Introduction

• Packaged as part of the zimbra-mta package
• Configured to run as a daemon on 127.0.0.1:10031
• Integrated with postfix as a check_policy_service
• Cbpolicyd database uses sqlite
• Default configuration enables quotas module

Enable/Disable

To enable :

zmprov ms <mta server> +zimbraServiceEnabled cbpolicyd

The following changes get written by zmconfigd to postconf :

smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031
smtpd_recipient_restrictions = check_policy_service inet:localhost:10031, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit

When the service is enabled the following is logged in /opt/zimbra/log/cbpolicyd.log

[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: 2013/04/02-02:15:39 cbp (type Net::Server::PreFork) starting! pid(8686)
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Resolved [localhost]:10031 to [::1]:10031, IPv6
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031,  IPv4
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Binding to TCP port 10031 on host ::1 with IPv6
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
[2013/04/02-02:15:39 - 8686] [CORE] NOTICE: Setting gid to "501 501"
[2013/04/02-02:15:39 - 8686] [CORE] INFO: Setting up serialization via flock
[2013/04/02-02:15:39 - 8686] [CORE] INFO: Beginning prefork (4 processes)
[2013/04/02-02:15:39 - 8686] [CORE] INFO: Starting "4" children

Process :

 0:00 /usr/bin/perl /opt/zimbra/cbpolicyd/bin/cbpolicyd --config /opt/zimbra/conf/cbpolicyd.conf

To Disable :

zmprov ms <mta server> -zimbraServiceEnabled cbpolicyd

• Note: Ideally zmconfigd should be removing the postconf entry. If it does not then remove run zmcontrol stop;zmcontrol start. This will force a rewrite of the postfix configuration files.

Config file

Config file for the cbpolicyd process :

/opt/zimbra/conf/cbpolicyd.conf.in gets rewritten by configd to /opt/zimbra/conf/cbpolicyd.conf

Configuration of cbpolicyd daemon via localconfig :

 # default log, pid and database files
 cbpolicyd_pid_file
 cbpolicyd_log_file
 cbpolicyd_db_file
 
 # policyd log_level default is 3 for info,notices,warnings and errors
 cbpolicyd_log_level=3            [0-4]
 
 # use cbpolicyd_log_file (main) or syslog (maillog) for logging
 cbpolicyd_log_mail=main          [main|maillog]
 
 # components of policyd to log data
 cbpolicyd_log_detail=modules     [modules,tracking,policies,protocols]
 
 # bind host/port default is 127.0.0.1:10031
 cbpolicyd_bind_host=127.0.0.1   
 cbpolicyd_bind_port=10031

 # timeout in communication with clients. ZCS7, ZCS8 < 8.0.4
 cbpolicyd_timeout=120
 
 # idle timeout with.  ZCS 8.0.4 and higher
 cbpolicyd_timeout_idle=1020

 # Busy timeout.  ZCS 8.0.4 and higher
 cbpolicyd_timeout_busy=120

 # how many seconds before retrying database connection
 cbpolicyd_bypass_timeout=30

 # what to do when there is a database connection problem
 cbpolicyd_bypass_mode=tempfail   [tempfail|pass]
 
 # enable/disable specific policyd modules
 cbpolicyd_module_accesscontrol=0 [0|1]
 cbpolicyd_module_accounting=0    [0|1] ZCS8.0.4 and higher
 cbpolicyd_module_amavis=0        [0|1] ZCS8.0.4 and higher
 cbpolicyd_module_greylisting=0   [0|1]
 cbpolicyd_module_greylisting_training=0  [0|1] ZCS8.0.4 and higher.  If enabled, greylisting is in training mode only (does not actually do greylisting)
 cbpolicyd_module_greylisting_defer_msg  ZCS8.0.4 and higher.  Message to log for deferred mail
 cbpolicyd_module_greylisting_blacklist_msg  ZCS8.0.4 and higher.  Message to log for blacklisted mail
 cbpolicyd_module_checkhelo=0     [0|1]
 cbpolicyd_module_checkspf=0      [0|1]
 cbpolicyd_module_quotas=1        [0|1]

Default config values :

$ zmlocalconfig  | grep -i cbpolicy
cbpolicyd_bind_port = 10031
cbpolicyd_bypass_mode = tempfail
cbpolicyd_bypass_timeout = 30
cbpolicyd_cache_file = ${zimbra_home}/data/cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_level = 4
cbpolicyd_log_mail = main
cbpolicyd_module_accesscontrol = 0
cbpolicyd_module_checkhelo = 0
cbpolicyd_module_checkspf = 0
cbpolicyd_module_greylisting = 0
cbpolicyd_module_quotas = 1
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
cbpolicyd_timeout = 120

Logging

Log file for Cbpolicyd :

log_file=/opt/zimbra/log/cbpolicyd.log

Log levels can be controlled by LC – “cbpolicyd_log_level”, the value can be set to one of the below :

# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging

To log in further detail the below can be set, controlling LC attribute is “cbpolicyd_log_detail”

# modules   - Log detailed module running information
# tracking  - Log detailed tracking information
# policies  - Log policy resolution
# protocols     - Log general protocol info, but detailed
# bizanga   - Log the bizanga protocol
#
# There is no default for this configuration option. Options can be
# separated by commas. ie. protocols,modules
#
log_detail=modules

source : https://wiki.zimbra.com/wiki/How-to_for_cbpolicyd

Posted on: March 18, 2024, by : Julian's | 69 views