How To Install PolicyD on Zimbra 8.5

Posted by

What is Policyd?

Policyd is an anti spam plugin. Policyd have some module like quotas, access control, spf check, greylisting and others.

Zimbra Collaboration Suite is an email server who use Postfix as engine for MTA. By default, policyd have been bundled with Zimbra from Zimbra version 7.

Why we must use Policyd?

Policyd have module quotas. This module can use for limit sending/receipt email. As example just allow sending/receipt email 200 emails/hours/users. If your email server attacked by spam or compromised password some users and used by spammer, the maximum email can be sent as many as 200 emails per hour. This policy will safe your IP public from blacklist on RBL. Besides, you can check who user send email with many email

How To Install Policyd on Zimbra 8.5?

This guidance is step by step how to install policyd on Zimbra 8.5 and latest

# Activate Policyd

su - zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

# Activate Policyd WebUI

– For Zimbra 8.5/8.6

Run the following command as root

cd /opt/zimbra/httpd/htdocs/
ln -s ../../cbpolicyd/share/webui .

Edit file /opt/zimbra/cbpolicyd/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

See the following example

#$DB_DSN="mysql:host=localhost;dbname=cluebringer";
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
$DB_USER="root";

Update 18 May 2017

– For Zimbra 8.7.x/8.8.x

Run the following command as root

cd /opt/zimbra/data/httpd/htdocs/
ln -s /opt/zimbra/common/share/webui/ .

Edit file /opt/zimbra/common/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

See the following example

#$DB_DSN="mysql:host=localhost;dbname=cluebringer";
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
$DB_USER="root";

Restart Zimbra service  and Zimbra Apache service

su - zimbra -c "zmcontrol restart"
su - zimbra -c "zmapachectl restart"

You can now access the Policyd Webui with browser at URL http://IPZimbra:7780/webui/index.php

Good luck and hopefully useful 😀

Let’s See the Video on Youtube

241 comments

  1. hi
    i am facing this error can you please guide me what is this :

    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:2/Name:Default Outbound]: Error while processing source item ‘%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:3/Name:Default Inbound]=>(group:internal_ips): – Resolved source ” to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:3/Name:Default Inbound]: Error while processing source item ‘!%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:4/Name:Default Internal]=>(group:internal_ips): – Resolved source ” to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:4/Name:Default Internal]: Error while processing source item ‘%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [CBPOLICYD] INFO: Got request #21 (pipelined)
    [2019/09/18-12:22:55 – 60713] [CORE] INFO: module=Quotas, mode=update, host=202.63.219.8, helo=mail2.hbfcl.com, from=hbl.estatement@hbl.com, to=rashid.ahmed@hbfc.com.pk, reason=quota_update, policy=6, quota=3, limit=4, track=Sender:hbl.estatement@hbl.com, counter=MessageCount, quota=4.93/1000 (0.5%)
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:2/Name:Default Outbound]=>(group:internal_ips): – Resolved source ” to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:2/Name:Default Outbound]: Error while processing source item ‘%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:3/Name:Default Inbound]=>(group:internal_ips): – Resolved source ” to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:3/Name:Default Inbound]: Error while processing source item ‘!%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:4/Name:Default Internal]=>(group:internal_ips): – Resolved source ” to a IP/CIDR specification, but its INVALID: awitpt::netip::new(96): Failed to guess IP address version
    [2019/09/18-12:22:55 – 60713] [POLICIES] WARNING: [ID:4/Name:Default Internal]: Error while processing source item ‘%internal_ips’, skipping…
    [2019/09/18-12:22:55 – 60713] [CBPOLICYD] INFO: Got request #22 (pipelined)

  2. Hi Ahmad,

    Thank You for this very comprehensive guide. I was able to sucessfully implement it. I just have a question is it possible if I get a notification if an email is already using 50% of the allocated quota?

    Thank You.

