PolicyD v2 (codenamed “cluebringer”) is a multi-platform policy server for popular MTAs. This policy daemon is designed mostly for large-scale mail hosting environments. The main goal is to implement as many spams combating and email compliance features as possible while at the same time maintaining the portability, stability, and performance required for mission-critical email hosting of today. Most of the ideas and methods implemented in PolicyD v2 stem from PolicyD v1 as well as the authors’ long-time involvement in the large-scale mail hosting industry.
Requirements for PolicyD WebUI
PHP v5+ (compiled with PDO support for your database)
How to Install/Enable CBPolicyD WebUI in Zimbra
Before using CBPolicyD, you must have CBPolicyd installed and enabled in your Zimbra server. To install and enable it login to your Zimbra server as the Zimbra user
su - zimbra zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd
Activating CBPolicyD WebUI
Now you need to host the CBPolicyD website in Zimbra’s Apache server. This we can do by creating a soft link of CBPolicyD’s source code on apache’s root directory.
cd /opt/zimbra/data/httpd/htdocs/ && ln -s ../../../common/share/webui
Now, we need to configure CBPolicyD’s source code to connect to the appropriate database. To do this, we need to open the config file and change
DB_DSN value. To do so open the config file by
DB_DSN value from
sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb as follows
Enable ACLs for CBPolicyD
zmprov mcf +zimbraMtaRestriction 'check_policy_service inet:127.0.0.1:10031' zmprov ms mail.domainname.com zimbraCBPolicydAccessControlEnabled TRUE
su - zimbra -c "zmcontrol restart" su - zimbra -c "zmapachectl restart"
Access CBPolicyD from
Protect CBPolicyD WebUI with Password
When you access PolicyD WebUI, you are not be asked to enter any username and password. To protect PolicyD WebUI you can set username and password using htaccess as follows
open .htaccess file
Add these lines
AuthUserFile /opt/zimbra/common/share/webui/.htpasswd AuthGroupFile /dev/null AuthName "User and Password" AuthType Basic require valid-user
touch .htpasswd /opt/zimbra/common/bin/htpasswd -cb .htpasswd user password
add these lines to the end
Alias /webui /opt/zimbra/common/share/webui/ <Directory /opt/zimbra/common/share/webui/> # Comment out the following 3 lines to make web ui accessible from anywhere AllowOverride AuthConfig Order Deny,Allow Allow from all </Directory>
su – zimbra -c "zmapachectl restart"
Access CBPolicyD from
yourServerName to verify if it asks for a username and password.
To learn more about CBPolicyD I strongly suggest reading the Cluebringer PolicyD wiki page.