Results 1 to 2 of 2

Thread: PolicyD v2 doesn't work with Zimbra

  1. #1
    vavai's Avatar
    vavai is offline Special Member
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default PolicyD v2 doesn't work with Zimbra

    Hi,

    I'm implementing ClueBringer Policyd with Zimbra 6.0.10 on SLES 11 SP1 64 bit. Policyd service was running without problem :

    # ps ax | grep policyd
    20437 ? Ss 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
    20438 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
    20439 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
    20440 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
    20452 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
    20465 pts/1 S+ 0:00 grep policyd
    # netstat -pln | grep :10031
    tcp 0 0 0.0.0.0:10031 0.0.0.0:* LISTEN 20437/perl
    But it seems that Policyd doesn't correctly integrating with Zimbra. Below is my configuration and log :

    /opt/zimbra/postfix/conf/main.cf
    Code:
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dnsbl.njabl.org, reject_rbl_client opm.blitzed.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10031, permit
    ..
    ..
    smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
    /opt/zimbra/conf/postfix_recipient_restrictions.cf
    Code:
    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient
    %%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_client%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
    %%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%
    %%contains VAR:zimbraMtaRestriction check_policy_service inet:127.0.0.1:10031%%
    permit
    I'm sending mail with Thunderbird both with port 465 (TLS) or 25 (via trusted network) but Zimbra seems to bypassing policyd

    /var/log/zimbra.log
    Jan 27 20:31:49 mail postfix/smtpd[30165]: connect from unknown[118.xxx.xx.xxx]
    Jan 27 20:31:49 mail postfix/smtpd[30165]: 7A8AE1C227C: client=unknown[118.xxx.xx.xxx]
    Jan 27 20:31:49 mail postfix/cleanup[30168]: 7A8AE1C227C: message-id=<4D4173CB.2060106@vavai.com>
    Jan 27 13:31:49 mail postfix/qmgr[6801]: 7A8AE1C227C: from=<admin@vavai.com>, size=604, nrcpt=1 (queue active)
    Jan 27 20:31:49 mail postfix/smtpd[30165]: disconnect from unknown[118.xxx.xx.xxx]
    Jan 27 20:31:49 mail amavis[5766]: (05766-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110127T203149-05766: <admin@vavai.com> -> <admin@vavai.com> SIZE=604 Received: from mail.vavai.com ([127.0.0.1]) by localhost (mail.vavai.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <admin@vavai.com>; Thu, 27 Jan 2011 20:31:49 +0700 (WIT)
    Jan 27 20:31:49 mail amavis[5766]: (05766-01) Checking: hzuuEY1QBzGP [118.xxx.xx.xxx] <admin@vavai.com> -> <admin@vavai.com>
    Jan 27 20:31:51 mail postfix/smtpd[30498]: connect from localhost[127.0.0.1]
    Jan 27 20:31:51 mail postfix/smtpd[30498]: 9E6E51C227F: client=localhost[127.0.0.1]
    Jan 27 20:31:51 mail postfix/cleanup[30168]: 9E6E51C227F: message-id=<4D4173CB.2060106@vavai.com>
    Jan 27 13:31:51 mail postfix/qmgr[6801]: 9E6E51C227F: from=<admin@vavai.com>, size=1220, nrcpt=1 (queue active)
    Jan 27 20:31:51 mail amavis[5766]: (05766-01) FWD via SMTP: <admin@vavai.com> -> <admin@vavai.com>,BODY=7BIT 250 2.0.0 Ok, id=05766-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9E6E51C227F
    Jan 27 20:31:51 mail amavis[5766]: (05766-01) Passed CLEAN, [118.xxx.xx.xxx] [118.xxx.xx.xxx] <admin@vavai.com> -> <admin@vavai.com>, Message-ID: <4D4173CB.2060106@vavai.com>, mail_id: hzuuEY1QBzGP, Hits: -2.899, size: 603, queued_as: 9E6E51C227F, 2089 ms
    Jan 27 20:31:51 mail postfix/smtp[30483]: 7A8AE1C227C: to=<admin@vavai.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.16/0/0.02/2.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05766-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9E6E51C227F)
    Jan 27 13:31:51 mail postfix/qmgr[6801]: 7A8AE1C227C: removed
    Jan 27 20:31:51 mail amavis[5766]: (05766-01) extra modules loaded: /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm, Net/LDAP/Extension.pm, Net/SSLeay.pm
    Jan 27 20:31:51 mail postfix/lmtp[30488]: 9E6E51C227F: to=<admin@vavai.com>, relay=mail.vavai.com[192.168.10.1]:7025, delay=0.2, delays=0.05/0.01/0.01/0.13, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
    Jan 27 13:31:51 mail postfix/qmgr[6801]: 9E6E51C227F: removed
    I didn't see any log regarding policyd and I could not applying rate-limit sending because Zimbra doesn't connect at all into policyd.

    Any help appreciated.

    Noted : I know Zimbra 7.0.0 will be integrating Cluebringer policyd as anti spam services but I would like to know the root of problem and want to implement it onto Zimbra 6.x.x
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,271
    Rep Power
    10

    Default

    Policyd instructions are at Postfix Policyd - Zimbra :: Wiki
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra 8.0.1 Policyd
    By niam in forum Administrators
    Replies: 5
    Last Post: 12-24-2013, 03:40 AM
  2. How to install policyd
    By blueflametuna in forum Administrators
    Replies: 7
    Last Post: 04-20-2013, 06:43 PM
  3. installing policyd on zimbra 7.0
    By rajeshkodali in forum Administrators
    Replies: 3
    Last Post: 04-20-2013, 06:43 PM
  4. Policyd Web
    By jose.cortina in forum Administrators
    Replies: 0
    Last Post: 04-24-2012, 03:04 PM
  5. about zimbra and policyd installation
    By prasenjitbehera in forum General Questions
    Replies: 0
    Last Post: 09-18-2008, 11:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •