I create a pop3.log error log for Outlook Express?
Question:
How do I create a pop3.log error log for Outlook Express, to help with
troubleshooting?
Answer:
These links are useful:
How to Create a Pop3.log File for Outlook Express:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q176548
How to Enable and Interpret the Pop3.log File:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q155515&
72. How can I hide the SpamPal Icon in system tray?
Question:
How can I hide the SpamPal Icon in system tray?
Answer:
Try using SpamPal (beta version) 1.09 (or later) and use the command
line:
-trayicon
to disable the SpamPal Icon.
73. I have a rule in OE6 that doesn't work when using the UrlBody
plugin
Question:
I have a rule setup in OE6 which says, "if it is marked **SPAM**, do
not download it". When
using the UrlBody plugin, the rule doesn't work?
Answer:
If you're doing doing this kind of filtering with OE6, then what happens
is this:
* OE requests a preview of the message headers
+ SpamPal examines the message headers, and adds **SPAM** if the headers
contain anything that indicates spam.
* If not, OE requests the full message
+ SpamPal examines the message headers and body, and adds **SPAM** if
the message contains anything that indicates spam.
Because SpamPal is a client-side spam-filter, there is (obviously) no
way for SpamPal to filter on the message body without first downloading
it.
You could, of course, create a second rule in OE to delete locally any
spam caught by UrlBody,
ie. "If you find BODY**, then file under the folder SPAM."
74. How do I create a pop3.log error log for Mozilla?
Question:
How do I create a pop3.log error log for Mozilla, to help with troubleshooting?
Answer:
How to setup POP, NNTP, SMTP Protocol Logs in Mozilla:
http://www.mozilla.org/quality/mailnews/mail-troubleshoot.html#pop
75. When using rules, SpamPal tagged messages with attachments aren't
deleted
Question:
I’ve setup a rule in Outlook Express to delete any SpamPal marked
messages with attachments but nothing is happening
Answer:
Outlook Express needs to download the entire message in order to check
whether it includes an attachment, so, It appears that the "Delete from
server" rule will only work when triggered by something
in the header, not the message or attachment.
Apply this rule after the message arrives
Where the Subject line contains '**SPAM**' and
Where the message has an attachment
Delete it from server
Therefore if you use the above rule will NOT work, instead, If you setup
the following filter, then all Spam messages will be deleted:
Apply this rule after the message arrives
Where the Subject line contains '**SPAM**'
Delete it from server
76. My Outlook Express rule won't move Spam to the Spam Folder?
Question:
My Outlook Express rule won't move Spam to the Spam Folder?
Answer:
If you have more than one message rule setup, try moving the rule for
SpamPal, to be the first rule in the list that is run.
|
| SpamPal
- Filters |
77. My
bigfoot email address is marked as spam, how can I stop
this?
Question:
I use a "Bigfoot for life" e-mail address which redirects
all
e-mail to the address provided by my ISP.
When I receive an e-mail, its From: and X-From_: fields
always contain the sender's true address.
However, one of several Received: fields always contains
this text:
from [64.15.239.131] (helo=bigfoot.com)
with the result that SpamPal always flags the e-mail
as spam, thus:
X-SpamPal: SPAM SPCOP 64.15.239.131
Can SpamPal be configured to ignore the address 64.15.239.131,
*but* also continue to scan the From: and/or X-From_:
fields, so that e-mail redirected by Bigfoot is neither
always classified as spam nor always allowed through
without question?
Answer:
Yes, just add that IP number to the whitelist.
Go to SpamPal options, Whitelist, click on advanced whitelist
and add a line such as
#Bigfoot
64.15.239.131
If Bigfoot uses a range of IPs you can use wildcards
etc, eg
64.15.239.*
whitelisting the IP number means SpamPal does doesn't
check that number, but it will still check other IPs
found in the mail.
78. Why am I getting a lot of spam with A-WLIST headers
Question:
Why am I getting a lot of spam with headers in the email:-
X-SpamPal: PASS A-WLIST FROM
Answer:
A1: A-WLIST is the abbreviation for "automated whitelist".
Go to the options window and look at the auto-whitelist
tab.
After x days an address gets listed on the auto-whitelist.
You should check those listings regularly because they
might contain spammers which haven't been moved to the
blacklist, yet.
