Enabling CBPolicyD (Cluebringer PolicyD) WebUI | Zimbra

Alert! This article is written for Zimbra OSE users. As of December 2023, Synacor will no longer be providing support for Zimbra OSE. You might want to consider trying out Carbonio Community Edition – Zextras’s free and open-source email and collaboration platform.

For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.

PolicyD v2 (codenamed “cluebringer”) is a multi-platform policy server for popular MTAs. This policy daemon is designed mostly for large-scale mail hosting environments. The main goal is to implement as many spams combating and email compliance features as possible while at the same time maintaining the portability, stability, and performance required for mission-critical email hosting of today. Most of the ideas and methods implemented in PolicyD v2 stem from PolicyD v1 as well as the authors’ long-time involvement in the large-scale mail hosting industry.

Requirements for PolicyD WebUI

PHP v5+ (compiled with PDO support for your database)

How to Install/Enable CBPolicyD WebUI in Zimbra

Activating CBPolicyD

Before using CBPolicyD, you must have CBPolicyd installed and enabled in your Zimbra server. To install and enable it login to your Zimbra server as the Zimbra user

su - zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

Activating CBPolicyD WebUI

Now you need to host the CBPolicyD website in Zimbra’s Apache server. This we can do by creating a soft link of CBPolicyD’s source code on apache’s root directory.

cd /opt/zimbra/data/httpd/htdocs/ && ln -s ../../../common/share/webui

Now, we need to configure CBPolicyD’s source code to connect to the appropriate database. To do this, we need to open the config file and change DB_DSN value. To do so open the config file by

vi /opt/zimbra/common/share/webui/includes/config.php

and change DB_DSN value from mysql:host=localhost;dbname=cluebringer to sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb as follows




Enable ACLs for CBPolicyD

zmprov mcf +zimbraMtaRestriction 'check_policy_service inet:'
zmprov ms mail.domainname.com zimbraCBPolicydAccessControlEnabled TRUE

Restart Zimbra

su - zimbra -c "zmcontrol restart"
su - zimbra -c "zmapachectl restart"

Access CBPolicyD from http://yourServerName:7780/webui/index.php replacing yourServerName.

Protect CBPolicyD WebUI with Password

When you access PolicyD WebUI, you are not be asked to enter any username and password. To protect PolicyD WebUI you can set username and password using htaccess as follows

Go to

cd /opt/zimbra/common/share/webui/

open .htaccess file

vi .htaccess

Add these lines

AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName "User and Password"
AuthType Basic
require valid-user

create .htpasswd file

touch .htpasswd
/opt/zimbra/common/bin/htpasswd -cb .htpasswd user password

open httpd.conf file

vi /opt/zimbra/conf/httpd.conf

add these lines to the end

Alias /webui /opt/zimbra/common/share/webui/
<Directory /opt/zimbra/common/share/webui/>
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all

and run

su – zimbra -c "zmapachectl restart"

Access CBPolicyD from http://yourServerName:7780/webui/index.php replacing yourServerName to verify if it asks for a username and password.


To learn more about CBPolicyD I strongly suggest reading the Cluebringer PolicyD wiki page.

Download Zextras Suite for Zimbra OSE

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Zimbra CLI Commands: Zmprov | Zimbra
Comparing Email Protocols: What’s Your Best Fit? | Blog