You can add email addresses and domains to your blacklist or whitelist by navigating to "Spam Filter / Spam Filter Lists". Add known spam domains to the blacklist or trusted domains to the whitelist to ensure better spam detection. Due to spoofing, it is not advisable to add your own email addresses to the whitelist.
When a spam sender is whitelisted, the spam report contains the line
and the spam rating will be approximately -100. The spam report can be found in the header of the email under "x-spam-report".
Blacklist for words
You can add rules for emails containing certain words by using the "Mail contains text" and/or "Subject contains text" conditions. You can handle these emails in different ways:
In the rules, you can apply the "Do not deliver message" action. Also, you can mark the email as spam with "Write specific text at the beginning of the subject" in the subject.
You can also navigate to "Spam Filter / Spam Filter Options / Custom SpamAssassin CF File" to create custom SpamAssassin rules instead, if you prefer to increase the spam score instead of marking these emails as spam directly. See this website to learn how to create custom rules: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
If you receive an unusual amount of spam emails, please check the "x-spam-report" entry in the header of one of the emails. If this contains the entry
URIBL_BLOCKED ADMINISTRATOR NOTE: The request to URIBL has been blocked. See https://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
then please follow the instructions on the linked website or in our Knowledge Base: https://knowledgebase.jam-software.com/7285 This step will noticeably improve the spam detection rate.
Changing existing SpamAssassin rules
If you want to change the spam score of existing SpamAssassin rules, you can follow the instructions on this website: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/AdjustRuleScore.
You can also use the configurator in the Exchange Server Toolbox for this purpose. A customized default rule in the configurator overwrites the existing SpamAssassin rule.
This can happen if SpamAssassin is overloaded. To fix the problem you can increase the MaxChildren and/or MaxSpare settings in the "C:\ProgramData\JAM Software\spamdService\SpamAssassinServiceController.config". Increasing MaxChildren allows SpamAssassin to use more processes, which allows it to scan more emails in parallel. Increasing MaxSpare allows SpamAssassin to keep more idle processes on reserve to react faster to load peaks.
This is a problem of the ClamAV update server. It is not a critical problem, which will disappear by itself once the problem on the server has been fixed.
You can ignore the error messages until then, or enable the option "Log ClamAV Update errors as warnings only" in the Anti-Virus settings. Be sure to disable this option as soon as the problem is fixed.
Unfortunately, the use of Office365 accounts in SmartPOP2Exchange is currently no longer possible.
Our implementation of two-factor authentication using OAuth2 has not been working recently.
Since there have been no changes to SmartPOP2Exchange during this time, everything points to a change in the Microsoft interface. Unfortunately, no changes have been documented by Microsoft in this regard and we have been referred to the use of a software library which we unfortunately cannot use in SmartPOP2Exchange for technological reasons.
We are considering removing the OAuth2 authentication feature completely from SmartPOP2Exchange in an upcoming release, but are waiting to see if there are any further changes to the interface from Microsoft.
The followings paths should be excluded in any external security program:
This is important so that SmartPOP2Exchange can check emails for viruses undisturbed. Since SmartPOP2Exchange receives emails via TCP and temporarily stores them locally for virus scanning, the processes in the listed folders must be undisturbed during these operations. If security software interferes with the process, errors may occur during email processing.
In addition, it can happen that the virus signatures used by ClamAV are themselves detected as viruses. If something deletes or blocks the signatures, SmartPOP2Exchange cannot provide virus protection.
You can find further information on how to use SmartPOP2Exchange and an external virus scanner at the same time in the help under Anti-virus software.
In order to forward emails without a valid recipient to a collective address you need to configure an SMTP error rule. You can configure this rule for a single account or as a global role.
Go to SMTP Error Rules and add a rule with the condition "Match error code with [specified number]. The error number is 550. Add the action "Send copy to [specified recipient]" and set the collective address.
Please note that in order for this rule to work your email server needs to be configured to reject emails with an invalid recipient. You can find instructions on configuring your Exchange Server here.
None of our applications depend on Java Spring or any other Java library and are thus not affected by this vulnerability.
All of our products are being developed in Delphi or C#. Although we use Spring4D(elphi) with some of the components, they are safe to use, because the reported vulnerability applies to Java Spring framework only.
This applies to all versions and editions of our applications (TreeSize, SpaceObServer, SpaceObServer WebAccess, HeavyLoad, SmartPOP2Exchange, Exchange Server Toolbox, SpamAssassin in a Box, SpamAssassin for Windows, SmartCallMonitor, SEPA-Transfer, ServerSentinel, and ShellBrowser). It is recommended to always use the latest available versions though to benefit from the latest patches, improvements, and features.