  3. mas Iman, mohon bantuannya, cbpolicyd nya error spt ini :

    [TRACKING] ERROR: Failed to select session tracking info: awitpt::db::dblayer::DBSelect(126): Error executing select: database is locked

    cara memperbaikinya gimana yah mas ? awalnya sy ikutin tutorial mas iman di zimbra 8.6, working nicely,
    kemudian sy migrasi mail server sy dari sles11 zimbra 8.6 ke centos 7 , zimbra 8.8.15.

    tp untuk cbpolicyd nya error spt diatas,
    mohon pencerahan dari mas Iman,

    Terimakasih.

  4. Hello Sir,

    I have implemented policyd services with above procedure and thanks for that,
    my policyd services is not running and getting following error in cbpolicyd.log

    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: Process Backgrounded
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: PolicyD v2 / Cluebringer – v2.1.x-201205100639
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: Initializing system modules.
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: System modules initialized.
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: Module load started…
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => AccessControl: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => Accounting: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => Amavis: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => CheckHelo: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => CheckSPF: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => Greylisting: disabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => Quotas: enabled
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: => Protocol(Postfix): enabled
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: Module load done.
    [2020/03/02-16:14:37 – 23524] [CBPOLICYD] NOTICE: Session tracking is ENABLED.
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: 2020/03/02-16:14:37 cbp (type Net::Server::PreFork) starting! pid(23524)
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: Setting gid to “982 982”
    [2020/03/02-16:14:37 – 23524] [CORE] INFO: Setting up serialization via flock
    [2020/03/02-16:14:37 – 23524] [CORE] INFO: Beginning prefork (4 processes)
    [2020/03/02-16:14:37 – 23524] [CORE] INFO: Starting “4” children
    [2020/03/02-16:14:37 – 23526] [CORE] ERROR: 2020/03/02-16:14:37 Couldn’t open lock file “./XK_T_QrltO”[Permission denied]
    at line 213 in file /opt/zimbra/common/lib/perl5/Net/Server/PreFork.pm
    [2020/03/02-16:14:37 – 23527] [CORE] ERROR: 2020/03/02-16:14:37 Couldn’t open lock file “./XK_T_QrltO”[Permission denied]
    at line 213 in file /opt/zimbra/common/lib/perl5/Net/Server/PreFork.pm
    [2020/03/02-16:14:37 – 23528] [CORE] ERROR: 2020/03/02-16:14:37 Couldn’t open lock file “./XK_T_QrltO”[Permission denied]
    at line 213 in file /opt/zimbra/common/lib/perl5/Net/Server/PreFork.pm
    [2020/03/02-16:14:37 – 23524] [CORE] NOTICE: 2020/03/02-16:14:37 Server closing!

  5. Iman: hi! Great manual, i hardly wait to use it. But before doing modification (just don’t wanna break something) i just wannt to ask you if i can apply your manual to FOSS (community version of Zimbra) or it is only for commercial version of Zimbra? I still use Zimbra 8.5.1 FOSS (community) edition and would like to apply your manual on it.

    Thank you!

  6. Hi,
    Can we add sender bcc in policyd? I’ve created a group in policyd, if members in the group sends email then a copy of that email should send to manager ID. Kindly check and advice.

  7. very helpful guide, I’ve installed cbpolicyd, the service is running but I can’t access the webui, I get a 404 error on zimbra 8.8.15

  8. mas iman saya pas su – zimbra disuruh masukin password, nah saya tidak tau harus menggunakan password yg mana yah? soalnya pake password adminnya gamasuk. mohon pencerahanya yah mas

    1. Hi mas Rizal,
      Pastikan ketika melakukan su – zimbra, posisinya sedang login sebagai user ROOT. Untuk cek user yang sedang digunakan apa, bisa dicek dengan perintah id. Jika sudah sebagai user Zimbra, tidak perlu lagi untuk menjalankan perintah su – zimbra

  9. Hello and thank you for the comprehensive guide. I followed you steps but the policy does not seem to be working. Any suggestions?

  10. Hi
    I have a problem after the installation.
    I tried to configure the policy group but it data doesnt appear after I add and submit it. I
    Its a completely blank page
    Thanks,

Leave a Reply to Cliff Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.