Posted by What is Policyd?
Policyd is an anti spam plugin. Policyd have some module like quotas, access control, spf check, greylisting and others.
Zimbra Collaboration Suite is an email server who use Postfix as engine for MTA. By default, policyd have been bundled with Zimbra from Zimbra version 7.
Why we must use Policyd?
Policyd have module quotas. This module can use for limit sending/receipt email. As example just allow sending/receipt email 200 emails/hours/users. If your email server attacked by spam or compromised password some users and used by spammer, the maximum email can be sent as many as 200 emails per hour. This policy will safe your IP public from blacklist on RBL. Besides, you can check who user send email with many email
How To Install Policyd on Zimbra 8.5?
This guidance is step by step how to install policyd on Zimbra 8.5 and latest
# Activate Policyd
su - zimbra zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd
# Activate Policyd WebUI
– For Zimbra 8.5/8.6
Run the following command as root
cd /opt/zimbra/httpd/htdocs/ ln -s ../../cbpolicyd/share/webui .
Edit file /opt/zimbra/cbpolicyd/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
See the following example
#$DB_DSN="mysql:host=localhost;dbname=cluebringer"; $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb"; $DB_USER="root";
Update 18 May 2017
– For Zimbra 8.7.x/8.8.x
Run the following command as root
cd /opt/zimbra/data/httpd/htdocs/ ln -s /opt/zimbra/common/share/webui/ .
Edit file /opt/zimbra/common/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
See the following example
#$DB_DSN="mysql:host=localhost;dbname=cluebringer"; $DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb"; $DB_USER="root";
Restart Zimbra service and Zimbra Apache service
su - zimbra -c "zmcontrol restart" su - zimbra -c "zmapachectl restart"
You can now access the Policyd Webui with browser at URL http://IPZimbra:7780/webui/index.php
Good luck and hopefully useful 😀
Let’s See the Video on Youtube
Thanks Iman,
I added the whitelist as a sender IP.
I have another question.. My Network Consist of 3 Network
10.10.10.x – DMZ where my zimbra server resides and have different Public IP/ISP provider
192.168.2.xx/23- LAN – different Public IP provider – 222.33.44.55
192.168.1.x/24 – LAN – different Public IP provider – example 111.22.23.234
our IP in LAN was blacklisted and a lot of users can’t send email to other mail server specially gmail/yahoo..
my email server public IP have a good reputation, how can I resolve and prevent this?
here is my zimbra MTA
[zimbra@mail sysadmin]$ postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.10.0/24 [::1]/128 [fe80::]/64
Thanks!
Hello Ferjun,
– Please make trusted network become 127.0.0.0/8 10.10.10.x/32 -> x is IP of your Zimbra
– Block all connection port 25 from LAN to Internet and only allow from your Zimbra server
Hi,
I not able to find httpd folder in ubuntu 14.04 and zimbra 8.7. Kindly guide to configure policyd. And i want to restrict user can send upto 10 email id at the time
Hello Pandiyan,
1. i have not tried Zimbra 8.7. I will try in my lab
2. You can change this rule smtpd_recipient_limit with your aim
Hello Iman,
CBPolicyD GUI for Zimbra 8.7 why is not compatible?
The script (for Zimbra 8.5) makes the instalation until the end, but I don’t have access with GUI.
I can’t see the folder “cbpolicyd” under: /opt/zimbra/.
Can You help me?
Hello Adam,
I will try in my lab about how to implement on Zimbra 8.7
Hi Iman,
Most of our email user encounter error below:
450 4.7.1 : Sender address rejected: Access denied
our zimbra have multidomain setup, when they send to multiple recipient this error occured..
appreciate your help..
Thanks!
Hello Ferjun,
Did you sending email from user that not owned by server?
Hi Iman,
when I run
egrep ‘(reject|warning|error|fatal|panic):’ /var/log/zimbra.log
i have a lot of warning can’t resolve to 111.55.XX.XX – is my public IP
I follow your installation guide, using split DNS
Aug 10 22:06:28 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
Aug 10 22:07:06 mail postfix/smtpd[12061]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
Aug 10 22:07:41 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
Aug 10 22:09:09 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
Aug 10 22:09:09 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
Aug 10 22:09:24 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
Aug 10 22:10:24 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
Thanks!
