cbpolicyd in zimbra 7

1. Loging with zimbra use

[root@mail ~]# su – zimbra

2. check out mail server hostname via zmhostname command.

[zimbra@mail ~]$ zmhostname

mail.zmailtech.com

3. Enable the cbpolicyd service (server-wide) via zmprov command.

[zimbra@mail ~]$ zmprov ms mail.zmailtech.com +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

4. In most recent Zimbra versions a CBpolicyD zimbraMtaRestriction exists. If not, add a new one:

[zimbra@mail ~]$ zmprov mcf +zimbraMtaRestriction "check_policy_service inet:127.0.0.1:10031"

5. Configure the CBPolicyd logging and active modules.

[zimbra@mail ~]$ zmlocalconfig -e cbpolicyd_log_level=4; zmlocalconfig -e cbpolicyd_log_detail=modules,tracking,policies; zmlocalconfig -e cbpolicyd_module_accesscontrol=1 cbpolicyd_module_checkhelo=1 cbpolicyd_module_checkspf=1 cbpolicyd_module_greylisting=1 cbpolicyd_module_quotas=1

6. Restart the MTA service to apply all the configurations

[zimbra@mail ~]$ zmmtactl restart

Rewriting configuration files...done.

postfix/postfix-script: refreshing the Postfix mail system

Stopping saslauthd...done.

Starting saslauthd...done.

7. CBPolicyd Web UI is located in /opt/zimbra/cbpolicyd/share/webui/.
To enable it "one shot" for a quick test (this configuration will be erased if you update Zimbra) just create a symlink of the webui in the document root of Zimbra's Apache server:

logout from zimbra user

[zimbra@mail htdocs]$ exit

logout

[root@mail ~]# cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

8. Then, edit the /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php file putting a "#" front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER:

[root@mail ~]# vim /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php

[root@mail ~]# cat /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php

<?php

# mysql:host=xx;dbname=yyy

#

# pgsql:host=xx;dbname=yyy

#

# sqlite:////full/unix/path/to/file.db?mode=0666

#

#$DB_DSN="sqlite:////tmp/cluebringer.sqlite";

#$DB_DSN="mysql:host=localhost;dbname=cluebringer";

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

$DB_USER="root";

#$DB_PASS="";

#

# THE BELOW SECTION IS UNSUPPORTED AND MEANT FOR THE ORIGINAL SPONSOR OF V2

#

#$DB_POSTFIX_DSN="mysql:host=localhost;dbname=postfix";

#$DB_POSTFIX_USER="root";

#$DB_POSTFIX_PASS="";

?>

[root@mail ~]#

9. Reload the httpd services with

[root@mail ~]# su - zimbra -c "zmapachectl restart"

Stopping apache...done.

Starting apache...done.

[root@mail ~]#

You can now access the webui from http://yourzimbraserver:7780/webui/index.php

10. Copy the cluebringer-httpd.conf file from the CBPolicyd folder to the Zimbra's conf/ folder:

[root@mail htdocs]# cd /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/con

conf/ config.3379 contrib/

[root@mail htdocs]# cp /opt/zimbra/cbpolicyd/share/contrib/httpd/cluebringer-httpd.conf /opt/zimbra/conf/

[root@mail htdocs]# vim /opt/zimbra/conf/cluebringer-httpd.conf

[root@mail htdocs]#

[root@mail htdocs]#

[root@mail htdocs]# vim /opt/zimbra/conf/cluebringer-httpd.conf

[root@mail htdocs]# vim /opt/zimbra/conf/httpd.conf

[root@mail htdocs]# vim /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php

[root@mail htdocs]# su - zimbra -c "zmapachectl restart"

Stopping apache...done.

Starting apache...done.

[root@mail htdocs]# vim /opt/zimbra/cbpolicyd-2.0.10/share/webui/includes/config.php

[root@mail htdocs]# su - zimbra -c "zmapachectl restart"Stopping apache...done.

Starting apache...done.

[root@mail htdocs]# vim /opt/zimbra/conf/cluebringer-httpd.conf [root@mail htdocs]# su - zimbra -c "zmapachectl restart"

Stopping apache...done.

Starting apache...done.