Washington Apple Pi

A Community of Apple iPad, iPhone and Mac Users

Controlling Spam with PostArmor X

By David L. Harris

Washington Apple Pi Journal, reprint information

I am (still) running Mac OS 10.2.8 and the version of Apple’s Mail that comes with it. At one time when I was routinely “bouncing” e-mail in my Junk folder, Mail suddenly quit. After that, I have never been able to get the Junk filter to work. (Using “Bounce” is not a good idea anyway: since the worst spammers have fake return addresses, all you get is bounced messages in return.)

Suspecting that the preference file “com.apple.mail.plist” in my user Library>Preferences folder might have gotten corrupted, I removed it and rebuilt my Mail folder structure. No luck. Since then, although I can designate Junk mail by selecting the offending message headers and clicking on the Junk button, sending those messages directly into the Junk folder, no incoming mail ever gets designated as Junk unless I do it manually. So I have still been receiving my full quota of junk mail—about 80% to 90% of my total mail volume.

Reading about the free-for-one-e-mail-account PostArmor X, I decided to try it. PostArmor is an e-mail proxy, with support for the POP (or APOP) protocol. You may also use it with an IMAP account. PostArmor lies between your e-mail client (in my case Apple Mail) and your e-mail server (e.g. mail.wap.org). It does not retrieve mail; it just looks at it while it is still on the server, and rates the probability that it is spam, based on rules already built in, or ones you add. It can rate messages as spam or UCE (Unsolicited Commercial E-mail) whether the sender is legitimate or not, but you can change filters so that a message with “ADV” in its header, for instance, will get through.

In setting up PostArmor, you must tell it where your e-mail server is (“mail.wap.org”), and tell your e-mail software to ask PostArmor for mail. Then you can use your usual e-mail software to get mail filtered by PostArmor.

PostArmor can work in GUI (Graphical User Interface) mode or in console (text-only) mode. I will describe only the GUI mode here, since that is what most individual users will want. PostArmor is written in Java, so that it works on any computer platform that can run a Java Virtual Machine version 1.1.1 or later, with Swing 1.1.1. As I mentioned above, PostArmor is free for individual users on one machine with one e-mail account. For other users it can be licensed for reasonable fees. It comes with HTML-based documentation, which you view with your Web browser. The version of PostArmor I have (1.3.1, which is the latest at this time) was written in 2002, according to Get Info, so some of the document’s illustrations for setting up Mail to use with PostArmor were a bit different than I saw when editing Mail’s Account preferences. I was able to translate the ideas to my later version of Mail.

PostArmor opening window

Figure 1: PostArmor’s opening window

Figure 1 shows the appearance of PostArmor after it is launched. It must be running in order to filter the mail that your e-mail program gets, and, when that program is set to use PostArmor, to get mail at all. I put PostArmor in my Login Items (in System Preferences), so it launches when I boot my system. It works even if minimized.

Checking mail

Figure 2: Checking mail with PostArmor

PostArmor can also run by itself, just to check mail waiting on your mail server, and to rate its spam potential. If you hover the mouse cursor over any of the mailbox buttons shown in Figure 1, text pops up telling you what the button does. The first button on the left in the row of mailboxes allows you to inspect mail still waiting on your server, with its ratings by PostArmor (Figure 2). In the figure, green items have been OK ’d and yellow (lighter, in gray) items are rated as spam. Scores that PostArmor has assigned are seen at the right. Clicking on icons above the list of messages performs tasks on selected messages. Figure 3 shows me adding one sender (on the lightest gray row) to my list of OK senders; it had been previously been assigned as spam with a rating of 20. One icon option is even to send a report to SpamCop.

Adding addresses to OK list

Figure 3: Adding an address to your OK list

Figure 4 shows the Settings window, with the Options tab selected. “Senders always accepted” already has several domains entered (apple.com, mac.com, etc.), and you can add either your own domains or full e-mail addresses, modify them, or remove them. Your friends’ or relatives’ addresses would go here, as well as those of any mailing lists you might subscribe to, if they are not already included by domain. There is even a feature to have PostArmor send e-mail to you alerting you to blocked messages, though even when I enabled it, I have not seen it work.

In the lower part of Options you can block domains or addresses in a similar way.

Settings options

Figure 4: The Settings Options window

The Filters tab of Settings (Figure 5) shows the rules or filters that PostArmor already has built in. You can add or remove these too. PostArmor has its own system of weighting the probability of a message being spam, with higher numbers being more probably spam. Negative numbers decrease the spam rating. PostArmor checks message headers for the information it uses to judge. The documentation explains in detail the meanings of the elements shown in Figure 5, and how to modify them. However, I think one of the reasons for PostArmor’s success is how well the built-in filters work. In my first day of using the application, it allowed only one spam message to pass through—out of dozens of such messages. And that was only because in that instance I did not use it to check messages before getting mail with Mail. You will want to use PostArmor to check messages in the first several days of use, just to refine its settings more to your liking.

Settings filters

Figure 5: The Settings Filters window

In order to use PostArmor in conjunction with your e-mail program there are some settings you must change in that program. In particular, you have to replace your incoming mail server’s address (e.g. mail.wap.org) with the word “localhost” if PostArmor is on the same volume as your mail program. In addition, you cannot use MDS Challenge-Response and SSL for incoming mail, as this version does not support them. These were the settings I had used for WAP mail in Mail. The consequence of this is that your e-mail account password will be less safe from prying Internet eavesdroppers. In my case this is less threatening than might otherwise be, since logging onto the TCS also sends account information in the clear—though apparently not in as easy-to-raid format as when getting mail. You also have to change the POP port number from 110 to 8110, so that your e-mail program communicates with PostArmor. Outgoing mail settings are unaffected.

Since PostArmor operates only between your server and your e-mail program, any rules or filters you have set up in that program will still work to direct mail where you want it to go.


Did I say that PostArmor is free? It is, for single users, on one e-mail account. If you are an individual with more than one e-mail account, you can still use the program for free on one of your accounts. You may have to switch settings in your e-mail program, if you want to get mail from more than one account. If you write down your settings before changing them for PostArmor, it will not be hard for you to change them. Not convenient, but not difficult. Or you could pay the license fee for multiple accounts. And did I say that PostArmor works “out of the box” to block most spam? The most you have to do is add domains and addresses that you wish PostArmor to pass without checking, and monitor your e-mail with PostArmor for a while to customize it to your satisfaction. A bargain, I say (“free”).

PostArmor is available from: