Ecole des Mines de Paris

Joe's j-chkmail Frequently Asked Questions


  1. Getting j-chkmail and j-chkmail links
  2. j-chkmail specifications
  3. Installing j-chkmail
  4. Configuring j-chkmail
  5. Running j-chkmail


  1. Getting j-chkmail and j-chkmail links
    1. Where is j-chkmail download page ?
      You can download j-chkmail at http://j-chkmail.ensmp.fr
    2. Is j-chkmail a free software ?
      Yes. j-chkmail is utilisable under GPL license.
    3. Does j-chkmail have a mailing list ?
      Yes : jchkmail @ listes.ensmp.fr. To subscribe, you should send a mail to sympa @ listes.ensmp.fr with the subject "subscribe", or visit the web page http://listes.ensmp.fr/wws/info/jchkmail

     

  2. j-chkmail specifications
    1. What does j-chkmail do ?
      j-chkmail filters mail in three ways :
      • mails containing executable attached files - you can define file extensions or regular expressions appearing in filenames at configuration file.
      • destination local addresses - you can define a class of users which can receive mail only from your domain or local network (filtering based on IP addresses).For example, you can say : root user can receive mail only from local network.
      • conformance of headers to RFC.
    2. Which MTAs does j-chkmail supports ?
      j-chkmail uses sendmail milter API. So it supports only sendmail.
    3. Which operating systems does j-chkmail support ?
      I've tested j-chkmail under Solaris 8 and Linux. As j-chkmail uses only standard C library functions and the sendmail milter API, j-chkmail should run without problems in any computer and operating system able to run sendmail.
    4. Is j-chkmail an antivirus ? What's the differences ?
      No. j-chkmail isn't an antivirus. Antivirus scans mails and attached files and compares their signatures to every known virus signatures (near 100000 nowadays). j-chkmail bases it's accept/discard decision only on filename patterns.
    5. Is j-chkmail better or worst than an antivirus ?
      Again, j-chkmail isn't an antivirus. j-chkmail is better than an antivirus in two situations : j-chkmail is faster and it consummes less ressources; j-chkmail may refuse new (executable file) virus before real antivirus, as it doesn't needs signature files. In other hand, j-chkmail doesn't detects virus and worms such as Word Macros.
    6. I'd like to know if j-chkmail blocks some kind of attached file. How can I check it ?
      Send it to the address j-chkmail-test@paris.ensmp.fr. If j-chkmail blocks it, you'll receive the warning answer. If not, I'll have a new sample to work on... 8-). Thanks a lot !
    7. When do I use j-chkmail ?
      You may use j-chkmail when performance is an issue. As j-chkmail doesn't really read and decode attached files, it's very fast. So, you may use j-chkmail when you have a heavy traffic mail server or when your server isn't huge enough to run an antivirus.
    8. Do I need a huge machine to run j-chkmail ? What about memory and CPU usage ?
      No. j-chkmail consummes less than 5 Mo memory under Sun Solaris, and CPU usage is less than sendmail itself.
    9. So, what about software and hardware requirements ?
      j-chkmail software uses less than 2 Mo of disk place. But you may need more place to store logs (if you do it). At our trafic level, log file size is about 10 Mo a week.
      j-chkmail memory usage is under 5 Mo under Solaris 8. It's near the same thing under Linux.
    10. When do I need to update j-chkmail ?
      j-chkmail doesn't work with signature files. So, you only need to update j-chkmail when there's a new software release.
    11. Why j-chkmail doesn't save refused mail ?
      The first answer is : it's easier to program j-chkmail to do this than to save and manage rejected mails. The second answer is : that is the way we'd like j-chkmail to behave. Maybe we'll do this in the futur and if enough people ask us to do it...
    12. What about the futur of j-chkmail ?
      I don't know. If you have ideas, needs or suggestions, feel free to tell us about it.

     

  3. Installing j-chkmail
    1. How do I install j-chkmail ?
      Begin reading the files README and INSTALL at j-chkmail root source directory. You may also check j-chkmail home page as it has the most recent information.
    2. Which sendmail versions are supported ?
      Any versions beginning with 8.11, but we strongly encourage to use version versions 8.12.3 and newers.
      But It seems that you can compile (and link and run) j-chkmail with one version of libmilter and run another sendmail version. As libmilter was experimental at 8.11 sendmail version. It's preferable to use version 8.12 and newers.
    3. What do I need to run j-chkmail ? What are the main changes to do ?
      You need nothing more than sendmail. You need to modify the sendmail configuration file (sendmail.cf or sendmail.mc) as you need to tell sendmail to (and how to) contact j-chkmail to process every smtp connexion. Sendmail shall be compiled with the Milter API. This is not the default.

     

  4. Configuring j-chkmail
    1. What configuration files are used by j-chkmail ?
      • j-chkmail.cf - this file contains general configuration data
      • j-local-users - this file contains a list of users which can receive mail only from known IP networks
      • j-nets - this file contains a list of known IP networks : domain ip networks, local ip networks and "friend" ip networks.
      • j-error-msg - this file contains a template of the error message which will replace the original message.
    2. What about sendmail configuration files ?
      You need to modify sendmail configuration file : sendmail.cf. If you use the configuration kit which comes with sendmail, you shall add the following lines to your sendmail.mc file.
        INPUT_MAIL_FILTER(`j-chkmail',`S=inet:2000@localhost, T=C:2m')
        define(`confINPUT_MAIL_FILTERS',`j-chkmail')
      
  5. Running j-chkmail
    1. How do I start j-chkmail daemon ?
      There is a jchkmail.init start-up script at the bin directory of jchkmail source tree. You can use, modify this script and copy it to your /etc/init.d directory to start-up j-chkmail at system startup.
    2. What signals does j-chkmail handle ?
      j-chkmail handles USR1 and USR2 signals.
      When j-chkmail receives a USR1 signal, it dumps statistical values to a stats file (default : /var/tmp/j-stats).
      When j-chkmail receives a USR2 signal, it reloads configuration files.
    3. How does sendmail behave if j-chkmail isn't running or dies ?
      It depends on how your filter is defined at sendmail configuration file. If You put a line like this at your sendmail.mc file :
      INPUT_MAIL_FILTER(`j-chkmail', `S=inet:2000@localhost, F=R, T=C:2m')
      The "F=R" parameter tells sendmail to reject connection if filter unavailable. The better, IMHO is to delete this parameter, so message will pass through sendmail as if the failing filter were not present.
    4. How do I monitor j-chkmail ?
      You can use rrd-jchkmail at the contrib source tree. It's a rrdtool based set of scripts which create a dynamic web page. The pages shows j-chkmail activity.
      You can also take a look at milter logs...
    5. What does the memchkmail script does ?
      It's a script I used to debug j-chkmail. Each 3 minutes it looks if j-chkmail is running. If it's not the case, it lauches j-chkmail again. At the beginning, I had many problems with j-chkmail, as it was not safe in respect to binary mails (you can ask : but why does somebody send binary mail ???).

     


Jose Marcio Martins da Cruz
j-chkmail - © Ecole des Mines de Paris - Centre de Calcul
Last modified: Mon Apr 29 15:10:38 MEST 2002