A2: If you're using the whitelist extender plugin, the
recipient address of an mail will also be checked against
the auto-whitelist.
If your own email address is on the auto-whitelist, this
would whitelist any spam that was sent with your email
address in the To: field.
A3: Try the latest beta version of SpamPal, as it includes
the following two extra headers:
X-Blist-Pattern:
X-Wlist-Pattern:
which will explain the reason why a message was black/whitelisted
79. Mail coming from PayPal is being marked as Spam
Question:
I have mail coming from PayPal[payment@paypal.com] being
marked as Spam, for example:-
X-SpamPal: SPAM SPBAG 65.206.228.75
How can this be stopped.
Answer:
These are caused by the "SpamBag" dnsbl list.
You could deselect SpamBag, but alternatively, adding
the following to the "Advanced Whitelist" will sort out
the problem:
65.206.228.0/24
80. Some of my spam is passing through the filters
and being accepted.
Question:
Some of my spam is passing through the filters and being
accepted. The email header reports:
X-SpamPal: PASS DISABLED
Answer:
Might be worth double checking, these two options in
the "Advanced" pane of the Options dialog: Don't filter
mail at all & Don't filter mail on automatic whitelists
Also Recent versions have a "Disable" menu item right
above "Exit" on the tray menu, so it can be easy to select
it by mistake, you'll know if this happens as the tray
icon will turn grey.
81. Many spammers use subdomains, how can I setup
a wildcard to block them?
Question:
Many of the Spammers have taken to using subdomains,
how can I setup a wildcard blacklist,
to block them?
Answer:
You can use *.domain.com or *@mail*.domain.com
82. Why is an email address not being added to my
AutoWhitelist?
Question:
Why is an email address not being added to my AutoWhitelist?
Answer:
A1: Check the email address isn’t already in the
normal whitelist
A2: If using the RegEx plugin, check in your filters.dat,
that a whitelist filter hasn’t been setup
for that address/mailing list, as the auto whitelist
is only for email addresses not whitelisted elsewhere.
83. How do I whitelist EBay addresses?
Question:
I put things on eBay, but SpamPal keeps saying messages
from them is spam. These messages are important like
questions from buyer, verification of wins of items,
etc. I don't know what email address to put on the whitelist
Answer:
In your whitelist you can use wildcards, like the following
examples:
*@ebay.com (which means don't mark any ebay user as spam)
4sale@ebay.com (which means only whitelist the ebay user:
4sale)
84. I am a subscriber to more than a few yahoo groups,
how do I whitelist them?
Question:
I am a subscriber to more than a few yahoo groups. The
problem is that when you receive a post from yahoogroups,
it doesn't put forum@yahoogroups.com in the From: header,
therefore the whitelist feature doesn't work. How do
I get around this problem?
Answer:
A1: If you look at the headers of your mailing list,
hopefully, there will be a common Reply-To: field which
you should be able to add the field into the whitelist,
eg: Reply-To: spampal-announce@somewherehot.us.
Note: that the whitelist can only contain email addresses,
which it checks against the From:,
Reply-To: and Sender: headers.
A2: A better solution would be to use the RegExFilter
plugin and add the following line to the default rules:
+=To: {.*@yahoogroups.com}[Pass all Yahoogroups posts]
A3: You may also find that all the mailings are received
from the same IP number, (the host machine of the mailing
list) so you can therefore whitelist the IP number
85. A Spam email, with my whitelisted From address
was marked as spam?
Question:
I received a spam email that looked like it actually
came from me, that is:
From me@isp.com
To me@isp.com
As the email address me@isp.com is in my white list,
it wasn't marked as spam, how can this be avoided?
Answer:
The only real way not to get caught by this, is not to
whitelist yourself or perhaps just use the auto whitelisting
of IP numbers only.
|
| SpamPal
- Virus scanners and Firewalls |
86. Is
SpamPal infected with the SDBOT trojan?
Question:
Moosoft's The Cleaner reports that SpamPal is infected
with the "SDBOT" trojan. Is this true?
Answer:
Moosoft's "The Cleaner" virus-scanning tool detects the
SDBOT trojan in recent versions of the SpamPal executable.
