|
j-chkmail.cf
|
Table of Contents
You shall take a look at configuration files and modify them to meet your
needs before launch j-chkmail the first time. You should read and
understand what you do before activating some features as you may lost
messages if your filter is wrongly configured. Default behavior is to have
all options disabled.
After modifying configuration files, you can launch j-chkmail with -v
option so see how j-chkmail will read configuration files.
j-chkmail.cf - Default installed configuration
file.
-
DOMAIN - this is your domain name. There is no default
value. Not really used currently.
Syntax :
DOMAIN my-domain.com
Default : no default value
-
J_HOSTNAME - this option tells how j-chkmail sets its
own hostname.
Syntax :
J_HOSTNAME SYSTEM | SENDMAIL | myserver.mydomain.com
Default : SYSTEM
Declaring SYSTEM tells sendmail to use value returned by gethostname
system call. SENDMAIL tells j-chkmail to use value defined by $j macro
from sendmail configuration file. Otherwise, j-chkmail will use
declared value for this option.
-
PRESENCE - this option defines if j-chkmail will add a
header to announce its presence.
Syntax :
PRESENCE SHOW | HIDE
Default : SHOW
-
USER - this option tells j-chkmail to run as USER.
Syntax :
USER user
Default : if not defined nor here, nor at configuration time, smmsp
-
GROUP - this options tells j-chkmail to run as GROUP
Syntax :
GROUP group
Default : if not defined nor here, nor at configuration time, smmsp
sendmail <-> j-chkmail communications
socket - only one declaration is possible.
-
SOCKET - General declaration - Usually, you should use
INET_SOCK or UNIX_SOCK options. The only reason to use this option is
when you want to have j-chkmail and sendmail running on different
machines (e.g. one j-chkmail "filter server" being used by many
sendmail "mail servers)".
Syntax
SOCKET local:/var/jchkmail/j-chkmail.sock (UNIX socket)
SOCKET inet:2000@hostname (INET socket)
-
INET_SOCK - If you've chosen an INET socket at
localhost, only the port number is necessary.
Syntax
INET_SOCK 2000
-
UNIX_SOCK - if you prefer an UNIX socket, you shall
tell j-chkmail the socket name.
Syntax
UNIX_SOCK /var/jchkmail/j-chkmail.sock
Warning messages
-
WARN_SENDER - this option tells j-chkmail if sender
shall receive warning messages.
Syntax :
WARN_SENDER YES | NO
Default : YES
-
WARN_RCPT - this option tells j-chkmail if warning
original recipients shall receive warning messages.
Syntax :
WARN_RCPT YES | NO
Default : YES
-
J_SENDER - This option tells j-chkmail which address
to use when sending warning messages. SENDER preserves sender address.
Syntax :
J_SENDER SENDER | j-master@myserver.mydomain.com
Default : SENDER
-
J_SUBJECT - This option tells j-chkmail if it shall
change Subject header when sending warning messages. SUBJECT preserves
sender address.
Syntax :
J_SUBJECT SUBJECT | [Free text]
Default : SUBJECT
Logging
-
LOG_FACILITY - obvious
Syntax :
LOG_FACILITY local5
Default : local5
-
LOG_LEVEL - obvious
Syntax :
LOG_LEVEL 10
Default : 10
-
STATS_INTERVAL - j-chkmail periodically dumps internal
counters contents. This option defines interval between two dumps. If
this parameter is set to 0, j-chkmail does no dumps.
Syntax :
STATS_INTERVAL 300
Default : 300
-
LOG_ATTACHMENTS - this option tells j-chkmail to log
every attachment detected.
Syntax :
LOG_ATTACHMENTS NO | YES
Default : NO
Configuration files
-
ERROR_MSG_FILE - This file contains warning messages.
Syntax (and default file)
ERROR_MSG_FILE /etc/mail/j-error-msg
-
USERS_FILE - This file contains the list of local
e-mail addresses.
Syntax (and default file)
USERS_FILE /etc/mail/j-local-users
-
NETS_FILE - This file defines classes of networks :
LOCAL, DOMAIN, FRIEND and others if not defined.
Syntax (and default file)
NETS_FILE /etc/mail/j-nets
-
REGEX_FILE - Definition of Regular expressions used
when do contents checking.
Syntax (and default file)
REGEX_FILE /etc/mail/j-regex
-
HOST_ACCESS_FILE - This file complements sendmail
access file and is used to define j-chkmail behavior when mail gateway
matches a filtering criteria. The only currently usage is to accept
messages coming from mail gateways without correct DNS resolution.
Syntax (and default file)
HOST_ACCESS_FILE /etc/mail/j-host-access
-
USER_ACCESS_FILE - Currently unused.
