cbpolicyd with outbound rate limiting is helpful as and when you have a compromised mailbox; by rate limiting the outbound emails you can defer/eliminate your server getting blacklisted, so for me I always deploy cbpolicyd except when there is an outbound email gateway solution with enough horsepower to handle a compromised mailbox.
The documentation indicates that the tuning parameters are localconfig variables. In Zimbra 8.8.x, these are now Global Config variables that are inherited by each MTA server on which you install cbpolicyd.
Zimbra ships with cbpolicyd global config variables now set to the values appropriate for a Medium mailserver. In my own testing on previous versions of Zimbra, a Medium set of performance tuning variables will be fine to handle a few thousand busy mailboxes, at least for outbound rate limiting.
The Certified wiki is here: https://wiki.zimbra.com/wiki/CBpolicyd_support
You can see the defaults Zimbra sets like so:
Code: Select all
ubuntu@zimbra:~$ sudo su - zimbra
zimbra@zimbra:~$ zmprov -l gacf | grep -i cbpolicyd
zimbraCBPolicydAccessControlEnabled: FALSE
zimbraCBPolicydAccountingEnabled: FALSE
zimbraCBPolicydAmavisEnabled: FALSE
zimbraCBPolicydBindPort: 10031
zimbraCBPolicydBypassMode: tempfail
zimbraCBPolicydBypassTimeout: 30
zimbraCBPolicydCheckHeloEnabled: FALSE
zimbraCBPolicydCheckSPFEnabled: FALSE
zimbraCBPolicydGreylistingBlacklistMsg: Greylisting in effect, sending server blacklisted
zimbraCBPolicydGreylistingDeferMsg: Greylisting in effect, please come back later
zimbraCBPolicydGreylistingEnabled: FALSE
zimbraCBPolicydGreylistingTrainingEnabled: FALSE
zimbraCBPolicydLogLevel: 3
zimbraCBPolicydMaxRequests: 1000
zimbraCBPolicydMaxServers: 25
zimbraCBPolicydMaxSpareServers: 12
zimbraCBPolicydMinServers: 4
zimbraCBPolicydMinSpareServers: 4
zimbraCBPolicydQuotasEnabled: TRUE
zimbraCBPolicydTimeoutBusy: 120
zimbraCBPolicydTimeoutIdle: 1020
zimbra@zimbra:~$ Don't edit it, but you can see some explanations of the performance tuning variables on 8.8.x by reviewing the relevant section of /opt/zimbra/conf/cbpolicyd.conf.in for example:
Code: Select all
...
# Preforking configuration
#
# min_server - Minimum servers to keep around
# min_spare_servers - Minimum spare servers to keep around ready to
# handle requests
# max_spare_servers - Maximum spare servers to have around doing nothing
# max_servers - Maximum servers alltogether
# max_requests - Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small mailserver: 2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000
#
min_servers=%%zimbraCBPolicydMinServers%%
min_spare_servers=%%zimbraCBPolicydMinSpareServers%%
max_spare_servers=%%zimbraCBPolicydMaxSpareServers%%
max_servers=%%zimbraCBPolicydMaxServers%%
max_requests=%%zimbraCBPolicydMaxRequests%%
# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging
log_level=%%zimbraCBPolicydLogLevel%%
# File to log to instead of stdout
log_file=@@cbpolicyd_log_file@@
...Hope that helps others,
Mark
