How-to for CBPolicyd Zimbra
Introduction
- Packaged as part of the zimbra-mta package
- Configured to run as a daemon on 127.0.0.1:10031
- Integrated with postfix as a check_policy_service
- Cbpolicyd database uses sqlite
- Default configuration enables quotas module
Enable/Disable
To enable :
zmprov ms <mta server> +zimbraServiceEnabled cbpolicyd
The following changes get written by zmconfigd to postconf :
smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031 smtpd_recipient_restrictions = check_policy_service inet:localhost:10031, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
When the service is enabled the following is logged in /opt/zimbra/log/cbpolicyd.log
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: 2013/04/02-02:15:39 cbp (type Net::Server::PreFork) starting! pid(8686) [2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Resolved [localhost]:10031 to [::1]:10031, IPv6 [2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4 [2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Binding to TCP port 10031 on host ::1 with IPv6 [2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4 [2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Setting gid to "501 501" [2013/04/02-02:15:39 - 8686] [CORE] INFO: Setting up serialization via flock [2013/04/02-02:15:39 - 8686] [CORE] INFO: Beginning prefork (4 processes) [2013/04/02-02:15:39 - 8686] [CORE] INFO: Starting "4" children
Process :
0:00 /usr/bin/perl /opt/zimbra/cbpolicyd/bin/cbpolicyd --config /opt/zimbra/conf/cbpolicyd.conf
To Disable :
zmprov ms <mta server> -zimbraServiceEnabled cbpolicyd
- Note: Ideally zmconfigd should be removing the postconf entry. If it does not then remove run zmcontrol stop;zmcontrol start. This will force a rewrite of the postfix configuration files.
Config file
Config file for the cbpolicyd process :
/opt/zimbra/conf/cbpolicyd.conf.in gets rewritten by configd to /opt/zimbra/conf/cbpolicyd.conf
Configuration of cbpolicyd daemon via localconfig :
# default log, pid and database files cbpolicyd_pid_file cbpolicyd_log_file cbpolicyd_db_file # policyd log_level default is 3 for info,notices,warnings and errors cbpolicyd_log_level=3 [0-4] # use cbpolicyd_log_file (main) or syslog (maillog) for logging cbpolicyd_log_mail=main [main|maillog] # components of policyd to log data cbpolicyd_log_detail=modules [modules,tracking,policies,protocols] # bind host/port default is 127.0.0.1:10031 cbpolicyd_bind_host=127.0.0.1 cbpolicyd_bind_port=10031
# timeout in communication with clients. ZCS7, ZCS8 < 8.0.4 cbpolicyd_timeout=120 # idle timeout with. ZCS 8.0.4 and higher cbpolicyd_timeout_idle=1020
# Busy timeout. ZCS 8.0.4 and higher cbpolicyd_timeout_busy=120
# how many seconds before retrying database connection cbpolicyd_bypass_timeout=30
# what to do when there is a database connection problem cbpolicyd_bypass_mode=tempfail [tempfail|pass] # enable/disable specific policyd modules cbpolicyd_module_accesscontrol=0 [0|1] cbpolicyd_module_accounting=0 [0|1] ZCS8.0.4 and higher cbpolicyd_module_amavis=0 [0|1] ZCS8.0.4 and higher cbpolicyd_module_greylisting=0 [0|1] cbpolicyd_module_greylisting_training=0 [0|1] ZCS8.0.4 and higher. If enabled, greylisting is in training mode only (does not actually do greylisting) cbpolicyd_module_greylisting_defer_msg ZCS8.0.4 and higher. Message to log for deferred mail cbpolicyd_module_greylisting_blacklist_msg ZCS8.0.4 and higher. Message to log for blacklisted mail cbpolicyd_module_checkhelo=0 [0|1] cbpolicyd_module_checkspf=0 [0|1] cbpolicyd_module_quotas=1 [0|1]
Default config values :
$ zmlocalconfig | grep -i cbpolicy cbpolicyd_bind_port = 10031 cbpolicyd_bypass_mode = tempfail cbpolicyd_bypass_timeout = 30 cbpolicyd_cache_file = ${zimbra_home}/data/cache cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb cbpolicyd_log_detail = modules cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log cbpolicyd_log_level = 4 cbpolicyd_log_mail = main cbpolicyd_module_accesscontrol = 0 cbpolicyd_module_checkhelo = 0 cbpolicyd_module_checkspf = 0 cbpolicyd_module_greylisting = 0 cbpolicyd_module_quotas = 1 cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid cbpolicyd_timeout = 120
Logging
Log file for Cbpolicyd :
log_file=/opt/zimbra/log/cbpolicyd.log
Log levels can be controlled by LC – “cbpolicyd_log_level”, the value can be set to one of the below :
# Log level: # 0 - Errors only # 1 - Warnings and errors # 2 - Notices, warnings, errors # 3 - Info, notices, warnings, errors # 4 - Debugging
To log in further detail the below can be set, controlling LC attribute is “cbpolicyd_log_detail”
# modules - Log detailed module running information # tracking - Log detailed tracking information # policies - Log policy resolution # protocols - Log general protocol info, but detailed # bizanga - Log the bizanga protocol # # There is no default for this configuration option. Options can be # separated by commas. ie. protocols,modules # log_detail=modules source : https://wiki.zimbra.com/wiki/How-to_for_cbpolicydPosted on: March 18, 2024, by : Julian's | 72 views