Syntax (and default file)
USER_ACCESS_FILE /etc/mail/j-user-access
-
CW_FILE - This is the file used by sendmail to define
Class W hosts.
Syntax (and default file)
CW_FILE /etc/mail/local-host-names or /etc/mail/sendmail.cw
Work files and directories
-
SPOOLDIR
Syntax (and default file)
SPOOLDIR /var/spool/jchkmail
-
WORKDIR
Syntax (and default file)
WORKDIR /var/jchkmail
-
PID_FILE
Syntax (and default file)
PID_FILE /var/jchkmail/j-chkmail.pid
-
STATS_FILE
Syntax (and default file)
STATS_FILE /var/jchkmail/j-stats
-
STATE_FILE
Syntax (and default file)
STATE_FILE /var/jchkmail/j-state
-
XFILES_LOG
Syntax (and default file)
XFILES_LOG /var/jchkmail/j-files
Internal scanner -
XFiles
-
XFILES - this option tells j-chkmail what to do when
detecting an attached XFILE.
Syntax :
XFILES OK | WARN | REJECT | DISCARD
Default : OK
-
OK - tells j-chkmail to do behave normally if it detects an XFILE.
-
WARN - tells j-chkmail to replace original message by the message
configured at error configuration file (/etc/mail/j-error-msg)
-
REJECT - tells j-chkmail to reject message. Sender receives the
usual MTA error message.
-
DISCARD - message is silently discarded
-
FILE_EXT - this option defines which file extensions
are used to detect "unsafe" attached files. You may define multiple
values each line and declare multiple lines.
Syntax :
FILE_EXT ext1 [ext2] [ext3] ...
Default Values (if not present) :
ade adp bas bat bin btm chm cmd com
cpl crt dll drv exe hlp hta inf ini
ins isp je js jse lnk mdb mde msc
msi msp mst pcd pif reg scr sct shb
shs sys url vb vbe vbs vxd wsc wsf
wsh
You'll probably leave this option commented in order to use default
file extensions.
-
FILE_REGEX - You can also declare "unsafe" files to
being defined by regular expressions appearing in their filenames.
Syntax :
FILE_REGEX regex
-
XFILE_SAVE_MSG -
Syntax :
XFILE_SAVE_MSG YES | NO
Default : NO
Filtering by contents - Regular
Expressions - Experimental
-
CHECK_HEADERS_CONTENT -
Syntax :
CHECK_HEADERS_CONTENT NO | YES
Default : NO
-
CHECK_SUBJECT_CONTENT -
Syntax :
CHECK_SUBJECT_CONTENT NO | YES
Default : NO
-
CHECK_BODY_CONTENT -
Syntax :
CHECK_BODY_CONTENT NO | YES
Default : NO
-
CONTENT_REGEX_MATCHES -
Syntax :
CONTENT_REGEX_MATCHES n
Default : 1
Recipients, Headers and
Encoding
Filtering Intranet Users
-
CHECK_LOCAL_USERS - this option enables checking of
local users recipient addresses (as defined at /etc/mail/j-local-users
file) against known IP networks (as defined at /etc/mail/j-nets file)
Syntax :
CHECK_LOCAL_USERS YES | NO
Default : NO
Number of Recipients
-
CHECK_NB_RCPT - this option enables checking of number
of message recipients and the IP address SMTP connection is coming
from, against known IP networks (as defined at /etc/mail/j-nets file)
Syntax :
CHECK_NB_RCPT YES | NO
Default : NO
-
MAX_RCPT_FROM_XXX - use these options to define
maximum allowed recipients for each message and for each IP network
class.
Syntax :
MAX_RCPT_FROM_DOMAIN 200
MAX_RCPT_FROM_LOCAL 200
MAX_RCPT_FROM_FRIEND 200
MAX_RCPT_FROM_OUTSIDE 25
Default : 200
Presence of headers fields
-
NO_TO_HEADERS - this option enables checking of
existence of at least one recipient address between header fields (To
or Cc or Bcc).
Syntax :
NO_TO_HEADERS OK | REJECT | TEMPFAIL
Default : OK
-
NO_FROM_HEADERS - this option enables checking of
existence of at least one sender address correctly written (fields From
at header or envelope).
Syntax :
NO_FROM_HEADERS OK | REJECT | TEMPFAIL
Default : OK
-
NO_SUJECT_HEADER - this option enables checking of
existence of subject header.
Syntax :
NO_SUBJECT_HEADER OK | REJECT | TEMPFAIL
Default : OK
-
NO_HEADERS - this option enables checking of existence
of at least one header field.
