Ecole des Mines de Paris

SourceForge.net Logo

j-chkmail.cf


Table of Contents

j-chkmail.cf configuration file

You shall take a look at configuration files and modify them to meet your needs before launch j-chkmail the first time. You should read and understand what you do before activating some features as you may lost messages if your filter is wrongly configured. Default behavior is to have all options disabled.

After modifying configuration files, you can launch j-chkmail with -v option so see how j-chkmail will read configuration files.

j-chkmail.cf - Default installed configuration file.
 



General section


  1. DOMAIN - this is your domain name. There is no default value. Not really used currently.
    Syntax : 
    DOMAIN                  my-domain.com
    Default : no default value
    
  2. J_HOSTNAME - this option tells how j-chkmail sets its own hostname.
    Syntax :
    J_HOSTNAME              SYSTEM | SENDMAIL | myserver.mydomain.com
    Default : SYSTEM
    
    Declaring SYSTEM tells sendmail to use value returned by gethostname system call. SENDMAIL tells j-chkmail to use value defined by $j macro from sendmail configuration file. Otherwise, j-chkmail will use declared value for this option.
     
  3. PRESENCE - this option defines if j-chkmail will add a header to announce its presence.
    Syntax :
    PRESENCE                SHOW | HIDE
    Default : SHOW
    
  4. USER - this option tells j-chkmail to run as USER.
    Syntax :
    USER                    user
    Default : if not defined nor here, nor at configuration time, smmsp
    
  5. GROUP - this options tells j-chkmail to run as GROUP
    Syntax :
    GROUP                   group
    Default : if not defined nor here, nor at configuration time, smmsp
    
sendmail <-> j-chkmail communications socket - only one declaration is possible.
 
  1. SOCKET - General declaration - Usually, you should use INET_SOCK or UNIX_SOCK options. The only reason to use this option is when you want to have j-chkmail and sendmail running on different machines (e.g. one j-chkmail "filter server" being used by many sendmail "mail servers)".
    Syntax
    SOCKET                  local:/var/jchkmail/j-chkmail.sock (UNIX socket)
    SOCKET                  inet:2000@hostname            (INET socket)
    
  2. INET_SOCK - If you've chosen an INET socket at localhost, only the port number is necessary.
    Syntax
    INET_SOCK               2000
    
  3. UNIX_SOCK - if you prefer an UNIX socket, you shall tell j-chkmail the socket name.
    Syntax
    UNIX_SOCK               /var/jchkmail/j-chkmail.sock
    
Warning messages
 
  1. WARN_SENDER - this option tells j-chkmail if sender shall receive warning messages.
    Syntax :
    WARN_SENDER             YES | NO
    Default : YES
    
  2. WARN_RCPT - this option tells j-chkmail if warning original recipients shall receive warning messages.
    Syntax :
    WARN_RCPT               YES | NO
    Default : YES
    
  3. J_SENDER - This option tells j-chkmail which address to use when sending warning messages. SENDER preserves sender address.
    Syntax :
    J_SENDER                SENDER |  j-master@myserver.mydomain.com
    Default : SENDER
    
  4. J_SUBJECT - This option tells j-chkmail if it shall change Subject header when sending warning messages. SUBJECT preserves sender address.
    Syntax :
    J_SUBJECT                SUBJECT |  [Free text]
    Default : SUBJECT
    
Logging
 
  1. LOG_FACILITY - obvious
    Syntax :
    LOG_FACILITY            local5
    Default : local5
    
  2. LOG_LEVEL - obvious
    Syntax :
    LOG_LEVEL               10
    Default : 10
    
  3. STATS_INTERVAL - j-chkmail periodically dumps internal counters contents. This option defines interval between two dumps. If this parameter is set to 0, j-chkmail does no dumps.
    Syntax :
    STATS_INTERVAL          300
    Default : 300
    
  4. LOG_ATTACHMENTS - this option tells j-chkmail to log every attachment detected.
    Syntax :
    LOG_ATTACHMENTS         NO | YES
    Default : NO
    
Configuration files
 
  1. ERROR_MSG_FILE - This file contains warning messages.
    Syntax (and default file)
    ERROR_MSG_FILE          /etc/mail/j-error-msg
    
  2. USERS_FILE - This file contains the list of local e-mail addresses.
    Syntax (and default file)
    USERS_FILE              /etc/mail/j-local-users
    
  3. NETS_FILE - This file defines classes of networks : LOCAL, DOMAIN, FRIEND and others if not defined.
    Syntax (and default file)
    NETS_FILE               /etc/mail/j-nets
    
