Hi, I need to limit the number of outgoing emails and I have followed the steps in the https://wiki.zimbra.com/wiki/How-to_for_cbpolicyd guide to implement cbpolicyd on my ZSC server 8.8.8 and it did not work for me. Then copy the outputs of the console. I need to find out what the errors are.
Thank you very much and greetings
zimbra@correo1:/home$ zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd && zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
zimbra@correo1:/home$ zmprov gs `zmhostname` | grep zimbraServiceInstalled
zimbraServiceInstalled: amavis
zimbraServiceInstalled: antivirus
zimbraServiceInstalled: antispam
zimbraServiceInstalled: opendkim
zimbraServiceInstalled: stats
zimbraServiceInstalled: logger
zimbraServiceInstalled: proxy
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: spell
zimbraServiceInstalled: convertd
zimbraServiceInstalled: mta
zimbraServiceInstalled: dnscache
zimbraServiceInstalled: ldap
zimbraServiceInstalled: memcached
zimbraServiceInstalled: snmp
zimbraServiceInstalled: cbpolicyd
zimbra@correo1:/home$ zmcbpolicydctl status
policyd is running.
zimbra@correo1:/home$ cat /opt/zimbra/common/conf/main.cf |grep smtpd_end_of_data_restrictions
smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031
zimbra@correo1:/home$ cat /opt/zimbra/common/conf/main.cf |grep smtpd_recipient_restrictions
smtpd_recipient_restrictions = check_policy_service inet:localhost:10031, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
zimbra@correo1:/home$ zmlocalconfig | grep -i cbpolicy
cbpolicyd_cache_file = ${zimbra_home}/data/cbpolicyd/cbpolicyd.cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_mail = main
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
root@correo1:/home# tail -f /opt/zimbra/log/cbpolicyd.log
[2018/06/28-11:13:09 - 3898] [POLICIES] WARNING: [ID:3/Name:Default Inbound]: Error while processing source item '!%internal_ips', skipping...
[2018/06/28-11:13:09 - 3898] [POLICIES] WARNING: [ID:4/Name:Default Internal]=>(group:internal_ips): - Resolved source '' to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
[2018/06/28-11:13:09 - 3898] [POLICIES] WARNING: [ID:4/Name:Default Internal]: Error while processing source item '%internal_ips', skipping...
[2018/06/28-11:13:09 - 3898] [CBPOLICYD] INFO: Got request #45 (pipelined)
[2018/06/28-11:13:09 - 3898] [CBPOLICYD] INFO: Got request #46 (pipelined)
[2018/06/28-11:14:49 - 3894] [CORE] INFO: Killing "1" children
Error Cbpolicyd
Re: Error Cbpolicyd
Actually your cbpolicyd IS working, as your cbpolicyd.log reports.
Did you configure some policies or is it running only the Default Internal as seen on these lines?
Did you configure some policies or is it running only the Default Internal as seen on these lines?
-
- Posts: 14
- Joined: Sat Jun 23, 2018 11:37 pm
- Location: Mendoza, Argentina
- ZCS/ZD Version: 8.8.8 Patch 4 Network Edition
Re: Error Cbpolicyd
Hello Gabriels, thank you for your response. I have applied the following policies to limit the speed:
BEGIN TRANSACTION;
INSERT INTO "policies" VALUES (6, 'Zimbra', 0, 'Zimbra QA Test Policy', 0);
DELETE FROM sqlite_sequence;
INSERT INTO "sqlite_sequence" VALUES ('policies', 6);
INSERT INTO "sqlite_sequence" VALUES ('policy_members', 6);
INSERT INTO "sqlite_sequence" VALUES ('policy_groups', 2);
INSERT INTO "sqlite_sequence" VALUES ('policy_group_members', 3);
INSERT INTO "sqlite_sequence" VALUES ('quotas', 4);
INSERT INTO "sqlite_sequence" VALUES ('quotas_limits', 5);
INSERT INTO "sqlite_sequence" VALUES ('checkhelo_blacklist', 4);
INSERT INTO "policy_members" VALUES (6, 6, 'any', 'any',, 0);
INSERT INTO "quotas" VALUES (3, 6, 'Sender: user @ domain', 'Sender: user @ domain', 60, 'DEFER', 'Deferring: Too many messages from sender in last 60',, 0);
INSERT INTO "quotas" VALUES (4, 6, 'Recipient: @domain', 'Recipient: @domain', 60, 'REJECT',,, 0);
INSERT INTO "quotas_limits" VALUES (4, 3, 'MessageCount', 20,, 0);
INSERT INTO "quotas_limits" VALUES (5, 4, 'MessageCount', 50,, 0);
COMMIT;
It works, the problem is that from webmail interprets each recipient as an email sent. And instead of putting them in the deferred queue it shows an error preventing the sending.
