PostArmor: Stopping Spam at the Server
The other day I logged on to my mail server directly to have a look at what was awaiting me. A total of 115 messages – of which only 45 actually had any relevance for me, the rest being either spam, viruses unwittingly spread by Windows users, or viruses bounced by servers configured by unthinking admins believing my email address’s presence in the From: field meant I was the sender.
A typically depressing day on the Internet – and pretty average too, given that spam and similar junk is now reckoned to make up more than 50 percent of all email, having grown roughly tenfold in the past two years. So we’re all on the lookout for weapons to use against spam. For those of us on dialup Internet connections (as I am at home, with absolutely no prospect of broadband due to my rural location), the problem isn’t sorting the spam out when it gets to us. No, the goal is to prevent the spam from starting the journey down the narrow phone line from the mail server to our computers. That’s why, although spam filters in products like Apple’s Mail, Eudora 6, and SpamSieve interest me, they seem a misplaced effort for my problems. Time is precious, as is bandwidth on a dialup, and I don’t want to devote it to spam.
Blocked at the Mailbox — Checking your mail while it’s still on the mail server is the first step. Over the years I’d used programs like Mail Siphon and POP Monitor (both are available for Mac OS 9 and Mac OS X). But the problem with these programs is that you must manually decide what’s junk and what’s not. I can tell at once that an email entitled "Something wrong with the website xfsdksjk" is spam (spammers add the randomly generated extra letters to avoid ISP spam filters that look for bulk email with identical titles), but neither Mail Siphon nor POP Monitor does. So you end up deleting all the junk mail by hand, which still leaves you cursing spammers.
Then one day I stumbled across PostArmor and realised I’d found exactly what I wanted – a program that could automatically filter spam before downloading it.
PostArmor examines only the headers of messages, but in my experience that actually yields enough clues to identify spam almost without fault. It works by allocating points to each message, based on certain clues in the headers, and only those that don’t rack up too many points will be allowed straight through to your mailbox.
Using PostArmor — The program, written by Paolo Manna, a programmer based in Holland, is intended to sit and run continuously as a proxy for your principal email program – whether that’s Mail, Eudora, Entourage, Mailsmith, or any other IMAP- or POP-based system. You tell your email client that PostArmor is your mail server; PostArmor in turn queries your real mail server and decides, based on its built-in rules and those you set (all of which can be changed) which messages to pass on, which to delete, and which to quarantine.
How does it decide? Particular dirty words (or parts of them – it will also filter using regular expressions, as I’ll explain later) or adult subjects, "privacy" subjects (such as "government" or "tax" or "spy software") or domain subjects (containing the words "your domain" or "quality internet" or "saw your site") and a host of others will all set its whiskers a-tingle. If a message picks up more than a certain number of points (which you set), PostArmor deletes it from the server right away. If it gets more than a threshold figure – again, you decide what – it won’t be deleted, but it won’t be passed on either: it will show up, highlighted in yellow, in PostArmor’s mailbox window. Those which don’t hit the threshold zoom straight through to your email program. You can also whitelist and blacklist certain senders and generate "fake bounces" from the server. (The idea is that the fake bounce will persuade the spammer your address is dead; it’s a pointless waste of bandwidth, since spammers couldn’t care less about removing bouncing addresses from their lists.)
Customizing PostArmor — "But," you’re probably saying, "I have people who legitimately send me messages with prohibited words or phrases like ‘saw your site’ or ‘government’ or ‘tax’ – I’m in charge of my government’s Web site!" That’s fine; you can tweak the numbers and words to your heart’s content, and most of all create your own filtering rules.
PostArmor is remarkably flexible: you can search on the Subject, From, To, Cc, Bcc, Content-Type, Reply-To, Date or "Any" headers (though not the title of the header itself); you can choose if that field contains, doesn’t contain, starts with, ends with, has your address or doesn’t have your address; and then you choose what data string you want to check it against.
One of the program’s best features, to my mind, is its capability to let you use regular expressions for that data string. These are tools familiar to Unix users that allow you to search for particular patterns of text in a larger body. Thus for the example email subject title above – "Something wrong with the website xfsdksjk" – I’d set up a "regex" search which looks for a subject line that has a number of spaces followed by a number of characters or digits. If you’re unfamiliar with regexes (like most Mac users), don’t worry: PostArmor’s ReadMe file – whose step-by-step, well-illustrated style is an object lesson to anyone looking to produce software that real people, not wonks, will install and use – contains useful links to online manuals. (For those using Mac OS X, I’d recommend downloading the text editor Tex-Edit and reading its useful guide on regexes, and experimenting with its regex-savvy Find function; the Mac OS 9 version does not offer regex.) You can use regexes, for example, to catch email originating from Chinese (.cn ), Taiwanese (.tw ) or Russian (.ru ) servers: note there’s a space after those letters, which is critical to catching spam rather than email from your friends at CNET, or Twingo, or that nice <[email protected]>, all of whom would run afoul of these filters if those trailing spaces weren’t present.
PostArmor is initially set to delete only the most egregious junk; most dubious stuff is quarantined, after which you can decide its fate manually. As you gain in confidence, you’ll create new rules and tweak the old ones to create a smooth-running system that – if my experience, dealing with 200 email messages a day on two different addresses on a high speed connection at work, and about a quarter of that at home on a third address – will entirely change your reaction to spam. Where it used to be hugely annoying, you’ll now find yourself grinning at those yellow-tinged messages unable to reach you with their false promises of a bigger body or smaller debts. (In my work as a journalist, it also catches a huge number of rubbish email messages sent by PR companies; that certainly eases the burden of keeping up with the world.) Plus when a new virus rolls around and generates pointless bounces of the form "Mail Delivery Failed: …." you can create a new rule deleting any mail that starts with that phrase. So long, SoBig.
Chinks in the Armor? Has it any flaws? I haven’t run into any; the reason I logged on directly to my mail server the other day, as described as the start of this article, rather than letting PostArmor do the heavy lifting, was because the program kept timing out when I tried to check my mail. I contacted Paolo Manna to point this out – and he reacted quickly, sending over a new build (version 1.3.1) of the program which both uses the newer 1.4.1 version of Java available for Mac OS X, and extends the timeout for a login from 20 seconds to 45.
That didn’t solve my problem – but I then discovered this was because my ISP’s spam-overloaded mail server was taking up to 90 seconds just to react to a request to log on. (Usually it’s a couple of seconds.)
Otherwise, the only problem you’re likely to run into with PostArmor is incorrect configuration – if you create a filter incorrectly or without care, you could end up deleting legitimate mail – but you can set wide limits between "allow directly to my mailbox" and "delete as definite spam". You can then check it in the window PostArmor provides to decide, and either allow or destroy it. Thus, I’ve found PostArmor quite safe to use; and it will optionally provide a report on what mail it has blocked and deleted as often as you like, so you can tweak your filters further.
PostArmor is free for a single email account; for more than one you’ll have to pay from $15 upwards (there are discounts for multiple users). As it’s a Java program, it can run on Mac OS 9, Mac OS X, and even Windows, which can be handy: when my iBook was being repaired recently I happily downloaded it on a Windows machine for work and set it to work chomping up those email grubs.
[Charles Arthur is technology editor of The Independent newspaper in London and editor of UKClimbing.com, a British climbing Web site.]