As far as I can tell, this is a false report; no other
virus scanners have found this virus in these versions
of SpamPal, and SDBOT is spread by IRC which has never
been used on the computer that SpamPal is created on.
Moosoft have been updated their software. Please, get
the latest version of the main program and the data to
get rid of that irritating warning.
87. How do I setup Spampal and Norton Internet Security
2003?
Question:
How do I setup Spampal and Norton Internet Security 2003?
As I have just installed SpamPal but can only get it
to work, if I disable my Norton Internet Security.
Otherwise I get the following message from SpamPal:
" Unable to connect to pop3 server pop.wanadoo.fr port
110 (error 10065) Check that server name and port are
correct and that internet connection is active
Answer:
From the Internet Access Control options page:
Click "Add..."
Browse to and select SpamPal.exe
Choose "Customise internet access for this application"
You will need two rules.
Rule 1:
Click "Add"
On the tab pages:
Action, select "Permit internet access"
Connections, "Connections to other computers"
Computers, "Any computer"
Communications, "TCP and UDP" & "Only the type of communication
or ports listed below". Then add port 110 (POP3).
Tracking, up to you (I don't use any).
Description, up to you, I use "SpamPal Outbound POP3"
Then click "OK"
Rule 2:
Click "Add"
On the tab pages:
Action, select "Permit internet access"
Connections, "Connections from other computers"
Computers, "Only the computers and sites listed below" and
add "127.0.0.1"
Communications, "TCP and UDP" & "All types of communication"
Tracking, up to you (I don't use any).
Description, up to you, I use "SpamPal Inbound localhost"
Then click "OK"
88. PC-Cillin virus checker loses the account settings
Question:
When I update my PC-Cillin virus checker files my configuration
of my email client's account get's jumbled.
Ie. I get "@localhost" back in the POP3 section and my
ID now has username@pop-server\127.0.0.1.
Why is Outlook taking my POP3 127.0.0.1 and sticking
it on the end of my user name?
Answer:
In your email client, you should have the pop3 server
setup as xxxxxx@localhost.
Try changing the setup to: xxxxxx@127.0.0.1
89. Why does Zone Alarm ask for server rights?
Question:
Why does Zone Alarm ask for server rights?
Answer:
SpamPal should only ask for local server rights (unless
you've altered the "I.P. configuration" dialog)
ZoneAlarm is just mistakenly reporting this to the user,
as a request for Internet access.
90. Using NOD32 and SpamPal together, the email transfer
rate is slow
Question:
I use TheBAT and NOD32 antivirus together with SpamPal.
Without Spampal the e-mail transfer rate is around 300-400
kb/s.
However, if I enable SpamPal it stalls most of the time
and I get 1 kb/s.
Answer:
As a test, disable NODS32's e-mail checking system (IMON),
as some users have reported that running IMON, will slow
down the transfer rate.
91. How do you get Spampal to work with Trend PC-Cillin?
Question:
How do you get Spampal to work with Trend PC-Cillin?
Answer:
Those instructions were written for PC-Cillin 2000, but
may be relevant for later versions:
1) Configure SpamPal to run on a different port from
110 using the "servers" pane. Any port number should
work; 1110 is as good a choice as any.
(2) Setup PC-Cillin to protect your email accounts. Check
it's working!
(3) For each account, add "%localhost" to the end of
your username (called "Incoming Mail Server Account name" by
Outlook Express).
(4) For each account, set the POP3 port number to whatever
one you told SpamPal to use in Step 1 (probably 1110).
You're using Outlook Express so this is quite easy; it's
close to the top of the "Advanced" properties tab and
called "Incoming mail (POP3)", below the heading "Server
port numbers".
92. PC-Cillin virus checker loses the "@localhost" tag
Question:
The latest beta of SpamPal gets confused when I update
my PC-Cillin virus checker files and loses the "@localhost" tag
(even though it shows up in the server settings).
Answer:
In your email client, you should have the pop3 server
setup as xxxxxx@localhost.
Try changing the setup to: xxxxxx@127.0.0.1
93. I'm using Zone Alarm with SpamPal and I find that
sometimes I have problems!
Question:
I'm using Zone Alarm with SpamPal and I find that sometimes
I have problems collecting my email.
