Results 1 to 6 of 6

Thread: Zimbra 8.0.1 Policyd

  1. #1
    niam is offline New Member
    Join Date
    Nov 2012
    Posts
    3
    Rep Power
    2

    Default Zimbra 8.0.1 Policyd

    Hello
    I have Zimbra Release 8.0.1.GA.5438.UBUNTU12.64 UBUNTU12_64 FOSS edition
    Everything is ok, but Policyd is not enabled in admin panel.
    Code:
    zimbra@mail:~$ zmcbpolicydctl status
    policyd is running.
    
    tcp        0      0 127.0.0.1:10031         0.0.0.0:*               LISTEN      24620/perl
    In admin panel Policy service is 127.0.0.0

    /opt/zimbra/log/cbpolicyd.log
    Code:
    [2012/11/27-06:34:37 - 24620] [CORE] NOTICE: Process Backgrounded
    [2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer - v2.1.0a
    [2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Initializing system modules.
    [2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: System modules initialized.
    [2012/11/27-06:34:37 - 24620] [CBPOLICYD] NOTICE: Module load started...
    [2012/11/27-06:34:37 - 24620] [CORE] NOTICE:   => AccessControl: enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => CheckHelo: enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => CheckSPF: enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => Greylisting: enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => Quotas: enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => Protocol(Postfix): enabled
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE:   => Protocol(Bizanga): enabled
    [2012/11/27-06:34:38 - 24620] [CBPOLICYD] NOTICE: Module load done.
    [2012/11/27-06:34:38 - 24620] [CBPOLICYD] NOTICE: Session tracking is ENABLED.
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE: 2012/11/27-06:34:38 cbp (type Net::Server::PreFork) starting! pid(24620)
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
    [2012/11/27-06:34:38 - 24620] [CORE] NOTICE: Setting gid to "1001 1001"
    [2012/11/27-06:34:38 - 24620] [CORE] INFO: Setting up serialization via flock
    [2012/11/27-06:34:38 - 24620] [CORE] INFO: Beginning prefork (4 processes)
    [2012/11/27-06:34:38 - 24620] [CORE] INFO: Starting "4" children
    [2012/11/27-06:34:38 - 24648] [CORE] DEBUG: Child Preforked (24648)
    [2012/11/27-06:34:38 - 24648] [CBPOLICYD] DEBUG: Starting up caching engine
    [2012/11/27-06:34:38 - 24649] [CORE] DEBUG: Child Preforked (24649)
    [2012/11/27-06:34:38 - 24649] [CBPOLICYD] DEBUG: Starting up caching engine
    [2012/11/27-06:34:38 - 24650] [CORE] DEBUG: Child Preforked (24650)
    [2012/11/27-06:34:38 - 24620] [CORE] DEBUG: Parent ready for children.
    [2012/11/27-06:34:38 - 24650] [CBPOLICYD] DEBUG: Starting up caching engine
    [2012/11/27-06:34:38 - 24651] [CORE] DEBUG: Child Preforked (24651)
    [2012/11/27-06:34:38 - 24651] [CBPOLICYD] DEBUG: Starting up caching engine
    How to enable cbpolicyd?
    How to config it? I did't find WebUi for cbpolicyd

  2. #2
    niam is offline New Member
    Join Date
    Nov 2012
    Posts
    3
    Rep Power
    2

    Default

    enable cbpolicyd
    cbpolicyd
    [HowTo] Enabling CBPolicyD in Zimbra 7.1.1

    WebUi from home | Policyd Downloads
    Policyd - Files - LinuxAssist Development Labs
    from cluebringer-v2.1.x-201211111115.zip

  3. #3
    quersystem is offline Beginner Member
    Join Date
    Apr 2013
    Posts
    1
    Rep Power
    2

    Default

    Hi,

    I wrote this guide for own use. If someone else wants to test Policyd in Zimbra 8 this should help and save you some time. Bottom questions are open to anyone who has some experience with this service.


    Zimbra official documentation at Postfix Policyd - Zimbra :: Wiki gives us a simple way for deploying Policyd for versions 7 and 8.

    This zmprov command will run the necessary processes for enabling Policyd. If we take a look at official Policyd documentation at installing [PolicyD], we will see that the configuration needs the following steps:

    1- Setup a database (SQLite or Mysql).
    2- Install Policyd files in filesystem (executable, log directories and other files).
    3- Enable web admin interface.
    4- Configure Postfix for using Policyd.

    Zimbra will do all that tasks automatically, except enabling web interface. This is because there is no “official place” for hosting it in Zimbra services. Zextras tutorial [HowTo] Enabling CBPolicyD in Zimbra 7.1.1 suggests to run it inside Zimbra Apache web server which main purpouse is the spell service.

    Lets take a look at what happens after enablig Policyd the “official” way. This is what happens after running

    Code:
    zmprov ms <mta server> +zimbraServiceEnabled cbpolicyd:
    1- The following files appears automatically

    Code:
    [zimbra@host db]$ ls /opt/zimbra/data/cbpolicyd/db/
    cbpolicyd.sqlitedb  cbpolicyd.sqlitedb.sq3
    2-The following configuration appears in main.cf

    Code:
    smtpd_recipient_restrictions = check_policy_service inet:localhost:10031
    smtpd_end_of_data_restrictions = check_policy_service inet:localhost:10031
    3- Policyd process starts

    Code:
    [root@host conf]# ps -A | grep policyd
     6370 ?        00:00:00 cbpolicyd
    11874 ?        00:00:00 cbpolicyd
    15511 ?        00:00:00 cbpolicyd
    21215 ?        00:00:00 cbpolicyd
    22254 ?        00:00:00 cbpolicyd
    22541 ?        00:00:00 cbpolicyd
    30914 ?        00:00:00 cbpolicyd
    30993 ?        00:00:00 cbpolicyd
    Here comes the manual config. If we check current local config for Policyd this is the output:

