[[j-ndc]]
Trace: j-regex - Pattern matching configuration file j-chkmail Easy Install Policy Database j-printstats Global Limits j-xfiles Defining actions and headers Configuration files j-chkmail.cf j-ndc

CLI reference

Up

Table of Contents

j-ndc

j-ndc is a command line tool which allows you to interact directly with the filter - verify its internal state, get some statistics, modify its configuration or send commands to it without having to stop and restart it.

j-chkmail has a telnet like server listening on some INET port. j-ndc is a simple telnet like client which helps you to communicate with the filter.

Examples

  • To list all SMTP connections currently being handled by j-chkmail :
j-ndc stats connopen
  • To modify the value of some configuration option, e.g. disable XFILEs checking, without stopping and restarting the filter :
j-ndc setcf XFILES OK
  • To reload configuration files
j-ndc reconfig

j-ndc configuration file

j-ndc looks for its j-ndc.cf configuration file, in this order, inside /etc/mail/jchkmail and /etc. You can use it to define which address and port number, if the instance of j-chkmail to be contacted isn't the default one : 127.0.0.1:2010.

j-ndc.cf

# Default address
#HOST       = 127.0.0.1
#
# Default listening port
#PORT       = 2010

j-chkmail configuration file

You can configure j-chkmail to enable or not it's control channel - unless you have a very good reason to do not enable it, this feature shall be enabled. j-chkmail does a very simple access control, based on IP addresses.

/etc/mail/jchkmail/jchkmail.cf

CTRL_CHANNEL_ENABLE            YES
CTRL_SOCKET                    inet:2010@localhost
CTRL_ACCESS                    NONE

If you set the option CTRL_ACCESS to the value ACCESS, then you can define, at j-policy database (see below) which IP addresses will be able to connect the the filter control channel.

The channel access control is based only on IP address. If the control channel is configured to listen only on localhost IP address, you can eventually disable access control. But this also means that any user being able to log in into the mail server have access to the filter control channel. You shall not disable access control if the control channel is listening on any address other than localhost.

Access control

If you configure the control channel to listen only on IP address 127.0.0.1, you can disable access control. If this isn't the case, you shall list which hosts can connect into the control channel (j-policy database).

/etc/mail/jchkmail/jpolicy.txt

CtrlChan:DEFAULT               REJECT
CtrlChan:127.0.0.1             OK
CtrlChan:194.214.168.176       OK

Getting help

j-ndc can print some limited help information, which explain only how to launch it.

j-ndc -h

$ j-ndc -h
* Trying /etc/mail/jchkmail/j-ndc.cf
Usage:
   j-ndc [-h] [-s server] [-p port] command
     Use the j-ndc script to send a command to the filter.
   Options :
     -h    : This message
     -s    : Server name/address
     -p    : Server port
     -d    : debug
   Commands :
     HELP
     ...
     To know the list of all available commandes type :
            j-ndc help

If you can launch it, j-ndc can connect to the filter and ask him for help on the features available on the filter.

j-ndc help

$ j-ndc help
...
$ j-ndc help setcf
* Trying /etc/mail/jchkmail/j-ndc.cf
# [Connected to localhost:2010]
200 OK - Waiting for commands !
200 Joe's j-chkmail v2.0.0-090131
  SETCF
    * Modify running configuration (overrides j-chkmail values)
    * Syntax :
      j-ndc SETCF option value
200 OK !!

Although it may seen too complicated to create a connection to the filter to get help, it's useful if you're using j-ndc on network where more than one filter is running and they don't have the same configuration or even the same version.

doc/reference/cli/j-ndc.txt · Last modified: 2009/02/15 23:30 (external edit)
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0