• Introduction
• Installing SAproxy
• Configuring mail clients
• Configuring SAproxy
• Advanced notes

Configuring SAproxy

When SAproxy is running, right click on the SAproxy tray icon. It will bring up a Configuration dialog. After making changes, if you want to save those changes click on the OK button. To avoid making any changes, click on the Cancel button.

Settings

These are some basic settings for the SpamAssassin engine.

Use non-local network tests

If this box is checked, SAproxy will do tests that require an internet connection to operate. These tests significantly reduce the amount of spam that is able to slip through SAproxy, but may slow down the rate at which SAproxy can check mail. The amount of additional time also varies depending on server availability and load.

Automatically learn from past spam to recognize new spam

If this box is checked, SAproxy will automatically feed high-scoring mails (or low-scoring mails, for non-spam) into its learning systems in order to better recognize future messages of the same type. This option will slightly slow down the rate at which SAproxy can check mail and requires about 5 to 20 MB of additional disk space. (The learning system is a naive-Bayesian-style classifier.)

Note that learning doesn't happen on every message since SAproxy is very careful to only learn on messages that are very clearly spam or very clearly non-spam. In addition, a minimum of 200 spam and 200 non-spam messages need to be learned before the learning system is actively used to help classify incoming messages, so many more than 200 spam and non-spam messages need to be scanned by SAproxy before learning starts working.

Rewrite spam subject headers with subject tag

If this box is checked, SAproxy will add "*****SPAM*****" to the Subject: header of suspected spam. Leave this box checked if your mail client can only filter using the Subject: header (check the tested mail clients list to see if that is the case).

Use terse report format

By default, SpamAssassin uses a fairly long report format. Checking this box uses a shorter format which includes all the information in the normal one, but without some of the explanation.

Encapsulating spam for safety

By default, SAproxy will include its report in the body of suspected spam and encapsulate the original spam in a MIME attachment that can be easily opened in most mail programs. This prevents dangerous scripting and makes it easy for you to identify whether a message is spam before opening it.

• Low safety: do not encapsulate spam in an attachment
  Incoming spam is only modified by adding some headers and no changes will be made to the body.
• Normal safety: encapsulate spam in an attachment
  The normal default behavior is used.
• High safety: encapsulate spam in a plain text attachment
  The MIME attachment of the spam original message will be text-only attachments for increased safety.

If your mail program is allowing spam to download files without any action on your part (such as clicking on a link or a spam attachment), it is advisable to increase this setting.

Languages

Set the list of languages that are considered acceptable for incoming mail. The default is to accept mail written in any language.

If the Accept any language for incoming mail box is unchecked and an incoming mail appears to be written in a language that is not listed in Accepted Languages, then that message will be much more likely to be marked as spam.

Rules

Edit this file to add whitelist entries for people who send you messages that sometimes look like spam, but are not.

There are additional settings you can make in this file. Please see the SpamAssassin documentation under Mail::SpamAssassin::Conf for more information.

Host Map

You probably do not need to worry about the host map settings, but setting up the host map may be necessary if one of the following is true:

• Your POP3 server doesn't allow simple USER and PASS authentication.
• Your SMTP server requires SMTP authentication, your mail client isn't SAproxy-ready, and your mail client can only use one user name for both POP and SMTP.

The host map is used to link localhost ports with remote POP3 servers. If you are configuring the host map, follow these steps:

• In your mail client configuration, find the POP3 server and account settings.
• Change the POP3 server to be "127.0.0.1".
• Start SAproxy, then right-click on the SAproxy icon in your system tray and select Configure.
• Click the Host Map tab.
• To filter a single POP account, enter the line:

  110 = pop.company.com:110

  Replace pop.company.com with the name of your POP server. Make sure the line does not start with a "#" sign (which would mean the line was a comment). If you are only setting up SAproxy for a single account, you can click OK at this point.
• To filter additional accounts, first check the tested mail clients table to confirm that your client can be configured to use SAproxy with multiple POP servers.
• Enter new lines in the format:

  localport = remote.host.name:remoteport

  This format describes which local ports the proxy should map to which remote hosts and ports. Here is an example for two remote POP3 servers:

  110 = pop.company.com:110
  818 = mail.another.place.org:110

  This will cause connections on the local port 110 to proxy to pop.company.com on port 110, and connections on port 818 to proxy to host mail.another.place.org, also on port 110.
• For each additional account, change the POP3 server to be "127.0.0.1" and also change the port to the local port which maps to that remote server as you specified in the previous step.
• Click OK to save your changes.

Advanced

These are some advanced settings for SAproxy. These options should normally be turned off.

Allow the AUTH command to be proxied

If this box is checked, SAproxy allows the POP3 AUTH command to be proxied, otherwise the client will receive an error response that indicates that AUTH is not supported. AUTH by itself is harmless, the client normally receives a list of supported authorization schemes back. AUTH MSN will initiate an encrypted challenge/response sequence which ends with the server saying either +OK or -ERR. However, some authorization schemes can encrypt the entire POP3 connection which causes major problems for POP3 proxies like SAproxy.

Best current advice: turn this on if you're using MSN, otherwise leave it off for best results.

Allow the TOP command to be proxied

If this box is checked, SAproxy allows the POP3 TOP command to be proxied, otherwise the client will receive an error response that indicates that TOP is not supported. TOP is specified as an optional POP3 command which allows the client to fetch the headers of a mail message and some number of lines of the body. The idea is that you can use TOP to pre-filter which messages are downloaded without actually downloading them. This can cause problems for POP3 proxies like SAproxy since we modify and add headers after retrieving the message.

Best current advice: turn this on if you need to use a pre-filter to download only certain messages, otherwise leave it off for best results.