    Code:
    [zimbra@host db]$ zmlocalconfig | grep policyd
    cbpolicyd_bind_port = 10031
    cbpolicyd_bypass_mode = tempfail
    cbpolicyd_bypass_timeout = 30
    cbpolicyd_cache_file = ${zimbra_home}/data/cache
    cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
    cbpolicyd_log_detail = modules
    cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
    cbpolicyd_log_level = 3
    cbpolicyd_log_mail = main
    cbpolicyd_module_accesscontrol = 0
    cbpolicyd_module_checkhelo = 0
    cbpolicyd_module_checkspf = 0
    cbpolicyd_module_greylisting = 0
    cbpolicyd_module_quotas = 1
    cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
    cbpolicyd_timeout = 120
    postfix_enable_smtpd_policyd = no
    Zextras tutorial suggests the following configuration:

    1- Enabling the service, of course.
    Code:
    zmlocalconfig -e postfix_enable_smtpd_policyd=yes
    2- Enabling different modules, setting loglevel and other details.
    Code:
    zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1
    Afer these comands, local config should look like this:

    Code:
    [zimbra@host db]$ zmlocalconfig | grep policyd
    cbpolicyd_bind_port = 10031
    cbpolicyd_bypass_mode = tempfail
    cbpolicyd_bypass_timeout = 30
    cbpolicyd_cache_file = ${zimbra_home}/data/cache
    cbpolicyd_db_file = ${zimbra_home}/data/cbpolicyd/db/cbpolicyd.sqlitedb
    cbpolicyd_log_detail = modules,tracking,policies
    cbpolicyd_log_file = ${zimbra_log_directory}/cbpolicyd.log
    cbpolicyd_log_level = 4
    cbpolicyd_log_mail = main
    cbpolicyd_module_accesscontrol = 1
    cbpolicyd_module_checkhelo = 1
    cbpolicyd_module_checkspf = 1
    cbpolicyd_module_greylisting = 1
    cbpolicyd_module_quotas = 1
    cbpolicyd_pid_file = ${zimbra_log_directory}/cbpolicyd.pid
    cbpolicyd_timeout = 120
    postfix_enable_smtpd_policyd = yes
    For enabling new config we need to restart MTA.

    Code:
    zmmtactl restart
    At this point, the service must be running. Now lets go for the web admin interface.

    1- Grab the files which are missing in Zimbra Policyd folde fom Policyd - Files - LinuxAssist Development Labs . Download the file cluebringer-snapshot-2.1.x-201205100639.tar.gz.

    2- Extract the files inside the webui directory. From here you can choose two ways of running the site.

    Option 1: If you want to run the web admin using Zimbra apache spell instance, extract all the php and css files (just files, not folders, because they already exist) in /opt/zimbra/cbpolicyd/share/webui and create a symlink.
    Code:
    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui
    In this case, your web admin will be ready if you point your browser to

    http://zimbrahost:7780/webui/index.php

    This method wont survive a Zimbra update.

    Option 2: If you want to run the site in another web server, just extract all the content from webui folder to the web directory of your server. Have in mind that if the server is not inside the Zimbra box, you will need access to the SQLite database files.

    For both options, you will need to configure the web admin for connecting to the database. Edit webui/includes/config.php and comment this line:
    Code:
    $DB_DSN="mysql:host=localhost;dbname=cluebringer";
    And add this line:
    Code:
    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    Further investigation:

    1- Would be a good idea using Zimbra MySQL server for hosting Policyd database? That deployment would be update-proof?

    2- If the Zimbra machine doesnt have Apache spell service, what would be a better choice: installing an http server (Apache, Nginx, LightHttpd...) or running the site from another server? In case of choosing another server, what would be the best way to access the SQLite files?

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    The best thing to do is to understand how to define policies via the command line, as documented in the wiki.

    Postfix Policyd - Zimbra :: Wiki

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    essential_mix is offline Member
    Join Date
    Mar 2013
    Posts
    10
    Rep Power
    2

    Default

    Quote Originally Posted by quanah View Post
    The best thing to do is to understand how to define policies via the command line, as documented in the wiki.

    Postfix Policyd - Zimbra :: Wiki

    --Quanah
    Should i do this:
    zmlocalconfig -e postfix_enable_smtpd_policyd=yes

    if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by essential_mix View Post
    Should i do this:
    zmlocalconfig -e postfix_enable_smtpd_policyd=yes
    No, you should not do that.

    Quote Originally Posted by essential_mix View Post
    if i want to enable policyd? I am asking because this link Postfix Policyd - Zimbra :: Wiki does not contain
    The article gives you exact details on how to enable policyd in the paragraph titled "Enabling policyd ".
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to install policyd
    By blueflametuna in forum Administrators
    Replies: 7
    Last Post: 04-20-2013, 06:43 PM
  2. installing policyd on zimbra 7.0
    By rajeshkodali in forum Administrators
    Replies: 3
    Last Post: 04-20-2013, 06:43 PM
  3. PolicyD v2 doesn't work with Zimbra
    By vavai in forum Administrators
    Replies: 1
    Last Post: 04-20-2013, 06:42 PM
  4. Policyd Web
    By jose.cortina in forum Administrators
    Replies: 0
    Last Post: 04-24-2012, 03:04 PM
  5. about zimbra and policyd installation
    By prasenjitbehera in forum General Questions
    Replies: 0
    Last Post: 09-18-2008, 11:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •