Hi,
I'm implementing ClueBringer Policyd with Zimbra 6.0.10 on SLES 11 SP1 64 bit. Policyd service was running without problem :
Quote:
# ps ax | grep policyd
20437 ? Ss 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
20438 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
20439 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
20440 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
20452 ? S 0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
20465 pts/1 S+ 0:00 grep policyd
|
Quote:
# netstat -pln | grep :10031
tcp 0 0 0.0.0.0:10031 0.0.0.0:* LISTEN 20437/perl
|
But it seems that Policyd doesn't correctly integrating with Zimbra. Below is my configuration and log :
/opt/zimbra/postfix/conf/main.cf Code:
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dnsbl.njabl.org, reject_rbl_client opm.blitzed.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10031, permit
..
..
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
/opt/zimbra/conf/postfix_recipient_restrictions.cf Code:
reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%
%%contains VAR:zimbraMtaRestriction check_policy_service inet:127.0.0.1:10031%%
permit
I'm sending mail with Thunderbird both with port 465 (TLS) or 25 (via trusted network) but Zimbra seems to bypassing policyd
/var/log/zimbra.log Quote:
Jan 27 20:31:49 mail postfix/smtpd[30165]: connect from unknown[118.xxx.xx.xxx]
Jan 27 20:31:49 mail postfix/smtpd[30165]: 7A8AE1C227C: client=unknown[118.xxx.xx.xxx]
Jan 27 20:31:49 mail postfix/cleanup[30168]: 7A8AE1C227C: message-id=<4D4173CB.2060106@vavai.com>
Jan 27 13:31:49 mail postfix/qmgr[6801]: 7A8AE1C227C: from=<admin@vavai.com>, size=604, nrcpt=1 (queue active)
Jan 27 20:31:49 mail postfix/smtpd[30165]: disconnect from unknown[118.xxx.xx.xxx]
Jan 27 20:31:49 mail amavis[5766]: (05766-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110127T203149-05766: <admin@vavai.com> -> <admin@vavai.com> SIZE=604 Received: from mail.vavai.com ([127.0.0.1]) by localhost (mail.vavai.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <admin@vavai.com>; Thu, 27 Jan 2011 20:31:49 +0700 (WIT)
Jan 27 20:31:49 mail amavis[5766]: (05766-01) Checking: hzuuEY1QBzGP [118.xxx.xx.xxx] <admin@vavai.com> -> <admin@vavai.com>
Jan 27 20:31:51 mail postfix/smtpd[30498]: connect from localhost[127.0.0.1]
Jan 27 20:31:51 mail postfix/smtpd[30498]: 9E6E51C227F: client=localhost[127.0.0.1]
Jan 27 20:31:51 mail postfix/cleanup[30168]: 9E6E51C227F: message-id=<4D4173CB.2060106@vavai.com>
Jan 27 13:31:51 mail postfix/qmgr[6801]: 9E6E51C227F: from=<admin@vavai.com>, size=1220, nrcpt=1 (queue active)
Jan 27 20:31:51 mail amavis[5766]: (05766-01) FWD via SMTP: <admin@vavai.com> -> <admin@vavai.com>,BODY=7BIT 250 2.0.0 Ok, id=05766-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9E6E51C227F
Jan 27 20:31:51 mail amavis[5766]: (05766-01) Passed CLEAN, [118.xxx.xx.xxx] [118.xxx.xx.xxx] <admin@vavai.com> -> <admin@vavai.com>, Message-ID: <4D4173CB.2060106@vavai.com>, mail_id: hzuuEY1QBzGP, Hits: -2.899, size: 603, queued_as: 9E6E51C227F, 2089 ms
Jan 27 20:31:51 mail postfix/smtp[30483]: 7A8AE1C227C: to=<admin@vavai.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.16/0/0.02/2.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05766-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9E6E51C227F)
Jan 27 13:31:51 mail postfix/qmgr[6801]: 7A8AE1C227C: removed
Jan 27 20:31:51 mail amavis[5766]: (05766-01) extra modules loaded: /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/zimbramon/lib/x86_64-linux-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm, Net/LDAP/Extension.pm, Net/SSLeay.pm
Jan 27 20:31:51 mail postfix/lmtp[30488]: 9E6E51C227F: to=<admin@vavai.com>, relay=mail.vavai.com[192.168.10.1]:7025, delay=0.2, delays=0.05/0.01/0.01/0.13, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jan 27 13:31:51 mail postfix/qmgr[6801]: 9E6E51C227F: removed
|
I didn't see any log regarding policyd and I could not applying rate-limit sending because Zimbra doesn't connect at all into policyd.
Any help appreciated.
Noted : I know Zimbra 7.0.0 will be integrating Cluebringer policyd as anti spam services but I would like to know the root of problem and want to implement it onto Zimbra 6.x.x
Bugzilla
Wiki
Source
PolicyD v2 doesn't work with Zimbra 
Linear Mode
