Results 1 to 7 of 7

Thread: cbpolicyd gone haywire after 7.2.2 to 8.0.4 upgrade.

  1. #1
    NathanL is offline Loyal Member
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    5

    Default cbpolicyd gone haywire after 7.2.2 to 8.0.4 upgrade.

    I've had cbpolicyd enabled on zimbra for some time. We use it to limit outbound mail, to try to stop spammers from using compromised accounts to sent thousands of junk messages per minute (getting us blacklisted, quickly).

    We set it up on zimbra 7.2.2, and about a month later upgraded to 8.0.4.

    I have it setup very similarly to the basic examples for rate limiting found on the zimbra wiki. Postfix Policyd - Zimbra :: Wiki The main difference is that i added a policy exception such that our inbound mail (which all comes from our spam appliances) are not rate limited, but all other mail is, and instead of matching on sender address, i match on SASL username.

    Anyway, after the upgrade, i re-enabled policyd (i had to re-import my sqlite db) and now it rejects every message it receives, flat out, relay access denied.

    I have duplicated this in our dev environment for testing (and turned off policyd in production). This is the error i'm seeing in the zimbra.log.

    Aug 19 15:48:30 zsmtp2 postfix/smtpd[26467]: connect from zstore02.zdev.lafayette.edu[139.147.165.14]
    Aug 19 15:48:30 zsmtp2 postfix/smtpd[26467]: NOQUEUE: reject: RCPT from zstore02.zdev.lafayette.edu[139.147.165.14]: 554 5.7.1 <lagern@dev.lafayette.edu>: Relay access denied; from=<lagern@zdev.lafayette.edu> to=<lagern@dev.lafayette.edu> proto=SMTP helo=<zstore02.zdev.lafayette.edu>
    Aug 19 15:48:30 zsmtp2 postfix/smtpd[26467]: disconnect from zstore02.zdev.lafayette.edu[139.147.165.14]

    that's a message i sent via webmail.

    If someone can tell me how to get a meaningful dump of my sqlite db, i'll post it.

    Thanks!

  2. #2
    NathanL is offline Loyal Member
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    5

    Default

    I just deleted the policyd database, and let it generate a new one. Its doing the exact same thing, rejecting all mail.

  3. #3
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,185
    Rep Power
    9

    Default

    Nothing in your log there indicates it talked to cbpolicyd. Instead it looks like you have a problem with your localnetworks setting.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,185
    Rep Power
    9

    Default

    Make that "mynetworks" setting.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    NathanL is offline Loyal Member
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    5

    Default

    well crap, you seem to be right.. Let me fix mynetworks and see if that helps.

    I'm having the same problem in production, and its definitely _not_ a mynetworks problem, as disabling cbpolicyd fixed it in production. I dont want to leave it off though, as its there to help prevent outbound spam outbreaks.

  6. #6
    NathanL is offline Loyal Member
    Join Date
    Apr 2009
    Posts
    93
    Rep Power
    5

    Default

    That does appear to have fixed it in dev. My own fault for making assumptions. I'll have to look at this in prod, maybe just reset cbpolicyd's database and see what happens.

    Thanks!

  7. #7
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,185
    Rep Power
    9

    Default

    Yeah, there are some missing upgrade steps for cbpolicyd when going from 7.x to 8.0.4. :/ That's fixed for anyone going from 7.x to 8.0.5, or by completely reinitalizing your cbpolicyd db with the 8.x utilities.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Cbpolicyd not greylisting
    By plastilin in forum Administrators
    Replies: 13
    Last Post: 06-24-2013, 07:26 PM
  2. cbpolicyd
    By thesubmitter in forum Administrators
    Replies: 3
    Last Post: 06-12-2013, 01:35 PM
  3. cbpolicyd
    By uxbod in forum Administrators
    Replies: 4
    Last Post: 04-20-2013, 06:42 PM
  4. cbpolicyd on zimbra 8
    By thesubmitter in forum Installation
    Replies: 0
    Last Post: 11-09-2012, 03:58 PM
  5. cbpolicyd on zimbra 8
    By thesubmitter in forum Administrators
    Replies: 0
    Last Post: 11-09-2012, 03:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •