[HowTo] Enabling CB...
 
Notifications
Clear all

[Sticky] [HowTo] Enabling CBPolicyD in Zimbra 7.1.1

1 Posts
1 Users
0 Reactions
1,587 Views
 Cine
(@cine)
Posts: 25
Topic starter
 

WARNING: This guide applies to Zimbra 7.1.1. If you are running Zimbra 7.2.0+ or Zimbra 8.0.2+ please find the official docs at Postfix Policyd - Zimbra :: Wiki

This guide explains how to enable and configure Cluebringer Policyd, a new antispam system included in Zimbra 7.0. Unleash the power of your Zimbra!

What is CBPolicyd
Quote from policyd.org, CBPolicyd official website:

Quote:
Policyd v2 (codenamed "cluebringer") is a multi-platform policy server for popular MTAs. This policy daemon is designed mostly for large scale mail hosting environments. The main goal is to implement as many spam combating and email compliance features as possible while at the same time maintaining the portability, stability and performance required for mission critical email hosting of today. Most of the ideas and methods implemented in Policyd v2 stem from Policyd v1 as well as the authors' long time involvement in large scale mail hosting industry.

CBPolicyd is included in Zimbra since version 7, but it has become usable in version 7.1. This guide refers to version 7.1.1 as its support for CBPolicyd has been enhanced since 7.1. Different modules can be activated within CBPolicyd to enable different funcions. Those modules are:

  • Access Control: Simple access control on all the incoming/outgoing
  • Accounting: Message count and cumulative size policies
  • Amavis: Amavisd-new integration
  • CheckHelo: Helo/Ehlo checks and blacklisting
  • CheckSPF: Sender Policy Framework support
  • Graylist: Anti-spam Graylisting support
  • Quotas: Message count and cumulative size policies

The Amavis module will not be in this guide, since Zimbra already has it's own Amavis support.

Enabling and configuring CBPolicyd in Zimbra 7.1.1

  • Switch to the zimbra user su - zimbra
  • Enable the cbpolicyd service (server-wide) via zmprov:
    zmprov ms servername +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

    (mind that "+" in front of "zimbraServiceEnabled cbpolicyd". Miss it and you'll end up having cbpolicyd as the ONLY service enabled)

  • In most recent Zimbra versions a CBpolicyD zimbraMtaRestriction exists. If not, add a new one:
    zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"
  • Configure the CBPolicyd logging and active modules
    zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

    (sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

  • Restart the MTA service to apply all the configurations
    zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

  • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
    cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
  • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
    Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

    (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

  • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
 Include /opt/zimbra/conf/cluebringer-httpd.conf 
  • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
  • Reload the httpd services with
    su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"


Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

su - zimbra
  • Enable the cbpolicyd service (server-wide) via zmprov: zmprov ms servername +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd(mind that "+" in front of "zimbraServiceEnabled cbpolicyd". Miss it and you'll end up having cbpolicyd as the ONLY service enabled)
  • In most recent Zimbra versions a CBpolicyD zimbraMtaRestriction exists. If not, add a new one:
    zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"
  • Configure the CBPolicyd logging and active modules
    zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

    (sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

  • Restart the MTA service to apply all the configurations
    zmmtactl restart
  • Activating the WEB UI for CBPolicyd
    This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

    Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
    All operations must be executed as 'root' except where specified.

    CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
    To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    zmprov ms servername +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

    (mind that "+" in front of "zimbraServiceEnabled cbpolicyd". Miss it and you'll end up having cbpolicyd as the ONLY service enabled)

  • In most recent Zimbra versions a CBpolicyD zimbraMtaRestriction exists. If not, add a new one: zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"
  • Configure the CBPolicyd logging and active modules
    zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

    (sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

  • Restart the MTA service to apply all the configurations
    zmmtactl restart
  • Activating the WEB UI for CBPolicyd
    This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

    Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
    All operations must be executed as 'root' except where specified.

    CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
    To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"
  • Configure the CBPolicyd logging and active modules zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1(sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)
  • Restart the MTA service to apply all the configurations
    zmmtactl restart
  • Activating the WEB UI for CBPolicyd
    This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

    Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
    All operations must be executed as 'root' except where specified.

    CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
    To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

    (sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

  • Restart the MTA service to apply all the configurations zmmtactl restart

    Activating the WEB UI for CBPolicyd
    This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

    Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
    All operations must be executed as 'root' except where specified.

    CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
    To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    zmmtactl restart
  • Activating the WEB UI for CBPolicyd
    This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

    Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
    All operations must be executed as 'root' except where specified.

    CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
    To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:
    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui
    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

    Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    Reload the httpd services with

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

    Reload the httpd services with
    su - zimbra -c "zmapachectl restart"
    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:
      cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/webui/index.php

    REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

    To enable the webui in a more complete way, follow this steps:

    • Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder: cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
    • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:
      Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

      (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

    • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
  • Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/ # Comment out the following 3 lines to make web ui accessible from anywhere Order Deny,Allow Deny from all Allow from 192.168.1.0/255.255.255.0(the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.
  • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
  •  Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

    (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

  • Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:
  • Include /opt/zimbra/conf/cluebringer-httpd.conf

    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
      $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

     Include /opt/zimbra/conf/cluebringer-httpd.conf 
    • Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER: $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
    • Reload the httpd services with
      su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
  • Reload the httpd services with su - zimbra -c "zmapachectl restart"

    You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

    create 0644 syslog adm

    to this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    su - zimbra -c "zmapachectl restart"
  • You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

    WARNING
    Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:create 0644 syslog admto this:

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    create 0644 syslog adm

    to this:create 0644 zimbra zimbrathen change the ownership of the existing log file with

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    create 0644 zimbra zimbra

    then change the ownership of the existing log file with chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.logand then restart the cbpolicyd service with

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

    and then restart the cbpolicyd service withsu - zimbra -c "zmcbpolicydctl restart"

    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null
    

    Special thanks to Mishikal for contributing some nice suggestions!

    su - zimbra -c "zmcbpolicydctl restart"


    Cleaning up the CBPolicyD Database
    Old and outdated entries are not automatically purged from CBPolicyd's database.
    A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup >/dev/null

    Special thanks to Mishikal for contributing some nice suggestions!


    35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup >/dev/null

    Special thanks to Mishikal for contributing some nice suggestions!

     
    Posted : 06/15/2011 12:15