Hello
I have Zimbra Release 8.0.1.GA.5438.UBUNTU12.64 UBUNTU12_64 FOSS edition
Everything is ok, but Policyd is not enabled in admin panel.
zimbra@mail:~$ zmcbpolicydctl status
policyd is running.
tcp 0 0 127.0.0.1:10031 0.0.0.0:* LISTEN 24620/perl
In admin panel Policy service is 127.0.0.0
/opt/zimbra/log/cbpolicyd.log
[2012/11/27-06:34:37 - 24620] [CORE] NOTICE: Process Backgrounded
[2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer - v2.1.0a
[2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Initializing system modules.
[2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: System modules initialized.
[2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Module load started...
[2012/11/27-06:34:37 - 24620] [CORE] NOTICE: => AccessControl: enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => CheckHelo: enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => CheckSPF: enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => Greylisting: enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => Quotas: enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => Protocol(Postfix): enabled
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: => Protocol(Bizanga): enabled
[2012/11/27-06:34:38 - 24620] [CBPOLICYD] NOTICE: Module load done.
[2012/11/27-06:34:38 - 24620] [CBPOLICYD] NOTICE: Session tracking is ENABLED.
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: 2012/11/27-06:34:38 cbp (type Net::Server::PreFork) starting! pid(24620)
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
[2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Setting gid to "1001 1001"
[2012/11/27-06:34:38 - 24620] [CORE] INFO: Setting up serialization via flock
[2012/11/27-06:34:38 - 24620] [CORE] INFO: Beginning prefork (4 processes)
[2012/11/27-06:34:38 - 24620] [CORE] INFO: Starting "4" children
[2012/11/27-06:34:38 - 24648] [CORE] DEBUG: Child Preforked (24648)
[2012/11/27-06:34:38 - 24648] [CBPOLICYD] DEBUG: Starting up caching engine
[2012/11/27-06:34:38 - 24649] [CORE] DEBUG: Child Preforked (24649)
[2012/11/27-06:34:38 - 24649] [CBPOLICYD] DEBUG: Starting up caching engine
[2012/11/27-06:34:38 - 24650] [CORE] DEBUG: Child Preforked (24650)
[2012/11/27-06:34:38 - 24620] [CORE] DEBUG: Parent ready for children.
[2012/11/27-06:34:38 - 24650] [CBPOLICYD] DEBUG: Starting up caching engine
[2012/11/27-06:34:38 - 24651] [CORE] DEBUG: Child Preforked (24651)
[2012/11/27-06:34:38 - 24651] [CBPOLICYD] DEBUG: Starting up caching engine
How to enable cbpolicyd?
How to config it? I did't find WebUi for cbpolicyd
Zimbra 8.0.1 Policyd
Zimbra 8.0.1 Policyd
enable cbpolicyd
http://www.zimbra.com/forums/administra ... post236411
[HowTo] Enabling CBPolicyD in Zimbra 7.1.1
WebUi from home | Policyd Downloads
Policyd - Files - LinuxAssist Development Labs
from cluebringer-v2.1.x-201211111115.zip
http://www.zimbra.com/forums/administra ... post236411
[HowTo] Enabling CBPolicyD in Zimbra 7.1.1
WebUi from home | Policyd Downloads
Policyd - Files - LinuxAssist Development Labs
from cluebringer-v2.1.x-201211111115.zip
-
- Posts: 1
- Joined: Sat Sep 13, 2014 3:09 am
Zimbra 8.0.1 Policyd
Hi,
I wrote this guide for own use. If someone else wants to test Policyd in Zimbra 8 this should help and save you some time. Bottom questions are open to anyone who has some experience with this service.
Zimbra official documentation at Postfix Policyd - Zimbra :: Wiki gives us a simple way for deploying Policyd for versions 7 and 8.
This zmprov command will run the necessary processes for enabling Policyd. If we take a look at official Policyd documentation at installing [PolicyD], we will see that the configuration needs the following steps:
1- Setup a database (SQLite or Mysql).
2- Install Policyd files in filesystem (executable, log directories and other files).
3- Enable web admin interface.
4- Configure Postfix for using Policyd.
Zimbra will do all that tasks automatically, except enabling web interface. This is because there is no “official place†for hosting it in Zimbra services. Zextras tutorial [HowTo] Enabling CBPolicyD in Zimbra 7.1.1 suggests to run it inside Zimbra Apache web server which main purpouse is the spell service.
