Configuring the Spam Trap
Unzip the spamtrap.zip file into a directory on your computer. It does not
have to be the same computer as the one where your Mail Server or your DNS are
running. In fact, they can all run on separate systems if that's what suits your
needs. You should have:
- doc - The folder containing this documentation
- activation.jar - The Java Activation Facility
- mail.jar - The JavaMail extensions
- spamtrap.jar - The Peacham Spam Trap.
Launch the spamtrap.jar file. In Windows you double click it, in Linux you
may have to issue the command "java -jar spamtrap.jar". The program will start
and bring up the configuration dialog. Fill in all the blanks and close the
On this panel you fill in information about the account used to capture the
- Update ... - How often the program should retrieve new mail,
analyze it, and update the DNS. Leave it zero for now.
- POP3 ..., Account, Password - The information that
you would supply to an e-mail client so that it could read the mail.
- Delete incoming mail ... - The inbox can get pretty full, but
you may need to go back and inspect an incoming message. If this is set to
zero, the incoming messages will not be deleted automatically.
On this panel you supply the IP address of your DNS server and the name of
the blacklist sub-domain.
On this panel you specify the parameters for the algorithm that decides when
to blacklist a site:
- The name of your incoming mail server. This is used to identify the
address that transferred the mail to you. Look in the headers for a piece of
e-mail for the "Received: by" field for this name.
- Blacklisting threshold - How many e-mails from an address are
needed to identify him as a spammer? I have this set to 1.
- Hits in n1.n2.n3.* ... - A spammer doesn't send all of his junk
from the same address. Often he will have access to a whole block of 256
addresses, and use them randomly. How many addresses from the same block have
to send you spam before you decide to blacklist the whole block?
- Retention days - How long do you hold a grudge? After four months
you can remove the blacklisting and see if he comes back. After that long, he
may be in one of the other, public, blacklists, or he may have moved to
another address. More important, somebody innocent may be using that address
Deferring to Public Blacklists
There is no need to retain spammers in your private blacklist if they have
been listed in an available public blacklist that your mail server is using.
Once a day the Peacham Spam Trap can check your oldest active listings against
the lists that you use.
- Hour for defer check - At what time of day do you want to start the
check? Values are 0 to 23. Enter -1 to say that it will be started manually
from the File menu.
- Check how many oldest? - No need to check all of your listings,
limit your bandwidth use.
- Check one every n seconds - Space out the requests. For each item
checked, the Spam Trap sends an inquiry to each of your public blacklists.
- Check against which DNSBLs - This is where you list the names of
the public blacklists that you have configured your mail server to use. For a
list of lists. go to
Ignoring Spam from Major Providers
Some spam comes from the major e-mail providers despite their efforts to block it.
You don't want to block everything from these sources because of a few Spam,
so you add them to the whitelist (the opposite of a blacklist.) Spam Trap will
ignore Spam that comes from mail servers in these domains. It does not use
the reply address since that is almost always spoofed.
main window can be resized and repositioned and the changes will be remembered.
This applies to the Configuration and DataBase windows also.
Select File/Read mail to test retrieval of spam. It will report on the
number of messages read. Select View/Data to see what it got.
of the entries are yellow yet because they have not been uploaded to the DNS,
and none of the address blocks have been identified. After you have verified that
all of the entries are spam, select File/Update DNS and you are on your
way. Check your logs, make sure everything is operating, and then go back and
set an update frequency of ten minutes.