Ecole des Mines de Paris

SourceForge.net Logo

Joe's j-chkmail Frequently Asked Questions


  1. Getting j-chkmail and j-chkmail links
  2. j-chkmail specifications
  3. Installing j-chkmail
  4. Configuring j-chkmail
  5. Running j-chkmail

  1. Getting j-chkmail and j-chkmail links
     
    1. Where is j-chkmail download page ?
      You can download j-chkmail from :
       
    2. Is j-chkmail a free software ?
      Yes. j-chkmail is utilisable under GPL license.
       
    3. Does j-chkmail have a mailing list ?
      Yes : jchkmail @ listes.ensmp.fr. To subscribe, you should send a mail to sympa @ listes.ensmp.fr with the subject "subscribe", or visit the web page http://listes.ensmp.fr/wws/info/jchkmail

     

  2. j-chkmail specifications
     
    1. What's j-chkmail ?
      j-chkmail is a mail filter to be used in conjunction with sendmail. It intends to be very scalable. Scalable means that we may be able to add as many new features as we want. Every j-chkmail feature shall be activated and configured at configuration files.
       
    2. What does j-chkmail do ?
      j-chkmail filters mail in many ways :
      • mails containing "unsafe" attached files - The "unsafe" category represents any extension that may have script or code associated with it (a virus, for example). This kind of file is what we call X-file. X-files are defined at configuration files by their filename extension or regular expressions appearing in their filenames.
        This kind of filtering is done by an internal mail scanner. If an X-file is detected inside a message, j-chkmail can do nothing, replace original message by a warning message, discard message or reject message.
        You can get more information about X-files at http://support.microsoft.com or http://www.cknow.com/ctutor
      • mails containing virus - this filtering is done by an external scanner (not included). Nowadays, j-chkmail is interfaced to Sophos sweep, NAI uvscan and Trendmicro vscan virus scanners.
      • intranet e-mail addresses - you can define a class of users which can receive mail only from your domain or local network (filtering based on IP addresses).For example, you can say : root user can receive mail only from local network.
      • filter mail based on the number of recipients and the IP network the message is coming from.
      • conformance of headers to RFC.
      • Many other options. Take a look at the configuration file. Most possibilities appears at this file.

       
    3. Which MTAs does j-chkmail supports ?
      j-chkmail uses sendmail milter API. So it supports only sendmail.
       
    4. Which operating systems does j-chkmail support ?
      I've tested j-chkmail under Solaris 8 and Linux. As j-chkmail uses only standard C library functions and the sendmail milter API, j-chkmail should run without problems in any computer and operating system able to run sendmail.
       
    5. Is j-chkmail an antivirus ? What's the differences ?
      No. j-chkmail isn't an antivirus. Antivirus scans mails and attached files and compares their signatures to every known virus signatures (near 100000 nowadays). j-chkmail bases it's accept/discard decision only on filename patterns.
       
    6. Is j-chkmail better or worst than an antivirus ?
      Again, j-chkmail isn't an antivirus. j-chkmail is better than an antivirus in two situations : j-chkmail is faster and it consummes less ressources; j-chkmail may refuse new (executable file) virus before real antivirus, as it doesn't needs signature files. In other hand, j-chkmail doesn't detects virus and worms such as Word Macros.
       
    7. What file extensions are blocked by j-chkmail ?
      It's your business to configure file extensions you want to filter. Meanwhile, j-chkmail provides a default list provided by Microsoft and considered as being unsafe files.
      File extension  File type
      ---------------------------------------------------
      .ade            Microsoft Access project extension 
      .adp            Microsoft Access project 
      .bas            Microsoft Visual Basic class module 
      .bat            Batch file 
      .chm            Compiled HTML Help file 
      .cmd            Microsoft Windows NT Command script 
      .com            Microsoft MS-DOS program 
      .cpl            Control Panel extension 
      .crt            Security certificate 
      .exe            Program 
      .hlp            Help file 
      .hta            HTML program
      .inf            Setup Information 
      .ins            Internet Naming Service 
      .isp            Internet Communication settings 
      .js             JScript file 
      .jse            Jscript Encoded Script file 
      .lnk            Shortcut 
      .mdb            Microsoft Access program 
      .mde            Microsoft Access MDE database 
      .msc            Microsoft Common Console document 
      .msi            Microsoft Windows Installer package 
      .msp            Microsoft Windows Installer patch 
      .mst            Microsoft Visual Test source files 
      .pcd            Photo CD image, Microsoft Visual compiled script 
      .pif            Shortcut to MS-DOS program 
      .reg            Registration entries 
      .scr            Screen saver 
      .sct            Windows Script Component 
      .shb            Shell Scrap object
      .shs            Shell Scrap object 
      .url            Internet shortcut 
      .vb             VBScript file 
      .vbe            VBScript Encoded script file 
      .vbs            VBScript file 
      .wsc            Windows Script Component 
      .wsf            Windows Script file 
      .wsh            Windows Script Host Settings file
      
    8. I'd like to know if j-chkmail blocks some kind of attached file. How can I check it ?
      Send it to the address j-chkmail-test@paris.ensmp.fr. If j-chkmail blocks it, you'll receive the warning answer. If not, I'll have a new sample to work on... 8-). Thanks a lot !
       
    9. When do I use j-chkmail ?
      You may use j-chkmail when performance is an issue. As j-chkmail doesn't really read and decode attached files, it's very fast. So, you may use j-chkmail when you have a heavy traffic mail server or when your server isn't huge enough to run an antivirus.
       
    10. Do I need a huge machine to run j-chkmail ? What about memory and CPU usage ?
      No. j-chkmail consummes less than 5 Mo memory under Sun Solaris, and CPU usage is less than sendmail itself.
       
    11. So, what about software and hardware requirements ?
      j-chkmail software uses less than 2 Mo of disk place. But you may need more place to store logs (if you do it). At our trafic level, log file size is about 10 Mo a week.
      j-chkmail memory usage is under 5 Mo under Solaris 8. It's near the same thing under Linux.
       
    12. When do I need to update j-chkmail ?
      j-chkmail doesn't work with signature files. So, you only need to update j-chkmail when there's a new software release.
       
    13. Why j-chkmail doesn't save refused mail ?
      The first answer is : it's easier to program j-chkmail to do this than to save and manage rejected mails. The second answer is : that is the way we'd like j-chkmail to behave. Maybe we'll do this in the future and if enough people ask us to do it...
       
    14. What about the future of j-chkmail ?
      I don't know. If you have ideas, needs or suggestions, feel free to tell us about it.
      There will be another release soon with some interesting new features.

     

  3. Installing j-chkmail
     
    1. How do I install j-chkmail ?
      Begin reading the files README and INSTALL at j-chkmail root source directory. You may also check j-chkmail home page as it has the most recent information.
       
    2. Which sendmail versions are supported ?
      Any versions beginning with 8.11, but we strongly encourage to use version versions 8.12.3 and newers.
      But It seems that you can compile (and link and run) j-chkmail with one version of libmilter and run another sendmail version. As libmilter was experimental at 8.11 sendmail version. It's preferable to use version 8.12 and newers.
       
    3. What do I need to run j-chkmail ? What are the main changes to do ?
      You need nothing more than sendmail. You need to modify the sendmail configuration file (sendmail.cf or sendmail.mc) as you need to tell sendmail to (and how to) contact j-chkmail to process every smtp connexion. Sendmail shall be compiled with the Milter API. This is not the default.

     

  4. Configuring j-chkmail
     
    1. What configuration files are used by j-chkmail ?
      • j-chkmail.cf - this file contains general configuration data
      • j-local-users - this file contains a list of users which can receive mail only from known IP networks
      • j-nets - this file contains a list of known IP networks : domain ip networks, local ip networks and "friend" ip networks.
      • j-regex - this file contains a list of regular expressions used when doing contents checking
      • j-host-access - this file contains a list of hosts with additionnal access information - blacklist or whitelist. Currently, this file is used only to allow access to mail gateways which doesn't have correct DNS resolutions.
      • j-user-access - This file is not used at this time.
      • j-error-msg - this file contains a template of the error message which will replace the original message.

       
    2. What about sendmail configuration files ?
      You need to modify sendmail configuration file : sendmail.cf. If you use the configuration kit which comes with sendmail, you shall add the following lines to your sendmail.mc file.
        INPUT_MAIL_FILTER(`j-chkmail',`S=inet:2000@localhost, T=C:2m')
        define(`confINPUT_MAIL_FILTERS',`j-chkmail')
      
  5. Running j-chkmail
     
    1. How do I start j-chkmail daemon ?
      There is a jchkmail.init start-up script at the bin directory of jchkmail source tree. You can use, modify this script and copy it to your /etc/init.d directory to start-up j-chkmail at system startup.
       
    2. What signals does j-chkmail handle ?
      j-chkmail handles HUP, USR1 and USR2 signals.
      When j-chkmail receives a HUP signal, it reloads configuration files
      When j-chkmail receives a USR1 signal, it dumps statistical values to a stats file (default : /var/jchkmail/j-stats) and counters values to a state value (default : /var/jchkmail/j-state).
      When j-chkmail receives a USR2 signal, it clears statistical counters.
      You should send signals only to j-chkmail father process and let him do the job of deciding what to do with children. To do this safely, you can read the file containing j-chkmail father pid and do something like :
          kill -HUP `head -1 /var/jchkmail/j-chkmail.pid`
      
    3. How does sendmail behave if j-chkmail isn't running or dies ?
      It depends on how your filter is defined at sendmail configuration file. If You put a line like this at your sendmail.mc file :
        INPUT_MAIL_FILTER(`j-chkmail',`S=inet:2000@localhost,F=R,T=C:2m')
      
      The "F=R" parameter tells sendmail to reject connection if filter unavailable. The better, IMHO is to delete this parameter, so message will pass through sendmail as if the failing filter were not present.
       
    4. How do I monitor j-chkmail ?
      You can use rrd-jchkmail at the contrib source tree. It's a rrdtool based set of scripts which create a dynamic web page. The pages shows j-chkmail activity.
      You can also take a look at milter logs...
       

     


Jose Marcio Martins da Cruz
j-chkmail - © Ecole des Mines de Paris - Centre de Calcul
Last modified: Fri May 17 11:34:33 MEST 2002