Syntax :
NO_HEADERS OK | REJECT | TEMPFAIL
Default : OK
Entire body encoding - EXPERIMENTAL - Don't use it
-
ENCODING_BASE64 -
Syntax :
ENCODING_BASE64 OK | REJECT
Default : OK
-
ENCODING_QUOTED_PRINTABLE -
Syntax :
ENCODING_QUOTED_PRINTABLE OK | REJECT
Default : OK
-
ENCODING_BINARY -
Syntax :
ENCODING_BINARY OK | REJECT
Default : OK
External Scanner
-
AV_ACTION - this option disables external scanner
checking and tells j-chkmail what to do when external scanner finds a
rejection match.
Syntax :
AV_ACTION OK | WARN | REJECT | DISCARD
Default : OK
-
OK - disables external scanner calls.
-
WARN - tells j-chkmail to replace original message by the message
configured at error configuration file (/etc/mail/j-error-msg)
-
REJECT - tells j-chkmail to reject message. Sender receives the
usual MTA error message.
-
DISCARD - message is silently discarded
-
AV_PORT - port number will be used to communicate with
external scanner server
Syntax :
AV_PORT 2000
-
AV_TYPE, AV_PATH and
AV_ARGS - External scanner specific parameters - these
parameters are specific to each scanner and tells j-chkmail what kind
of scanner is being used, the path to the command line scanner and
eventual parameters to pass to the scanner. Nowadays, only three
scanners are supported by j-chkmail. You can find external scanners
source code (C and Perl) inside contrib/user-filter source tree
to start building your own filter.
Syntax :
# User programmed external scanner
AV_TYPE USER
AV_PATH /usr/local/bin/user-filter
AV_ARGS
# uvscan command line scanner from from McAfee
AV_TYPE UVSCAN
AV_PATH /usr/local/uvscan/uvscan
AV_ARGS --mime --secure -rv --summary --noboot
# vscan command line from Trendmicro
# experimental - not really checked
AV_TYPE TREND
AV_PATH /opt/trend/ISBASE/IScan.BASE/vscan
AV_ARGS -a
-
AV_SAVE_MSG - Use this option to quarantine rejected messages
Syntax :
AV_SAVE_MSG YES | NO
Default : NO
Connection Rate
filtering
-
CHECK_THROTTLE - this option enables checking of
connection rate and the total number of recipients for each mail
gateway over a 10 minutes sliding window. The sliding window is updated
each minute. Maximum allowed rates may be defined for each class of IP
networks.
Syntax :
CHECK_THROTTLE YES | NO
Default : NO
-
TTT_THROTTLE_FROM_XXX - use these
options to define maximum allowed Connection Rate and Recipient Rate
allowed for each relay and for each IP network class.
CONN_THROTTLE_FROM_DOMAIN 200
CONN_THROTTLE_FROM_LOCAL 200
CONN_THROTTLE_FROM_FRIEND 30
CONN_THROTTLE_FROM_OUTSIDE 10
RCPT_THROTTLE_FROM_DOMAIN 200
RCPT_THROTTLE_FROM_LOCAL 200
RCPT_THROTTLE_FROM_FRIEND 100
RCPT_THROTTLE_FROM_OUTSIDE 100
DNS resolution of gateways
This criteria is based on the result of DNS resolution, as seen by
sendmail.
When the DNS resolution of a mail gateway is bad, filtering algorithm is
as follows :
-
If the IP address of mail gateway is listed at j-host-access
configuration file, connection is accepted or rejected according to
value associated to it.
-
If the number of messages accepted for that mail gateway during last 6,
12, 18 and 24 hours is bellow defined quotas, message is accepted.
-
Otherwise, connection is refused.
-
RESOLVE_FORGED - This option allow to reject messages
coming from mail gateways without dns declarations.
Syntax :
RESOLVE_FORGED OK | REJECT
Default : OK
-
RESOLVE_FAIL - This option allow to reject messages
coming from mail gateways having incoherents direct and reverse dns
declarations.
Syntax :
RESOLVE_FAIL OK | REJECT
Default : OK
-
RESOLVE_ACCEPT_nnHXXX - Number of messages
accepted when coming from a mail gateway which doesn't have correct DNS
resolution.
Syntax :
RESOLVE_ACCEPT_06H 2
RESOLVE_ACCEPT_12H 3
RESOLVE_ACCEPT_18H 4
RESOLVE_ACCEPT_24H 4
Default : see above
Jose Marcio Martins da
Cruz
j-chkmail - © Ecole des Mines de Paris - Centre de Calcul
Last
modified: Fri Oct 04 11:07:47 MEST 2002