Your donations are always welcome and appreciated!
Arca NoaeYandex


The SpamFilter is a free and Open Source software able to detect and reject e-mail messages containing unwanted advertising. SpamFilter is a multi-threaded daemon and features local sockets and named pipes interfaces to receive queries and send answers to mail server software (MTA).

The program was developed mainly for use with Weasel mail server. On every stage REXX scripts (filters) are called by Weasel to query SpamFilter.


History of changes

2019-07-04 ver. 1.1.5
  - Optimization of the operation of the pipes transmitting log from Weasel.
  - New shared event semaphores: \SEM32\SpamFilter\shutdown and
  - Version number in usage information (command line switch -?).
  - New Weasel filters routine sfQuery.cmd. Now it supports work through system
    pipes and may not use rxsf.dll (optional, see comments for
    pipeName/socketName in sfQuery.cmd). However, it is recommended to use a
    local socket.
  - Pipe name in configuration file on which SpamFilter will receive requests
    may be short (without "\PIPE\" prefix) or complete form.
  - Socket name in configuration file on which SpamFilter will receive requests
    may be short (without "\socket\" prefix) or complete form.
  - The command line switch -R is deprecated. For -r now: first attempt will be
    made to connect to a local socket. In case of failure - with the named
  - Attribute from-local of option update-header in the configuration did not
    work. SF always added the header X-SF to email messages. Fixed.

2019-06-11 ver. 1.1.4
  - Event handling: not a local client, but a local sender and local recipient.
    See the new option extclnt-locsender-locrcpt in the configuration file.
    Option score-extclnt-locsender-locrcpt is deprecated.
  - ehlo in X-SF.
  - Reading Weasel log from alternative named pipes. Redirecting the Weasel log
    to the new named pipes. IP address blocking when the set frequency of
    unsuccessful authorizations is exceeded.
    See the new format for weasel-log-pipe option in the configuration file.
  - Fixed receiving requests through named pipes.
  - New command line switch -R.
  - High memory support.

2016-09-16 ver. 1.1.3
  - Search EHLO strings among names of MX servers of client's domain.
      Client: []
      EHLO  <-- Valid MTA for
  - readme.txt is updated.

2016-06-20 ver. 1.1.2
  - Value <spam-urihost-ttl> parse error - fixed.
  - New scoring for letters: not local client and local sender and local
    recipient. A new configuration node <score-extclnt-locsender-locrcpt>.
  - File GrLst.txt reading bug fixed (empty e-mail address at I-line).
  - Session Id in X-SF.

2016-02-14 ver. 1.1.1
  - A new statistics item "spam-urihosts-found" - number of spam messages that
    contains host names collected by spamtrap.
  - Small memory leak on reconfiguration - fixed.
  - Command execution timeout. New configuration node: <command-timeout> and
    node <command-timeout> at statictic.

2016-01-24 ver. 1.1.0
  - A new format of queries. It allows easy integration into MTA software.
  - A more flexible verification sender mailbox.
  - Reduce a number of DNS requests (reverse DNS lookup) while mail receiving
    from ISP/secondary MX servers.
  - Improved structure of the configuration file.
  - Weasel piped output support.

2016-01-12 ver. 1.0.2
  - SYS3175 when receiving mail from the relay - fixed.
  - Details in anwser for messages to spamtrap:
      messages from Internet:    SPAM: spamtrap=xxx@xxx.xx
      messages from local users: NOTSPAM: spamtrap=xxx@xxx.xx
    File sfQuery.cmd updated to prevent saving spamtraped messages from local
    The counter "spam-trap" in stat.xml ignores messages from local users.
  - Human readable format for files/data sizes in the configuration.
  - Some new messages for logfile.

2016-01-11 ver. 1.0.1
  - A new attribute "start-stage" for the node "spam-store" tells SF to store
    SPAM detected on specified and subsequent stages. An aggressive spamers can
    be detected at stage 0 (by dynamic ip-address list) and there is not much
    sense to receive messages from them.
  - Message-ID check (see configuration XML-tree "message-id").
  - After confirming the existence of a mailbox on the server, the server's
    response for fake mailbox checked - some spammers services respond "250 OK"
    for any mailbox.
  - A local users may forward a spam letters to the spamtrap to collect spam
    hyperlink hostnames from the message body.
  - The sender address was not logged and stored at the session object
    after message "MAIL FROM ??? matches the configured pattern." - fixed.
  - Human readable format for time intervals in the configuration.

2016-01-10 ver. 1.0.0
  - Field X-SF will not be set for messages from local users while the
    attribute "from-local" of the node "update-header" at the configuration is
    tuned off.
  - The maximum number of open sessions for a single IP-address may be limited,
    see configuration node "ip-max-sess".
  - When "update-header" enabled the session data like EHLO, MAIL FROM, TO
    will be loggeded even if the final answer has been received.

2016-01-09 ver. 1.0.0
  First public release.