Thanks and regards
BEGIN TRANSACTION;
INSERT INTO "policies" VALUES (6, 'Zimbra', 0, 'Zimbra QA Test Policy', 0);
DELETE FROM sqlite_sequence;
INSERT INTO "sqlite_sequence" VALUES ('policies', 6);
INSERT INTO "sqlite_sequence" VALUES ('policy_members', 6);
INSERT INTO "sqlite_sequence" VALUES ('policy_groups', 2);
INSERT INTO "sqlite_sequence" VALUES ('policy_group_members', 3);
INSERT INTO "sqlite_sequence" VALUES ('quotas', 4);
INSERT INTO "sqlite_sequence" VALUES ('quotas_limits', 5);
INSERT INTO "sqlite_sequence" VALUES ('checkhelo_blacklist', 4);
INSERT INTO "policy_members" VALUES (6, 6, 'any', 'any',, 0);
INSERT INTO "quotas" VALUES (3, 6, 'Sender: user @ domain', 'Sender: user @ domain', 60, 'DEFER', 'Deferring: Too many messages from sender in last 60',, 0);
INSERT INTO "quotas" VALUES (4, 6, 'Recipient: @domain', 'Recipient: @domain', 60, 'REJECT',,, 0);
INSERT INTO "quotas_limits" VALUES (4, 3, 'MessageCount', 20,, 0);
INSERT INTO "quotas_limits" VALUES (5, 4, 'MessageCount', 50,, 0);
COMMIT;
It works, the problem is that from webmail interprets each recipient as an email sent. And instead of putting them in the deferred queue it shows an error preventing the sending.
Thanks and regards
Re: Error Cbpolicyd
I hope these are mockups and you don't exactly copypasted them from there: https://wiki.zimbra.com/wiki/Cluebringe ... _cbpolicyd ?ALP wrote: INSERT INTO "quotas" VALUES (3, 6, 'Sender: user @ domain', 'Sender: user @ domain', 60, 'DEFER', 'Deferring: Too many messages from sender in last 60',, 0);
INSERT INTO "quotas" VALUES (4, 6, 'Recipient: @domain', 'Recipient: @domain', 60, 'REJECT',,, 0);
Anyways, using 'Sender:user@domain' as tracker, tracks every single message and is not so good in case of Cc or lists. Use 'SASLUsername:username' instead, with the SASL username as value.
And finally, don't go crazy policing with sqlite, use the webui: https://wiki.zimbra.com/wiki/King0770-N ... nsupported (if you are on ZCS>=8.7 use the correct path, /opt/zimbra/common/share/webui )
-
- Posts: 14
- Joined: Sat Jun 23, 2018 11:37 pm
- Location: Mendoza, Argentina
- ZCS/ZD Version: 8.8.8 Patch 4 Network Edition
Re: Error Cbpolicyd
Hello Gabrieles, gracais for your answer.
The exact policies I am using are the following:
BEGIN TRANSACTION;
INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');
INSERT INTO "policy_members" (PolicyID,Source,Destination) VALUES(6, 'any', 'any');
INSERT INTO "quotas" (PolicyID,Name,Track,Period,Verdict,Data) VALUES (6, 'LimiteDeEnvios','Sender:user@domain', 60, 'DEFER', 'Deferring: Too many messages from sender in last 60');
INSERT INTO "quotas_limits" (QuotasID,Type,CounterLimit) VALUES(3, 'MessageCount', 3);
COMMIT;
The problem is that from webmail it takes each recipient as a sent message.
