Introduction - What's j-chkmail ???

j-chkmail is a mail filtering software using sendmail milter API. j-chkmail is compatible with UNIX based mailservers running sendmail or postfix.

The goal of j-chkmail is to be able to filter as much messages as possible, as fast as possible and as well as possible. Originally, it's intended to be use in large and heterogeneous communities such as university campus, but not only.

It's a complete and integrated solution including both behavioural filtering (connection rate control, detection of suspicious behaviour, greylisting , …) and content filtering (statistical/bayesian content filtering, pattern matching, URL filtering and heuristic filtering). j-chkmail detects virus by looking for suspicious attached files (defined by their filename extensions or by some regular expression). An external message scanner such as Clamd (from ClamAV) can also be called during message handling.

Some command line tools are included allowing mail admins to get real time information about the filter (counters, statistics, …) without needing to grep log files (which is also available). Modification of many configuration options is possible without stop/starting the filter.

Virus protection

Most viruses today use electronic mail to propagate and are embedded within attached executable files. Most viruses make use of default mail reader configuration, and automatically open received attached files without asking for user permission.

So the idea is to detect messages with these kind of attached files. This is much faster than the usual virus scanning, produces very few false positives, and detects new viruses as soon as they appear. Also, the need for periodic maintenance (signatures database update) is eliminated.

When the filter blocks this kind of message, sender and recipients will receive a replacement message (instead of the original message), stating the reason for why the email was rejected.

You can get more information about unsafe files from Microsoft web site

But if you really want to use a real virus scanner, j-chkmail may be be coupled with some external scanners : ClamAV, McAfee, and f-prot.

Spam protection

j-chkmail is intended to detect spam at large sites, handling many hundreds of thousands messages a day, with users of very different profiles. This is usually a problem as most filters are optimized to handle a homogeneous flow.

j-chkmail does a series of checks (behaviour and content) on messages and connections : connection rate, greylisting, pattern matching, URL filtering and bayesian filtering.

At the first level, the behaviour of gateways are checked. This allows the filter to protect the server against some kind of attacks, and to block a number of trivial spam. These kind of checks usually results in message rejection. This is a “coarse filtering”. Some of evaluations done here are : detection of address harvesting, evaluation of connection rate and globally the contribution of each client to the global load of the filter.

Other filtering methods based on message contents are used to remove remaining spam. This category of messages are usually tagged as being potential spam. Spam detection checks range from pattern matching, URL matching and message conformity to linguistic analysis.

Some latter features added to j-chkmail was adaptive greylisting and bayesian filtering. j-chkmail implementation of greylisting was done in a way to optimize it when in use to handle huge trafic and to prevent attacks to servers using these filtering method.

The last main feature added to j-chkmail is a linear discriminator classifier coupled with active learning. This is the result of a PhD thesis. This classifier provides a much better efficiency over bayesian classifier.

The main goal of j-chkmail is to handle spam for a large and heterogeneous community, such as an university campus, where message handling must be done well and fast.

Filter Monitoring and Control

Monitoring and control is an important part of j-chkmail. It allows administrators to check how their mail server behaves, to evaluate its performance and filtering results, and to control filter behaviour. All of this in real-time ! You can do queries on the filter in different ways to know its activity, without doing greps on long log files. This is also available, but more for looking at precise information than to do real time monitoring.

Other than command line queries, you also have graphical monitoring of the filter activity.

Server Protection

j-chkmail checks, all the time, the state of the filter and of the server. This way it can detect abnormal SMTP client behaviours, change filtering policies depending on the server load, and even selectively reject connections when necessary. This feature allows the mail server to survive even during heavy attacks.


  • License j-chkmail is free (no strings attached) software, distributed under a license similar to GPL. The difference is related to distribution. To redistribute j-chkmail or any derived product, including services, you shall explicitly mention that the product is derived from j-chkmail.
If you use or distribute j-chkmail or any product derived from j-chkmail derived from another product derived from j-chkmail. in any application (commercial or not), including services or whatever else, you MUST clearly indicate that what you're doing is based on j-chkmail on any advertisement about your application. This clause MUST be propagated (ad eternum) to any derived products/services or whatever…

What do you need to run j-chkmail

  • Operating Systems - j-chkmail is running on many UNIX flavors, but it's more extensively tested under SunOS, FreeBSD and Linux, Tru64.
  • Sendmail - j-chkmail uses sendmail libmilter, so it must be installed on a mail server running sendmail version 8.12.0 or newer.
  • Postfix - Postfix release 2.4 fully implements server side libmilter code.

start.txt · Last modified: 2015/05/05 06:34 (external edit)
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0