For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.
PolicyD v2 (codenamed “cluebringer”) is a multi-platform policy server for popular MTAs. This policy daemon is designed mostly for large-scale mail hosting environments. The main goal is to implement as many spams combating and email compliance features as possible while at the same time maintaining the portability, stability, and performance required for mission-critical email hosting of today. Most of the ideas and methods implemented in PolicyD v2 stem from PolicyD v1 as well as the authors’ long-time involvement in the large-scale mail hosting industry.
Requirements for PolicyD WebUI
PHP v5+ (compiled with PDO support for your database)
How to Install/Enable CBPolicyD WebUI in Zimbra
Activating CBPolicyD
Before using CBPolicyD, you must have CBPolicyd installed and enabled in your Zimbra server. To install and enable it login to your Zimbra server as the Zimbra user
su - zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd
Activating CBPolicyD WebUI
Now you need to host the CBPolicyD website in Zimbra’s Apache server. This we can do by creating a soft link of CBPolicyD’s source code on apache’s root directory.
cd /opt/zimbra/data/httpd/htdocs/ && ln -s ../../../common/share/webui
Now, we need to configure CBPolicyD’s source code to connect to the appropriate database. To do this, we need to open the config file and change DB_DSN
value. To do so open the config file by
vi /opt/zimbra/common/share/webui/includes/config.php
and change DB_DSN
value from mysql:host=localhost;dbname=cluebringer
to sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
as follows
$DB_DSN=”mysql:host=localhost;dbname=cluebringer”;
to
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
Enable ACLs for CBPolicyD
zmprov mcf +zimbraMtaRestriction 'check_policy_service inet:127.0.0.1:10031'
zmprov ms mail.domainname.com zimbraCBPolicydAccessControlEnabled TRUE
Restart Zimbra
su - zimbra -c "zmcontrol restart"
su - zimbra -c "zmapachectl restart"
Access CBPolicyD from http://yourServerName:7780/webui/index.php
replacing yourServerName
.
Protect CBPolicyD WebUI with Password
When you access PolicyD WebUI, you are not be asked to enter any username and password. To protect PolicyD WebUI you can set username and password using htaccess as follows
Go to
cd /opt/zimbra/common/share/webui/
open .htaccess file
vi .htaccess
Add these lines
AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName "User and Password"
AuthType Basic
require valid-user
create .htpasswd
file
touch .htpasswd
/opt/zimbra/common/bin/htpasswd -cb .htpasswd user password
open httpd.conf
file
vi /opt/zimbra/conf/httpd.conf
add these lines to the end
Alias /webui /opt/zimbra/common/share/webui/
<Directory /opt/zimbra/common/share/webui/>
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
</Directory>
and run
su – zimbra -c "zmapachectl restart"
Access CBPolicyD from http://yourServerName:7780/webui/index.php
replacing yourServerName
to verify if it asks for a username and password.
To learn more about CBPolicyD I strongly suggest reading the Cluebringer PolicyD wiki page.
Comments
Hi, Your document is certainly helpful. The above I assume is on CentoOS/Rocky I want to implement in Zimbra which is installed on an Ubuntu, Can you share a document link for the same and do the needful. Thanks Rao
Can you please share the document/link for cbpolicy on zimbra in a Ubuntu Environment