[Sticky] [HowTo] Enabling CBPolicyD in Zimbra 7.1.1

WARNING: This guide applies to Zimbra 7.1.1. If you are running Zimbra 7.2.0+ or Zimbra 8.0.2+ please find the official docs at Postfix Policyd - Zimbra :: Wiki

This guide explains how to enable and configure Cluebringer Policyd, a new antispam system included in Zimbra 7.0. Unleash the power of your Zimbra!

What is CBPolicyd
Quote from policyd.org, CBPolicyd official website:

CBPolicyd is included in Zimbra since version 7, but it has become usable in version 7.1. This guide refers to version 7.1.1 as its support for CBPolicyd has been enhanced since 7.1. Different modules can be activated within CBPolicyd to enable different funcions. Those modules are:

• Access Control: Simple access control on all the incoming/outgoing
• Accounting: Message count and cumulative size policies
• Amavis: Amavisd-new integration
• CheckHelo: Helo/Ehlo checks and blacklisting
• CheckSPF: Sender Policy Framework support
• Graylist: Anti-spam Graylisting support
• Quotas: Message count and cumulative size policies

The Amavis module will not be in this guide, since Zimbra already has it's own Amavis support.

Enabling and configuring CBPolicyd in Zimbra 7.1.1

• Switch to the zimbra user su - zimbra
• Enable the cbpolicyd service (server-wide) via zmprov:

  zmprov ms servername +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

  (mind that "+" in front of "zimbraServiceEnabled cbpolicyd". Miss it and you'll end up having cbpolicyd as the ONLY service enabled)

• In most recent Zimbra versions a CBpolicyD zimbraMtaRestriction exists. If not, add a new one:

  zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"

• Configure the CBPolicyd logging and active modules

  zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

  (sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

• Restart the MTA service to apply all the configurations

  zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

su - zimbra

zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"

zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

zmprov ms servername +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

(mind that "+" in front of "zimbraServiceEnabled cbpolicyd". Miss it and you'll end up having cbpolicyd as the ONLY service enabled)

zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"

zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

(sets loglevel to Debug, detailed logging of Modules, Policies and Tracking, enables all the modules excluding Amavis)

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

su - zimbra -c "zmapachectl restart"

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

create 0644 syslog adm

create 0644 zimbra zimbra

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

su - zimbra -c "zmcbpolicydctl restart"

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

zmmtactl restart

Activating the WEB UI for CBPolicyd
This is only valid for servers with the zimbra-spell package installed - in case of a standalone MTA please refer to THIS guide for the official command line management howto.

Now that CBPolicyd is fully active you need a GUI to configure it, since its features are not implemented in the Zimbra Administration Console yet.
All operations must be executed as 'root' except where specified.

CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:
cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui
Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
Reload the httpd services with

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Reload the httpd services with
su - zimbra -c "zmapachectl restart"
You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

  cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

REMEMBER: This method is suggested only for internal testing, as it has no access control enabled and does not persist after a Zimbra update.

To enable the webui in a more complete way, follow this steps:

• Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder: cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/
• Edit the copied file with your favourite editor (i personally like nano, less scary than vi/m and less nerdysh than emacs)The result should look like:

  Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

  (the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

• Edit the "/opt/zimbra/conf/httpd.conf" file and add the following line at the end of the file:

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

Alias /cluebringer /opt/zimbra/cbpolicyd/share/webui/    # Comment out the following 3 lines to make web ui accessible from anywhere    Order Deny,Allow    Deny from all    Allow from 192.168.1.0/255.255.255.0

(the ip range/netmask after the "Allow from" directive must match the ip range you want to grant access to the web ui.

Include /opt/zimbra/conf/cluebringer-httpd.conf

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

  $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

 Include /opt/zimbra/conf/cluebringer-httpd.conf 

• Edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER: $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
• Reload the httpd services with

  su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:

create 0644 syslog adm

to this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

create 0644 syslog adm

create 0644 zimbra zimbra

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

su - zimbra -c "zmcbpolicydctl restart"

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

su - zimbra -c "zmapachectl restart"

You can now access the webui from http://yourzimbraserver:7780/cluebringer/index.php To learn how to configure CBPolicyD refer to the official documentation at Policyd.org Support

WARNING
Zimbra 7.1.1, 7.1.2 and 7.1.3 had a misconfiguration in the default logrotate config...Check the /etc/logrotate.d/zimbra file, find the "/opt/zimbra/log/cbpolicyd.log" section and change this line:create 0644 syslog admto this:

create 0644 zimbra zimbra

then change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

create 0644 syslog adm

to this:create 0644 zimbra zimbrathen change the ownership of the existing log file with

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

create 0644 zimbra zimbra

then change the ownership of the existing log file with chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.logand then restart the cbpolicyd service with

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

chown zimbra:zimbra /opt/zimbra/log/cbpolicyd.log

and then restart the cbpolicyd service withsu - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

su - zimbra -c "zmcbpolicydctl restart"

Cleaning up the CBPolicyD Database
Old and outdated entries are not automatically purged from CBPolicyd's database.
A tool called "cbpadmin" is provided to take care of this operation, so you just need to schedule the execution of this tool through cron to keep your db slim and healthy!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!

35 3 * * * /opt/zimbra/cbpolicyd/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup >/dev/null

Special thanks to Mishikal for contributing some nice suggestions!