  4. REGEX_FILE - Definition of Regular expressions used when do contents checking.
    Syntax (and default file)
    REGEX_FILE              /etc/mail/j-regex
    
  5. HOST_ACCESS_FILE - This file complements sendmail access file and is used to define j-chkmail behavior when mail gateway matches a filtering criteria. The only currently usage is to accept messages coming from mail gateways without correct DNS resolution.
    Syntax (and default file)
    HOST_ACCESS_FILE        /etc/mail/j-host-access
    
  6. USER_ACCESS_FILE - Currently unused.
    Syntax (and default file)
    USER_ACCESS_FILE        /etc/mail/j-user-access
    
  7. CW_FILE - This is the file used by sendmail to define Class W hosts.
    Syntax (and default file)
    CW_FILE                 /etc/mail/local-host-names or /etc/mail/sendmail.cw
    
Work files and directories
 
  1. SPOOLDIR
    Syntax (and default file)
    SPOOLDIR                /var/spool/jchkmail
    
  2. WORKDIR
    Syntax (and default file)
    WORKDIR                 /var/jchkmail
    
  3. PID_FILE
    Syntax (and default file)
    PID_FILE                /var/jchkmail/j-chkmail.pid
    
  4. STATS_FILE
    Syntax (and default file)
    STATS_FILE              /var/jchkmail/j-stats
    
  5. STATE_FILE
    Syntax (and default file)
    STATE_FILE              /var/jchkmail/j-state
    
  6. XFILES_LOG
    Syntax (and default file)
    XFILES_LOG              /var/jchkmail/j-files
    

Contents Filtering


Internal scanner - XFiles
 
  1. XFILES - this option tells j-chkmail what to do when detecting an attached XFILE.
    Syntax :
    XFILES                  OK | WARN | REJECT | DISCARD
    Default : OK
    

     
  2. FILE_EXT - this option defines which file extensions are used to detect "unsafe" attached files. You may define multiple values each line and declare multiple lines.
    Syntax :
    FILE_EXT                ext1 [ext2] [ext3] ...
    Default Values (if not present) :
         ade   adp   bas   bat   bin   btm   chm   cmd   com   
         cpl   crt   dll   drv   exe   hlp   hta   inf   ini   
         ins   isp   je    js    jse   lnk   mdb   mde   msc   
         msi   msp   mst   pcd   pif   reg   scr   sct   shb   
         shs   sys   url   vb    vbe   vbs   vxd   wsc   wsf   
         wsh   
    

    You'll probably leave this option commented in order to use default file extensions.
     

  3. FILE_REGEX - You can also declare "unsafe" files to being defined by regular expressions appearing in their filenames.
    Syntax :
    FILE_REGEX              regex
    
  4. XFILE_SAVE_MSG -
    Syntax :
    XFILE_SAVE_MSG          YES | NO
    Default : NO
    
Filtering by contents - Regular Expressions - Experimental
 
  1. CHECK_HEADERS_CONTENT -
    Syntax :
    CHECK_HEADERS_CONTENT    NO | YES
    Default : NO
    
  2. CHECK_SUBJECT_CONTENT -
    Syntax :
    CHECK_SUBJECT_CONTENT    NO | YES
    Default : NO
    
  3. CHECK_BODY_CONTENT -
    Syntax :
    CHECK_BODY_CONTENT       NO | YES
    Default : NO
    
  4. CONTENT_REGEX_MATCHES -
    Syntax :
    CONTENT_REGEX_MATCHES    n
    Default : 1
    
 
Recipients, Headers and Encoding  

Filtering Intranet Users
 

  1. CHECK_LOCAL_USERS - this option enables checking of local users recipient addresses (as defined at /etc/mail/j-local-users file) against known IP networks (as defined at /etc/mail/j-nets file)
    Syntax :
    CHECK_LOCAL_USERS       YES | NO
    Default : NO
    
Number of Recipients
 
  1. CHECK_NB_RCPT - this option enables checking of number of message recipients and the IP address SMTP connection is coming from, against known IP networks (as defined at /etc/mail/j-nets file)
    Syntax :
    CHECK_NB_RCPT           YES | NO
    Default : NO
    
  2. MAX_RCPT_FROM_XXX - use these options to define maximum allowed recipients for each message and for each IP network class.
    Syntax :
    MAX_RCPT_FROM_DOMAIN    200
    MAX_RCPT_FROM_LOCAL     200
    MAX_RCPT_FROM_FRIEND    200
    MAX_RCPT_FROM_OUTSIDE    25
    Default : 200
    

