yaspi - Yosi's Anti-Spam POP3 fIlter bot


yaspi is a POP3 mail-scanner and abuse reporter.

I did it to work with my yahoo account but it will do with any POP3 accessible account.

yaspi inspects the mails in your POP3 server and uses some configurable heuristics to detect mails with big attachments infected by viruses that could be flooding your mailbox.

Then it deletes those messages. It can also use ricochet to report them to adequate abuse addresses obtained from

If you select to report the infected mails I advice you to:

  1. Configure ricochet to send a BCC to you, this way you know what has been send in your behalf and to who.

  2. You will get lots of automatic responses back, do not ignore them!. Classify them and try to follow which ISP are honoring your requests and which ones are ignoring them.

    You will also get some human-made responses, usually from small ISPs or companies. You can drop a thank you message to them.

    If after some days you are still getting infected mails from some specific ISP, try looking for some staff e-mail address on RIPE, IANA, etc. or from the ISP web site and write a polite mail explaining the problem and how your reports are being ignored.

  3. Some ISPs use mail-scanners to filter their abuse addresses and virus reports are dropped because they look like real viruses (most mail-scanners are really silly!). In those cases, try resending the report without any rest of attachments or references to .bat, .exe, .pid, etc. files from the original message. Add a note also, explaining why filtering its abuse address with a silly antivirus is a bad idea and that better they use it with its outgoing mail!.

  4. At any time remember that ISP staffs are your friends. They hate viruses as much as you do because they overload their mail systems and their networks, waste their time and cost money to their companies.


yaspi is called with the following options:

  yaspi [-s] [-v] [-l] [-r<delay>]
Simulate but don't do anything.

Verbose mode. Without this flag, yaspi doesn't produce any output to be easily called from the cron daemon (although 'ricochet' sometimes does!).

Process all mails instead of working incrementally. By default, yaspi only looks at the mails received after the last one marked as downloaded on the POP3 server.

-r $delay
run every $delay minutes. By default, yaspi runs once and exits.


To install yaspi under windows unpack the archive and edit the configuration files bot.cfg in the yaspi directory to suit your preferences (you can also customize the templates if you want to).


installation procedure for Unix users is as follow:

  1. install required perl modules from CPAN
  2.   LWP

    Some of this modules will also require other modules to work!

    You can install them easily with the CPAN module:

      perl -MCPAN -eshell
      $ install Net::POP3
      $ install Mail::Sendmail
      $ install Config::Properties::Simple
      $ etc.
  3. install the script
  4. copy the yaspi file to some place in your PATH, i.e.:
      cp yaspi /usr/local/bin
      chmod 755 /usr/local/bin/yaspi

  5. copy and edit the .yaspi config file
  6.   cp -r unix_config ~/.yaspi
      vi ~/.yaspi/bot.conf

    the included configuration file has comments explaining how you can set it to meet your particular configuration.

  7. set up templates
  8. In this version, richochet code has been (dirtily) integrated inside yaspi so it is not necesary to install the stand alone ricochet script anymore.

    But you can customize ricochet templates inside yaspi configuration directory to meet your preferences.

  9. test that yaspi is working properly
  10. use the -s switch to make it do nothing
      yaspi -lvs

    and see from the output and the save file (usually which messages would become deleted. If unwanted messages would be deleted adjust the forbid rules in the configuration file and test again.

    Then run the real one

      yaspi -lv

  11. add yaspi to the crontab (optional)
  12. add a line like ...
      5,25,45 * * * * /usr/local/bin/yaspi

    ... to your crontab to run it every 20 minutes.


Copyright (c) 2003 Salvador Fandiņo Garcia <>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA