[[Quick Start]]
Table of Contents
Quick Start
Beginning : step by step
- Compiling
- Installing / Upgrading
- Where things are installed
- Minimal configuration
- Creating databases
- Creating tables
- Logging
- Launching it for the first time
- Monitoring
Compiling
Unless you have a really good reason to not use default configuration options, the only thing you need to do is to download j-chkmail tarball, uncompress it, configure it and compile it…
$ tar xzf jchkmail-1.11.0.tgz $ cd jchkmail-1.11.0 $ ./configure $ make
Installing and Upgrading
If you're installing it for the first time, the only thing to do is :
$ su # make install
and everything will be installed and needed directories will be created with the right owner and rights. You can skip now to the configuration section.
If you're upgrading an existing installation, you'll probably need to update some configuration files. You MUST :
- read the
ChangeLogfile, to understand what changed since the last installed version - read the
README-X.YYfile - since 1.11 version, this file contains main hints and changes - take a look at
etc/j-chkmail.cf.runningfile - this file shows how the new j-chkmail binary understands your current configuration file, and can show some errors (new undefined or old removed options). If everything is right, or after some configuration changes, you'll probably change current configuration file by this one, as shown bellow :
$ su # /etc/init.d/sendmail stop # /etc/init.d/jchkmail stop # make install # cp /etc/mail/jchkmail/j-chkmail.cf.running /etc/mail/jchkmail/j-chkmail.cf # /etc/init.d/jchkmail start # /etc/init.d/sendmail start
… and everything is done !
Where things are installed
Installation process create directories and put things in many places :
- /usr/sbin - daemons :
j-chkmailandj-greyd - /usr/bin - command line tools
- /etc/mail/jchkmail - configuration file and tables of data
- /var/jchkmail -
- /var/jchkmail/files - text and data files produced by
j-chkmail - /var/jchkmail/cdb - constant databases (opened in RO mode) :
j-urlbl,j-policy,j-rcpt,j-bayes, … - /var/jchkmail/wdb - databases used by j-chkmail to store its data (opened in RW mode) :
j-greyXXX,j-res-cache, … - /var/jchkmail/bayes-toolbox - directory where you can put mailboxes to create the database used by the bayesian filter
- /var/jchkmail/dbtools - directory where are installed command line tools to handle BerkeleyDB databases :
db_archive,db_deadlock,db_hotbackup,db_printlog,db_stat,db_verify,db_checkpoint,db_dump,db_load,db_recoveranddb_upgrade.
- /var/spool/jchkmail - temporary and quarantined message files
Minimal Configuration
j-chkmail
If you do nothing, j-chkmail will only handle messages without any filtering. This very minimal configuration is useful if what you want to do is only to monitor your mailserver : connections/messages/Mbytes handled a day, connection rates, …
The first thing to do is to define your known networks. Before version 1.11, this was done at j-nets file, but this is deprecated and, from now, you must use j-policy database.
You'll probably add some lines like these one : Put your the subnet of your local servers in LOCAL, we will give them better privilege (no greylisting, better rate limits). Then put your clients in DOMAIN and last, some friends server in FRIEND. The other SMTP clients will fall in UNKNOWN NetClass
j-policy.txt
# Our private local network NetClass:10 LOCAL # Our domain public IP addresses NetClass:199.180.10 DOMAIN # Our MXs NetClass:199.180.10.1 LOCAL NetClass:199.180.10.2 LOCAL # NetClass:128.12.12.33 FRIEND
You can use local or inet sockets to enable communications between j-chkmail and sendmail. This is done by the following lines at /etc/mail/jchkmail/j-chkmail.cf file :
j-chkmail.cf
# SOCKET # Communication socket between sendmail and j-chkmail # Syntax : inet:PORT@HOSTNAME | local:SOCKET_PATH SOCKET local:/var/run/jchkmail/j-chkmail.sock
For the first time, you must connect the filter to sendmail and let it run without any feature enabled to verify if it's stable. If this is the case, you can begin enabling each wanted feature.
sendmail
You must tell sendmail that he has to use j-chkmail to filter incoming connections/messages. You can do that at sendmail.cf file.
Prefered way to do that is to add some lines to sendmail.mc file used to generate sendmail.cf file, but you really know what you do, you can add some other lines to sendmail.cf file.
smconfig directory inside j-chkmail distribution directory tree contains two files : milter.mc and milter.cf with the content to be added to sendmail.mc or sendmail.cf file.
milter.mc
dnl
dnl Uncomment one of the following lines
INPUT_MAIL_FILTER(`j-chkmail',`S=inet:2000@localhost, T=C:2m;S:20s;R:20s;E:5m')
dnl
dnl INPUT_MAIL_FILTER(`j-chkmail',`S=local:/var/run/jchkmail/j-chkmail.sock, T=C:2m;S:20s;R:20s;E:5m')
dnl
define(`confINPUT_MAIL_FILTERS',`j-chkmail')
define(`confMILTER_LOG_LEVEL',`9')dnl
dnl
dnl
define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT``, v, {client_resolve}, {client_name}, {client_ptr}'')dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO)dnl
define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM)dnl
define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, {nrcpts}, {nbadrcpts}'')dnl
define(`confMILTER_MACROS_EOM', confMILTER_MACROS_EOM``, {msg_id}'')dnl
Postfix
You can use j-chkmail with postfix if you're running postfix version 2.4 and newers.
If you're still running postfix version 2.3.X, you can use j-chkmail too, but not all features are available. Mainly, postfix versions older than 2.4 can't replace message body.
main.cf
# main.cf configuration options
smtpd_milters = unix:/var/run/jchkmail/j-chkmail.sock
milter_protocol = 4
milter_connect_macros = j {daemon_name} v {client_name}
milter_data_macros = i
milter_end_of_data_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
milter_command_timeout = 30s
milter_connect_timeout = 30s
milter_content_timeout = 40s
milter_default_action = tempfail
non_smtpd_milters =
Creating constant databases - the first time
j-chkmail needs four constant databases : j-policy.db, j-urlbl.db, j-rcpt.db and j-bayes.db. Even if you haven't configured j-chkmail to use them, they must be there. j-chkmail absolutely needs, at least, j-policy.db.
When installing j-chkmail for the first time, please check that these files exist and if not create them at least as empty files (you can use touch).
After creating these these four files, you have to launch a make inside /var/jchkmail/cdb directory to create the .db versions.
Creating tables - the first time
When you install j-chkmail for the first time, this installation procedure will create default needed tables. You can then modify them to fit your needs.
Each time j-chkmail will be upgraded, default tables will be installed with the extension .org.
Logging
Default j-chkmail logging is done by syslog, using LOCAL5 facility.
You'll probably need to configure /etc/syslog.conf to do that in the good place.
local5.* -/var/log/j-chkmail.log
Don't forget to setup some way to rotate j-chkmail logs.
j-chkmail.log file may be rotated using logadm (Solaris), logrotate (Linux) or newsyslog (FreeBSD). Log files inside /var/jchkmail directory may be rotated using j-rotate script.
Launching
Start up script is installed inside /usr/local/etc/rc.d under FreeBSD or inside /etc/init.d directories. Don't forget to create a symbolic link to it inside /etc/rc3.d. Under some Linux distributions (e.g., Fedora, RedHat, you can use /sbin/chkconfig to add it.
Monitoring
Have a look here
