I've had cbpolicyd enabled on zimbra for some time. We use it to limit outbound mail, to try to stop spammers from using compromised accounts to sent thousands of junk messages per minute (getting us blacklisted, quickly).
We set it up on zimbra 7.2.2, and about a month later upgraded to 8.0.4.
I have it setup very similarly to the basic examples for rate limiting found on the zimbra wiki. Postfix Policyd - Zimbra :: Wiki The main difference is that i added a policy exception such that our inbound mail (which all comes from our spam appliances) are not rate limited, but all other mail is, and instead of matching on sender address, i match on SASL username.
Anyway, after the upgrade, i re-enabled policyd (i had to re-import my sqlite db) and now it rejects every message it receives, flat out, relay access denied.
I have duplicated this in our dev environment for testing (and turned off policyd in production). This is the error i'm seeing in the zimbra.log.
Aug 19 15:48:30 zsmtp2 postfix/smtpd: connect from zstore02.zdev.lafayette.edu[22.214.171.124]
Aug 19 15:48:30 zsmtp2 postfix/smtpd: NOQUEUE: reject: RCPT from zstore02.zdev.lafayette.edu[126.96.36.199]: 554 5.7.1 <email@example.com>: Relay access denied; from=<firstname.lastname@example.org> to=<email@example.com> proto=SMTP helo=<zstore02.zdev.lafayette.edu>
Aug 19 15:48:30 zsmtp2 postfix/smtpd: disconnect from zstore02.zdev.lafayette.edu[188.8.131.52]
that's a message i sent via webmail.
If someone can tell me how to get a meaningful dump of my sqlite db, i'll post it.