I tried running SpamPal with with Zone Alarm turned off
and it connected every time
Answer:
Try changing Zone Alarm settings to "allow server" (or "pass
lock") to improve things
94. ZoneAlarm™sometimes reports a log entry
for SpamPal
Question:
I have SpamPal running quite happily, in conjunction
with ZoneAlarm™ (V2.6) but sometimes get a log
entry in ZoneAlarm™ which says:
from {My Client IP Number} [TCP Port 3867] to {My Server
IP Number} (POP3) [TCP Flag S]
User: xxxxx Program: SPAMPAL.EXE Time: 07/10/02 10:05:32
Answer:
Try using OutPost™ Firewall - Free Version:
http://www.agnitum.com/download/outpostfree.html
95. My firewall says SpamPal is trying to connect
to the Internet!
Question:
My firewall says SpamPal is trying to connect to the
Internet!
Answer:
Normally, your mail program will fetch your email. However,
when you're using SpamPal, SpamPal fetches your email
and passes it on to your mail program; in order to do
this, SpamPal needs to be able to connect to the Internet.
SpamPal will also connect to the Internet to check for
new versions of itself, and to update the list of DNSBL
services. Both of these are done with no personal data
being transmitted.
However, it you don't like the idea of SpamPal
"
phoning home", you can disable these features from the
Updates tab of the Options dialog.
96. SpamPal gives me "No such file or directory" errors
Question:
SpamPal gives me "No such file or directory" errors
Answer:
This could be due to Tiny Personal Firewall blocking
write access to configuration data. Try disabling your
firewall as a test, and if the error vanishes try tweaking
your firewall configuration to give SpamPal full file
access.
97. SpamPal froze while I was trying to download my
mail!
Question:
SpamPal froze while I was trying to download my mail!
Answer:
Are you using ZoneAlarm? There seems to be an issue when
you're using ZoneAlarm and SpamPal on a Windows 2000
machine. The problem only occurs for certain email messages,
and is probably related to ZoneAlarm's anti-virus features.
You can get around this problem by disabling either ZoneAlarm
or SpamPal to retrieve the offending message, then re-enable
them. For a full-time solution, you should switch to
an alternative firewall such as Outpost or Tiny Personal
Firewall.
|
| Plugins
- BadWords - General Questions |
98. What
is the plugin BadWords for?
Question:
What is the plugin BadWords for?
Answer:
A simple example plug-in designed to combat porn-spam.
Messages containing any "bad" words are automatically
tagged as spam; the list of "bad" words can be modified
by the user. Very crude, and probably makes lots of mistakes.
Author: James Farmer
|
| Plugins
- Bayesian Filter - General Questions |
99. Using
the Bayesian plugin, everything is being marked as spam?
Question:
Currently I have the Bayesian filter in learning mode
so it doesn't actually flag anything as SPAM yet.
The problem is that after a few days time I starting
looking at the headers of my incoming mail and it appears
that everything would be flagged as spam.
The value for most email's is getting set to 99-100.
Am I doing something wrong??
Answer:
You will have to "teach" the plugin what is spam/clean
by opening the plugin window (right click on SpamPal
trayicon) and telling Bayesian what each email is
100. Will the Bayesian plugin work with the HTMLModify
plugin?
Question:
Will the Bayesian plugin work with the HTMLModify plugin?
Answer:
Message rewriting will take place after message filtering
(so that spam messages can be rewritten in different
ways to normal messages), so Bayesian and HtmlModify
shouldn't have any problems in coexisting.
101. How long does a typical Bayesian teaching mode
last? Days, weeks?
Question:
How long does a typical Bayesian teaching mode last?
Days, weeks?
Answer:
Time is not as important as number of emails.
It needs at least 100 clean and 100 spam.
The methodology of bayesian filtering means that the
more it sees, the better it will be.
102. Can a Bayesian filter be taught to detect virus
attachments?
Question:
Can a Bayesian filter be taught to detect virus attachments
as well as detecting spam?
Answer:
It won't detect a virus as it ignores attachments. Although
if there is a regular text heading (like the "I Love
you" worm) it will pick that up.
You could also add a line in wordlist.dat like:
iframe, 100, 0, 0.99999999, 2147483647
(The large number on the end is a timestamp in the future
which would stop the word count ever decaying)
And removing iframe from the ignore list (possible from
the configuration window in the upcoming release).
103. Can wordlist.dat from one computer, be copied
to another?
Question:
To make wordlist training quicker, can a wordlist.dat
from one computer, be copied to another?
Answer:
There is nothing computer-specific in the wordlist.dat
so it will work on any computer.
But you won't get *exactly* the same filtering performance
on another computer as some of the words in the list
will be your email address(es) and servers which may
be different on each machine.
Although the difference in accuracy will only be a fraction
of one percent
104. How do I tell when Spampal crashes, if it's a
SpamPal crash or a Bayesian crash
Question:
How do I tell when Spampal crashes, if it's a SpamPal
crash or a Bayesian plugin crash?
Answer:
If the error message mentions "Microsoft Visual C++" then
it's a problem with Bayesian, If not, it's a problem
with SpamPal
If it's a problem with the Bayesian plugin, please send
the log file that was active when the crash happened
and a description of what was happening (if possible)
to tim.attwood at i-r.co.uk.
The log is located here:
Windows XP:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 2k:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows NT: C:\WinNT\Profiles\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 98:
C:\Windows\Application Data\SpamPal\plugins\bayesian\
Windows 95:
C:\Program Files\Spampal\config\plugins\bayesian\
where $account$ is the username you logged into windows
with. The log will be named logYYYYMMDD.txt where:
YYYY = Year
MM = month
DD = day
105. Does my wordlist.dat get deleted every time a
new version is installed?
Question:
Does my wordlist.dat get deleted every time a new version
is installed?
Answer:
No. The wordlist in C:\Program Files\SpamPal\Bayesian
gets overwritten,
but your "user" version does not.
The "user" version is stored in the following locations:-
Windows XP:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 2k:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows NT: C:\WinNT\Profiles\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 98:
C:\Windows\Application Data\SpamPal\plugins\bayesian\
Windows 95:
C:\Program Files\Spampal\config\plugins\bayesian\
106. On installing a new version of the plugin, I'm
asked to restart the computer
Question:
On installing a new version of the plugin, I'm asked
to restart the computer. Why?
Answer:
This is usally only needed, if SpamPal was running when
you installed the new version.
If so, the installer would not have been able to overwrite
the old version of the program
because SpamPal would have had the old plugin dll "open".
107. What is a Bayesian Spam Filter?
Question:
What is a Bayesian Spam Filter?
Answer:
It's a 'new' method for detecting spam, without using
the usual DNSBL's or blacklist/whitelists. See:
http://email.about.com/library/weekly/aa100702a.htm
and
http://www.paulgraham.com/spam.html
for more details
108. Does the Bayesian plugin learn from whitelisted
emails?
Question:
Does the Bayesian plugin learn from whitelisted emails?
Answer:
By default the plugin doesn't learn from whitelisted
emails.
Basically,say You hate spam but you want to stay subscribed
to one special "get rich quick"
mailing list that you feel will help make you a millionaire.
If the words from these emails
(e.g. business, money, affiliate etc., etc.) are added
to the database as "clean" then it
makes it more likely that other spam is marked as clean.
However, there is an option to "learn from whitelisted
emails" in the plugin options page.
109. How exactly does the "word expiry" option
work?
Question:
How exactly does the "word expiry" option work?
Answer:
If a word has not appeared for X days (word expiry),
the number of times the word has
appeared (spam & clean) is decremented once per day until
they reach zero.
When they both reach zero the word is removed from the
database.
110. How do I get the plugin to ignore certain words?
Question:
How do I get the plugin to ignore certain words?
Answer:
The latest versions have a file called ignore.dat that
allows you to specify words to ignore.
The location is ignore.dat is located here:-
Windows XP:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 2k:
C:\Documents and Settings\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows NT: C:\WinNT\Profiles\$account$\Application
Data\SpamPal\plugins\bayesian\
Windows 98:
C:\Windows\Application Data\SpamPal\plugins\bayesian\
Windows 95:
C:\Program Files\Spampal\config\plugins\bayesian\
111. Can a Bayesian filter be taught to detect virus
attachments?
Question:
Can a Bayesian filter be taught to detect virus attachments
as well as detecting spam?
Answer:
It won't detect a virus as it ignores attachments. Although
if there is a regular text heading
(like the "I Love you" worm) it will pick that up.