$cat /opt/zimbra/log/cbpolicyd.log
[2018/07/04-09:04:08 - 3693] [CORE] INFO: module=Quotas, action=defer, host=a.b.c.d, helo=correo1.dominio.com, from=admin@dominio.com, to=prueba2@dominio.com, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:admin@dominio.com, counter=MessageCount, quota=5.00/3 (166.7%)
Also instead of putting the emails in the tail of differed, it shows the user the following message.
Mensaje no enviado; una o más direcciones no han sido aceptadas.
Direcciones rechazadas: c <prueba2@dominio.com>
method: [unknown]
msg: Invalid address: c <prueba2@dominio.com>. com.zimbra.cs.mailbox.MailSender$SafeSendFailedException: MESSAGE_NOT_DELIVERED; chained exception is: com.zimbra.cs.mailclient.smtp.InvalidRecipientException: RCPT failed: Invalid recipient prueba2@dominio.com: 450 4.7.1 <admin@dominio.com>: Sender address rejected: Deferring: Too many messages from sender in last 60
code: mail.SEND_ABORTED_ADDRESS_FAILURE
detail: soap:Sender
trace: qtp1684106402-16:1530705848687:9a3f581427d2cc76
request:
.....
.....
.....
I enabled webui and created the policies from the interface I got the same result.
Also replace 'Sender: user @ domain' with 'SASLUsername: username' but it does not apply to shipments from webmail.
Do you have any idea why this is ...?
Thank you very much
The exact policies I am using are the following:
BEGIN TRANSACTION;
INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');
INSERT INTO "policy_members" (PolicyID,Source,Destination) VALUES(6, 'any', 'any');
INSERT INTO "quotas" (PolicyID,Name,Track,Period,Verdict,Data) VALUES (6, 'LimiteDeEnvios','Sender:user@domain', 60, 'DEFER', 'Deferring: Too many messages from sender in last 60');
INSERT INTO "quotas_limits" (QuotasID,Type,CounterLimit) VALUES(3, 'MessageCount', 3);
COMMIT;
The problem is that from webmail it takes each recipient as a sent message.
$cat /opt/zimbra/log/cbpolicyd.log
[2018/07/04-09:04:08 - 3693] [CORE] INFO: module=Quotas, action=defer, host=a.b.c.d, helo=correo1.dominio.com, from=admin@dominio.com, to=prueba2@dominio.com, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:admin@dominio.com, counter=MessageCount, quota=5.00/3 (166.7%)
Also instead of putting the emails in the tail of differed, it shows the user the following message.
Mensaje no enviado; una o más direcciones no han sido aceptadas.
Direcciones rechazadas: c <prueba2@dominio.com>
method: [unknown]
msg: Invalid address: c <prueba2@dominio.com>. com.zimbra.cs.mailbox.MailSender$SafeSendFailedException: MESSAGE_NOT_DELIVERED; chained exception is: com.zimbra.cs.mailclient.smtp.InvalidRecipientException: RCPT failed: Invalid recipient prueba2@dominio.com: 450 4.7.1 <admin@dominio.com>: Sender address rejected: Deferring: Too many messages from sender in last 60
code: mail.SEND_ABORTED_ADDRESS_FAILURE
detail: soap:Sender
trace: qtp1684106402-16:1530705848687:9a3f581427d2cc76
request:
.....
.....
.....
I enabled webui and created the policies from the interface I got the same result.
Also replace 'Sender: user @ domain' with 'SASLUsername: username' but it does not apply to shipments from webmail.
Do you have any idea why this is ...?
Thank you very much
Re: Error Cbpolicyd
hello,
did you found the solution for this issue? I also have the same issue with verdict defer. The emails are getting rejected rather than getting deffered.
did you found the solution for this issue? I also have the same issue with verdict defer. The emails are getting rejected rather than getting deffered.