Lets take a look at what happens after enablig Policyd the “official†way. This is what happens after running
zmprov ms +zimbraServiceEnabled cbpolicyd:
1- The following files appears automatically
[zimbra@host db]$ ls /opt/zimbra/data/cbpolicyd/db/
cbpolicyd.sqlitedb cbpolicyd.sqlitedb.sq3
2-The following configuration appears in main.cf
smtpd_recipient_restrictions = check_policy_service inet:localhost:10031
smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031
3- Policyd process starts
[root@host conf]# ps -A | grep policyd
6370 ? 00:00:00 cbpolicyd
11874 ? 00:00:00 cbpolicyd
15511 ? 00:00:00 cbpolicyd
21215 ? 00:00:00 cbpolicyd
22254 ? 00:00:00 cbpolicyd
22541 ? 00:00:00 cbpolicyd
30914 ? 00:00:00 cbpolicyd
30993 ? 00:00:00 cbpolicyd
Here comes the manual config. If we check current local config for Policyd this is the output:
[zimbra@host db]$ zmlocalconfig | grep policyd
cbpolicyd_bind_port = 10031
cbpolicyd_bypass_mode = tempfail
cbpolicyd_bypass_timeout = 30
cbpolicyd_cache_file = ${zimbra_home}/data/cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_level = 3
cbpolicyd_log_mail = main
cbpolicyd_module_accesscontrol = 0
cbpolicyd_module_checkhelo = 0
cbpolicyd_module_checkspf = 0
cbpolicyd_module_greylisting = 0
cbpolicyd_module_quotas = 1
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
cbpolicyd_timeout = 120
postfix_enable_smtpd_policyd = no
Zextras tutorial suggests the following configuration:
1- Enabling the service, of course.
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
2- Enabling different modules, setting loglevel and other details.
zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1
Afer these comands, local config should look like this:
[zimbra@host db]$ zmlocalconfig | grep policyd
cbpolicyd_bind_port = 10031
cbpolicyd_bypass_mode = tempfail
cbpolicyd_bypass_timeout = 30
cbpolicyd_cache_file = ${zimbra_home}/data/cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules,tracking,policies
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_level = 4
cbpolicyd_log_mail = main
cbpolicyd_module_accesscontrol = 1
cbpolicyd_module_checkhelo = 1
cbpolicyd_module_checkspf = 1
cbpolicyd_module_greylisting = 1
cbpolicyd_module_quotas = 1
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
cbpolicyd_timeout = 120
postfix_enable_smtpd_policyd = yes
For enabling new config we need to restart MTA.
zmmtactl restart
At this point, the service must be running. Now lets go for the web admin interface.
1- Grab the files which are missing in Zimbra Policyd folde fom Policyd - Files - LinuxAssist Development Labs . Download the file cluebringer-snapshot-2.1.x-201205100639.tar.gz.
2- Extract the files inside the webui directory. From here you can choose two ways of running the site.
Option 1: If you want to run the web admin using Zimbra apache spell instance, extract all the php and css files (just files, not folders, because they already exist) in /opt/zimbra/cbpolicyd/share/webui and create a symlink.
cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui
In this case, your web admin will be ready if you point your browser to
This">http://zimbrahost:7780/webui/index.php
This method wont survive a Zimbra update.
Option 2: If you want to run the site in another web server, just extract all the content from webui folder to the web directory of your server. Have in mind that if the server is not inside the Zimbra box, you will need access to the SQLite database files.
For both options, you will need to configure the web admin for connecting to the database. Edit webui/includes/config.php and comment this line:
$DB_DSN="mysql:host=localhost;dbname=cluebringer";
And add this line:
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
Further investigation:
1- Would be a good idea using Zimbra MySQL server for hosting Policyd database? That deployment would be update-proof?
2- If the Zimbra machine doesnt have Apache spell service, what would be a better choice: installing an http server (Apache, Nginx, LightHttpd...) or running the site from another server? In case of choosing another server, what would be the best way to access the SQLite files?
I wrote this guide for own use. If someone else wants to test Policyd in Zimbra 8 this should help and save you some time. Bottom questions are open to anyone who has some experience with this service.
Zimbra official documentation at Postfix Policyd - Zimbra :: Wiki gives us a simple way for deploying Policyd for versions 7 and 8.
This zmprov command will run the necessary processes for enabling Policyd. If we take a look at official Policyd documentation at installing [PolicyD], we will see that the configuration needs the following steps:
1- Setup a database (SQLite or Mysql).
2- Install Policyd files in filesystem (executable, log directories and other files).
3- Enable web admin interface.
4- Configure Postfix for using Policyd.
Zimbra will do all that tasks automatically, except enabling web interface. This is because there is no “official place†for hosting it in Zimbra services. Zextras tutorial [HowTo] Enabling CBPolicyD in Zimbra 7.1.1 suggests to run it inside Zimbra Apache web server which main purpouse is the spell service.