But you'd have to receive a few so that it could learn that
|
| Plugins
- RegExFilter - General Questions |
112. Where
is the logfile stored?
Question:
Where is the logfile stored?
Answer:
Windows XP:
C:\Documents and Settings\$account$\Application Data\SpamPal\plugins\regexfilter\
Windows 2k:
C:\Documents and Settings\$account$\Application Data\SpamPal\plugins\regexfilter\
Windows NT: C:\WinNT\Profiles\$account$\Application Data\SpamPal\plugins\regexfilter\
Windows 98:
C:\Windows\Application Data\SpamPal\plugins\RegExFilter\
Windows 95:
C:\Program Files\Spampal\config\plugins\RegExFilter\
113. Which program has tagged my email? SpamPal or
RegEx?
Question:
Which program has tagged my email? SpamPal or RegEx?
Answer:
Check the headers? When you find
X-SpamPal: SPAM
or
X-SpamPal: PASS
the message has been tagged by SpamPal.
Do you find the line
X-SpamPal: REGEX ID#xxxxxxxxx-x
the message has been tagged by RegExFilter.
114. E-Mails are not tagged when using the preview
modus...
Question:
When getting the email headers only (preview mode in
email client) RegExFilter does not tag any spam.
When I download the whole email it works.
Answer:
RegExFilter does not examine an email when it is not
downloaded completly.
When you want RegExFilter to support the preview mode,
add following line to the rulefile.
CHECKPREVIEW
Commands like "Body:" and "Line:" do not work of course
using this mode.
115. What does RegEx do?
Question:
What does RegEx do?
Answer:
RegEx is a Regular Expression filter for SpamPal, AKA
Outlook Filters on Steroids
In other words, it enables you to setup various filters
(from the simple to the complex) that scan an email to
check for 'spam like' qualities.
For example, the following simple expression:
=Subject: {\b(viagra|adult|illegal)\b} [subject]
Will simply, look for any text in the Subject of your
email that matches the words: viagra OR adult OR illegal.
You can match various 'spam like' text in the headers
or the message body, using various
RegEx filters.
SpamPal alone checks DNSBL (dns blacklists), which will
catch the majority of your Spam,
although if the DNSBL's miss 'new' spam, RegEx gives
you more chance of catching it.
116. I’ve used an external editor on my filters.dat
file and they are not working
Question:
I’ve used an external editor to edit my filters.dat
file but RegEx isn’t processing the new filters
that I’ve added
Answer:
On SpamPal versions before v1.08, force the plugin configuration
to reload, by opening the SpamPal options window and
clicking "OK" without changing anything.
117. How do I know which RegEx rule matched?
Question:
How do I know which RegEx rule matched?
Answer:
In the headers of your message, you'll see, for example,
something like this:
X-SpamPal: SPAM REGEX ID#274065920-04
X-RegEx: Virus: dangerous attachments
Note down the ID# number
Now look in the directory: spampal/plugins/Regexfilter
for a file called regexfilter.log and this will show
you which rule tagged your message and which header field
triggered it.
Eg: 01 Oct 02 06:59:20 --- New match (ID#274065920-04):
01 Oct 02 06:59:20 valid: [%=Line: {name=.*\.(ADE|ADP|BAS|BAT|CHM|CMD|COM|CPL|CRT|EXE|HLP|FXP|
HTA|INF|INS|I SP|JS|JSE|LNK|MDB|MDE|MSC)} [Virus: dangerous
attachments]] matches [
|
| Plugins
- RegExFilter - Regular Expressions (RegEx) & Filterrules |
121. How
do I write the regular expressions that RegEx uses?
Question:
How do I write the regular expressions that RegEx uses?
Answer:
Here are some links that help understand regular expressions:
The Regex Coach - interactive regular expressions:
http://weitz.de/regex-coach/
Another small introduction:
http://www.phpbuilder.com/columns/dario19990616.php3
Nice introduction in regular expressions:
http://www.perldoc.com/perl5.6/pod/perlre.html
This article is about regex in PHP (nice examples):
http://www.devarticles.com/content.php?articleId=106&page=3
122. How can I stop junk email with numerous To:'s?
Question:
What is the best way to stop junk mail that has numerous
To:'s
Eg. To: name@telus.net, name@myisp.net, name@myisp.net,name@myisp.net
Answer:
You can also use a RegExFilter:
To: {\@.*\@.*\@} [found at least three addresses in To]
Which means:-
\@ = the character @
. = any character
* = previous character zero or more times
123. How do I stop the word "analytical" being
marked as Spam?