Presence of headers fields
 

  1. NO_TO_HEADERS - this option enables checking of existence of at least one recipient address between header fields (To or Cc or Bcc).
    Syntax :
    NO_TO_HEADERS           OK | REJECT | TEMPFAIL
    Default : OK
    
  2. NO_FROM_HEADERS - this option enables checking of existence of at least one sender address correctly written (fields From at header or envelope).
    Syntax :
    NO_FROM_HEADERS         OK | REJECT | TEMPFAIL
    Default : OK
    
  3. NO_SUJECT_HEADER - this option enables checking of existence of subject header.
    Syntax :
    NO_SUBJECT_HEADER       OK | REJECT | TEMPFAIL
    Default : OK
    
  4. NO_HEADERS - this option enables checking of existence of at least one header field.
    Syntax :
    NO_HEADERS              OK | REJECT | TEMPFAIL
    Default : OK
    

Entire body encoding - EXPERIMENTAL - Don't use it
 

External Scanner
 

  1. AV_ACTION - this option disables external scanner checking and tells j-chkmail what to do when external scanner finds a rejection match.
    Syntax :
    AV_ACTION               OK | WARN | REJECT | DISCARD
    Default : OK
    

     
  2. AV_PORT - port number will be used to communicate with external scanner server
    Syntax :
    AV_PORT                 2000
    
  3. AV_TYPE, AV_PATH and AV_ARGS - External scanner specific parameters - these parameters are specific to each scanner and tells j-chkmail what kind of scanner is being used, the path to the command line scanner and eventual parameters to pass to the scanner. Nowadays, only three scanners are supported by j-chkmail. You can find external scanners source code (C and Perl) inside contrib/user-filter source tree to start building your own filter.
    Syntax :
    # User programmed external scanner
    AV_TYPE                 USER
    AV_PATH                 /usr/local/bin/user-filter
    AV_ARGS                
    
    # uvscan command line scanner from from McAfee
    AV_TYPE                 UVSCAN
    AV_PATH                 /usr/local/uvscan/uvscan
    AV_ARGS                 --mime --secure -rv --summary --noboot
    
    # vscan command line from Trendmicro 
    # experimental - not really checked
    AV_TYPE                 TREND
    AV_PATH                 /opt/trend/ISBASE/IScan.BASE/vscan
    AV_ARGS                 -a
    
  4. AV_SAVE_MSG - Use this option to quarantine rejected messages
    Syntax :
    AV_SAVE_MSG             YES | NO
    Default : NO
    

Gateway Behavior


Connection Rate filtering
 
  1. CHECK_THROTTLE - this option enables checking of connection rate and the total number of recipients for each mail gateway over a 10 minutes sliding window. The sliding window is updated each minute. Maximum allowed rates may be defined for each class of IP networks.
    Syntax :
    CHECK_THROTTLE          YES | NO
    Default : NO
    
  2. TTT_THROTTLE_FROM_XXX - use these options to define maximum allowed Connection Rate and Recipient Rate allowed for each relay and for each IP network class.
    CONN_THROTTLE_FROM_DOMAIN    200
    CONN_THROTTLE_FROM_LOCAL     200
    CONN_THROTTLE_FROM_FRIEND    30
    CONN_THROTTLE_FROM_OUTSIDE   10
    
    RCPT_THROTTLE_FROM_DOMAIN    200
    RCPT_THROTTLE_FROM_LOCAL     200
    RCPT_THROTTLE_FROM_FRIEND    100
    RCPT_THROTTLE_FROM_OUTSIDE   100
    
DNS resolution of gateways

This criteria is based on the result of DNS resolution, as seen by sendmail.

When the DNS resolution of a mail gateway is bad, filtering algorithm is as follows :

  1. RESOLVE_FORGED - This option allow to reject messages coming from mail gateways without dns declarations.
    Syntax :
    RESOLVE_FORGED           OK | REJECT
    Default : OK
    
  2. RESOLVE_FAIL - This option allow to reject messages coming from mail gateways having incoherents direct and reverse dns declarations.
    Syntax :
    RESOLVE_FAIL             OK | REJECT
    Default : OK
    
  3. RESOLVE_ACCEPT_nnHXXX - Number of messages accepted when coming from a mail gateway which doesn't have correct DNS resolution.
    Syntax :
    RESOLVE_ACCEPT_06H        2
    RESOLVE_ACCEPT_12H        3
    RESOLVE_ACCEPT_18H        4
    RESOLVE_ACCEPT_24H        4
    Default : see above
    
 


Jose Marcio Martins da Cruz
j-chkmail - © Ecole des Mines de Paris - Centre de Calcul
Last modified: Fri Oct 04 11:07:47 MEST 2002