Lets take a look at what happens after enablig Policyd the “official†way. This is what happens after running
zmprov ms +zimbraServiceEnabled cbpolicyd:
1- The following files appears automatically
[zimbra@host db]$ ls /opt/zimbra/data/cbpolicyd/db/
cbpolicyd.sqlitedb cbpolicyd.sqlitedb.sq3
2-The following configuration appears in main.cf
smtpd_recipient_restrictions = check_policy_service inet:localhost:10031
smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031
3- Policyd process starts
[root@host conf]# ps -A | grep policyd
6370 ? 00:00:00 cbpolicyd
11874 ? 00:00:00 cbpolicyd
15511 ? 00:00:00 cbpolicyd
21215 ? 00:00:00 cbpolicyd
22254 ? 00:00:00 cbpolicyd
22541 ? 00:00:00 cbpolicyd
30914 ? 00:00:00 cbpolicyd
30993 ? 00:00:00 cbpolicyd
Here comes the manual config. If we check current local config for Policyd this is the output:
[zimbra@host db]$ zmlocalconfig | grep policyd
cbpolicyd_bind_port = 10031
cbpolicyd_bypass_mode = tempfail
cbpolicyd_bypass_timeout = 30
cbpolicyd_cache_file = ${zimbra_home}/data/cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_level = 3
cbpolicyd_log_mail = main
cbpolicyd_module_accesscontrol = 0
cbpolicyd_module_checkhelo = 0
cbpolicyd_module_checkspf = 0
cbpolicyd_module_greylisting = 0
cbpolicyd_module_quotas = 1
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
cbpolicyd_timeout = 120
postfix_enable_smtpd_policyd = no
Zextras tutorial suggests the following configuration:
1- Enabling the service, of course.
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
2- Enabling different modules, setting loglevel and other details.
zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1
Afer these comands, local config should look like this:
[zimbra@host db]$ zmlocalconfig | grep policyd
cbpolicyd_bind_port = 10031
cbpolicyd_bypass_mode = tempfail
cbpolicyd_bypass_timeout = 30
cbpolicyd_cache_file = ${zimbra_home}/data/cache
cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
cbpolicyd_log_detail = modules,tracking,policies
cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
cbpolicyd_log_level = 4
cbpolicyd_log_mail = main
cbpolicyd_module_accesscontrol = 1
cbpolicyd_module_checkhelo = 1
cbpolicyd_module_checkspf = 1
cbpolicyd_module_greylisting = 1
cbpolicyd_module_quotas = 1
cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
cbpolicyd_timeout = 120
postfix_enable_smtpd_policyd = yes
For enabling new config we need to restart MTA.
zmmtactl restart
At this point, the service must be running. Now lets go for the web admin interface.
1- Grab the files which are missing in Zimbra Policyd folde fom Policyd - Files - LinuxAssist Development Labs . Download the file cluebringer-snapshot-2.1.x-201205100639.tar.gz.
2- Extract the files inside the webui directory. From here you can choose two ways of running the site.
Option 1: If you want to run the web admin using Zimbra apache spell instance, extract all the php and css files (just files, not folders, because they already exist) in /opt/zimbra/cbpolicyd/share/webui and create a symlink.
cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui
In this case, your web admin will be ready if you point your browser to
This">http://zimbrahost:7780/webui/index.php
This method wont survive a Zimbra update.
Option 2: If you want to run the site in another web server, just extract all the content from webui folder to the web directory of your server. Have in mind that if the server is not inside the Zimbra box, you will need access to the SQLite database files.
For both options, you will need to configure the web admin for connecting to the database. Edit webui/includes/config.php and comment this line:
$DB_DSN="mysql:host=localhost;dbname=cluebringer";
And add this line:
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
Further investigation:
1- Would be a good idea using Zimbra MySQL server for hosting Policyd database? That deployment would be update-proof?
2- If the Zimbra machine doesnt have Apache spell service, what would be a better choice: installing an http server (Apache, Nginx, LightHttpd...) or running the site from another server? In case of choosing another server, what would be the best way to access the SQLite files?
Zimbra 8.0.1 Policyd
The best thing to do is to understand how to define policies via the command line, as documented in the wiki.
Postfix Policyd - Zimbra :: Wiki
--Quanah
Postfix Policyd - Zimbra :: Wiki
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
-
- Posts: 11
- Joined: Sat Sep 13, 2014 3:07 am
Zimbra 8.0.1 Policyd
[quote user="quanah"]The best thing to do is to understand how to define policies via the command line, as documented in the wiki.
Postfix Policyd - Zimbra :: Wiki
--Quanah[/QUOTE]
Should i do this:
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain
Postfix Policyd - Zimbra :: Wiki
--Quanah[/QUOTE]
Should i do this:
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain
Zimbra 8.0.1 Policyd
[quote user="essential_mix"]Should i do this:
zmlocalconfig -e postfix_enable_smtpd_policyd=yes[/QUOTE]No, you should not do that.
[quote user="essential_mix"]if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain[/QUOTE]The article gives you exact details on how to enable policyd in the paragraph titled "Enabling policyd ".
zmlocalconfig -e postfix_enable_smtpd_policyd=yes[/QUOTE]No, you should not do that.
[quote user="essential_mix"]if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain[/QUOTE]The article gives you exact details on how to enable policyd in the paragraph titled "Enabling policyd ".