Question:
Is there a way to modify the standard rule :
Body: {https?:\/\/[\w\.-]*(?:xxx|sex|anal|slut|pussy|cum|nympho|suck|porn|hard-?core|taboo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|erotic|lust|panty|panties)[\w-]*\.}
[words used in URL indicating porn]
So that anything like "analytical" doesn't get marked
as spam
Answer:
There are two possibilities:
1. Remove the word "anal", so that the rule becomes:-
{https?:\/\/[\w\.-]*(?:xxx|sex|slut|pussy|cum|nympho|suck|porn|hard-?core|taboo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|erotic|lust|panty|panties)[\w-]*\.}
[words used in URL indicating porn]
2. Tell Regex to use "anal/" instead of "anal"
{https?:\/\/[\w\.-]*(?:xxx|sex|anal\/|slut|pussy|cum|nympho|suck|porn|hard-?core|taboo|whore|voyeur|lesbian|gurlpages|naughty|lolita|teen|schoolgirl|kooloffer|erotic|lust|panty|panties)[\w-]*\.}
[words used in URL indicating porn]
124. How do I mark email addresses, without an "@" sign,
as Spam?
Question:
Is there a way to tell Spampal, that if the email address
does
not contain the @ character then it should label that
mail as spam?
Answer:
You can use RegExFilter with following rule
-From: "@"
Mark message as spam when from does not (-) contain a "@".
125. I've added a rule to whitelist opera users but
it doesn't work all the time
Question:
I've added the rule +To: {opera-users\.com} to whitelist
mail from the opera mailing list. That works most of
the time, but every so often I get a mail marked as spam
- Why?
Answer:
Try setting up a filter:
+To: {opera\-users\.com}
or
+To: "opera-users.com"
126. Why does my filter rule not work? There is an
error message in the logfile.
Question:
Why does
+To: {yahoogroups\.com}[pass all Yahoogroups posts]
not work?
In the logfile I found following error:
08 Dec 02 22:52:43 error: error in [+To: {yahoogroups\.com}[Pass
all Yahoogroups posts]]
Answer:
It is necessary to put a space between "}" and "[".
So following rule should work:
+To: {yahoogroups\.com} [pass all Yahoogroups posts]
127. How do I create a new regex filter for this yahoo
x-header?
Question:
How do I create a new regex filter for this yahoo x-header:
X-YahooFilteredBulk: 64.12.136.6
Answer:
When you want to check if a header exists use:
Header: "X-YahooFilteredBulk:"
128. I?ve setup a whitelist in RegEx but it doesn?t
seem to work
Question:
I?ve setup a whitelist in RegEx but it doesn?t seem to
work
Answer:
Check for usage of the ?=? command in your filters.dat.
The ?=? means that If the filter is matched, then don?t
bother to check for any more lines.
Eg.
=Subject: {\b(FREE|CARS|MONEY)\b} [subject spam]
+From: {john@aol.com} [whitelist my mate john]
So, if john@aol sent you a message, with a subject of ?A
FREE CAR?, even though you are trying to whitelist him,
it wouldn?t work, unless you remove the ?=? command
129. A SPAM mail has not been tagged by RegExFilter?
Question:
A SPAM mail has not been tagged by RegExFilter.
Where is the problem?
Answer:
Each message has two flags "is Spam" and "is Whitelisted" which
are set independently. E.g. "is Spam" can be set by SpamPal
because of a positive RBL result and also "is Whitelisted" because
of SpamPals "Whitelist". When both flags are set the
mail is not tagged ("is Whitelisted" has a higher priority).
Another bug is the wrong usage of filter rules. For example:
Subject: {\b(porn|XXX)\b}
+From: {@gmx\.de}
A message from "@gmx.de" with "xxx" as subject is not
tagged as SPAM (both rules match).
This can be solved using following:
=Subject: {\b(porn|XXX)\b}
+From: {@gmx\.de}
When the words "porn" or "XXX" are present in the subject
the message is tagged as SPAM and no more rules are evaluated.
130. What is the difference between Body: and Line:?
Question:
What is the difference between Body: and Line:?
Answer:
Body: matches the message with all embedded newlines.
Line: matches the message line by line without newlines.
Example:
----------------------------------
This is the first line...\n
...and this is the second one!\n
----------------------------------
Body matches:
" This is the first line...\n...and this is the second
one!\n"
Line matches
" This is the first line..."
and then
" ...and this is the second one!"
131. When does the option "-" tag an email
as Spam?
Question:
When does the option "-" tag an email as Spam?
Answer:
Example:
-To: {myaddress@aol\.com}
The message is tagged as Spam when
To-Header not found => no Spam
To-Header found AND myaddress@aol.com found => no Spam
To-Header found AND myaddress@aol.com not found => Spam
132. Regular expression that does not ignore upper
and lower case characters?
Question:
How do I create a regular expression that does not ignore
upper and lower case characters?
Answer:
Regular expression and simple substring matching are
case independent by default.
Use (?-i) to use independent case matching for the substring.
Example:
Subject: {((?-i)[A-Z].*){10,}}
|
| Plugins
- Quarantine - General Questions |
133. What
does the Quarantine Plugin do?
Question:
What does the Quarantine Plugin do and how does this
differ from the automated, move ***SPAM*** tagged files,
to a separate directory method?
Answer:
It is mainly used for users who like to:
1) kill spam directly (no storing in an email folder)
and want to have a backup (to recover false positives)
2) have the complete email (with headers) for reporting
spammers, e.g. SpamCop type reports
3) post spam examples in news.admin.net-abuse.sightings
134. Is it possible to change the quarantine directory?
Question:
Is it possible to change the quarantine directory?
Answer:
Quarantine-Plugin (like all other plugins) uses the same
configuration directory that SpamPal uses for its data.
So it is possible to change this directory for all plugins
with a command line parameter globally:
SpamPal.exe -configdir C:\myDir\mySpamPalConfigDir
|
| Plugins
- URLBody - General Questions |
135. What
does the URL Body Plugin do?
Question:
What does the URL Body Plugin do?
Answer:
It filters mail by looking for URLs in the body of the mail, and checking
the hosts of those URLs,
against whatever blacklists you have configured.
If a URL from a spammer is found, it's marked in the header with an extra
BODY text, eg:
X-SpamPal: SPAM OSIRU 202.109.114.188 BODY
|
| Plugins
- HtmlModify - General Questions |
136. What
does the HtmlModify Plugin do?
Question:
What does the HtmlModify Plugin do?
Answer:
Html Modify is a beta plugin that allows you to remove
malicous HTML-tags in HTML-Mails.
HTMLModify removes Javascript, Applets, Sounds,
Webbugs and some more.
Therefore you can use your Mail-Reader for reading HTML-Mails
without giving Spammers/Hackers the chance to damage
your PC or to track their mails.
Note: currently the plugin is only available from
http://www.ib-hoebel.de/SpamPal/
137. What is a web bug?
Question:
What is a web bug?
Answer:
A web bug is a small, usually invisible, graphic added
to an email message.
These graphic images or tags, are used by companies to
get statistics on who is looking at their website
This does not mean it's a bad thing, however, some spammers
have now taken this idea a step further:-
Eg. In an HTML Email, the spammer could use:-
IMG SRC="http://www.aspammer.com/dirtytricks.cgi?email=youremail%40hotmail.com" WIDTH=1
HEIGHT=1
Which would pass your TCP/IP address and your email address
to the Spammer's server.
From your TCP/IP address, the Spammer can find out your
ISP, domain and lots of other useful data.
Most importantly, the spammer has validated that your
email address is good!
138. which HTML TAGS are classed as Malicious?
Question:
In the options for the plugin, you can now tag Malicious
HTML as Spam, which HTML TAGS are classed as Malicious?
Answer:
The tags currently are:
object, script, iframe, embed, frame and inline-script
like <...onclick ... ...>
Images are not used as spam-criteria as they are often
used in newsletters
Mails with only a html-section and no text-alternative
are also marked as spam (as no email-reader produces
such mails, only spammers)
Base64 encoded HTML-sections are also very often used
by spammers, so this is also a Spam-criteria
|
|
|