Hello Ferjun,
Please paste the results from these command
Hi Iman,
[sysadmin@mail ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search mydomain.com
nameserver 172.16.20.40
nameserver 8.8.8.8
[sysadmin@mail ~]$ cat /etc/hosts
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost
172.16.20.40 mail.mydomain.com mail
[sysadmin@mail ~]$ nslookup mail.mydomain.com
Server: 172.16.20.40
Address: 172.16.20.40#53
Name: mail.mydomain.com
Address: 172.16.20.40
we also experiencing very slow zimbra webmail..
Hello Ferjun,
Your configuration has been good. Please try to change LMTP with run the following command :
hi iman,
I already changed mail.cf – lmtp_host_lookup = dns to lmtp_host_lookup = native , but still issue doesn’t resolve.
I also having permission issue below..
I tried to fix permission but does not resolve the issue. (run this twice)
As “root” user:
1) su – zimbra -c ‘zmcontrol stop’
2) /opt/zimbra/libexec/zmfixperms -v -e
3) su – zimbra -c ‘zmcontrol start’
4 23:17:28 mail zmconfigd[21238]: Exception in bin/zmsaslauthdctl: (Cannot run program “/opt/zimbra/bin/zmsaslauthdctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmswatchctl: (Cannot run program “/opt/zimbra/bin/zmswatchctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmspellctl: (Cannot run program “/opt/zimbra/bin/zmspellctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmstatctl: (Cannot run program “/opt/zimbra/bin/zmstatctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmclamdctl: (Cannot run program “/opt/zimbra/bin/zmclamdctl” (in directory “/root”): error=13, Permission denied)
HI iman
i installed zimbra 8.7 Open source edition on Cent Os 7 – 64 bit.. SIngle server
Is there any way to Implement Policyd on this.
A kind request,
your help is needed
Hello Suresh,
I think the guidance still same for Zimbra 8.7
Hi iman
The script (for Zimbra 8.5) makes the installation until the end, but I don’t have access with GUI.
I can’t see the folder “cbpolicyd” under: /opt/zimbra/.
Zimbra 8.7 does not work
Here is a way for it to work with new locations
http://haffi.is/wp/?p=38
Thanks for sharing Haffi 🙂
Fro Zimbra 8.7 using this link, and after finished you will get forbidden access but don’t worry, use this link https://imanudin.net/2014/09/12/zimbra-tips-how-to-protect-policyd-webui/
to create protection but because it’s have different folder I will give my way below ;
create .htpasswd
cd /opt/zimbra/common/share/webui/
vi .htaccess
fill with the following lines
view sourceprint?
AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName “User and Password”
AuthType Basic
require valid-user
create htpasswd file, username and password
view sourceprint?
touch .htpasswd
/opt/zimbra/common/bin/htpasswd -cb .htpasswd USERNAME PASSWORD <—– change with your user and password
change username and password with username/password do you want. Edit httpd.conf Apache Zimbra
view sourceprint?
vi /opt/zimbra/conf/httpd.conf
add the following configuration at the bottom
view sourceprint?
Alias /webui /opt/zimbra/common/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
Restart Apache Zimbra service
view sourceprint?
su – zimbra -c “zmapachectl restart”
Sori I mean use this link http://haffi.is/wp/?p=38
Hi Alexander,
Thanks for sharing 🙂
Thanks Iman, I will try it.
this path doesn’t exist in 8.7 AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
Hi,
Please see my update on the article about configure WebUI for Zimbra 8.7.x
Hi Iman and Alexander, After upgrade to 8.7 I can’t access PolicyD and follow your guide to update PolicyD and it works fine w/o authentication.
I have 2 cbpolicyd in /opt/zimbra/ with same content and also try to change AuthUserfile to “AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd and AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd”
PolicyD is working fine without password, after doing this I got Internal Server error.
after deleting the created .htacess on opt/zimbra/common/share/webui/ it works fine again..
Do you have any idea what’s wrong with my configuration? Thanks..
[root@mail webui]# cd /opt/zimbra/cbpolicyd
cbpolicyd/ cbpolicyd-2.1.0-beta/
[root@email]# cd /opt/zimbra/common/share/webui/
[root@email]# vi .htaccess
#AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd
AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName “User and Password”
AuthType Basic
require valid-user
Hello Ferjun,
Please change AuthuserFile location with /opt/zimbra/common/share/webui/
Hi,
can you help me and tell how to disable / uninstall policyd from zimbra server ?
Thanks for your help!
Hello Kamal,
Please perform the following command
Mas Iman,
saya menggunakan ubuntu 14.04 zimbra 8.6. ngikutin tutorial diatas, hasilnya setelah zmcontrol restart:
cbpolicyd stop
policyd is not running.
kalo buka webui bisa, tapi pas klik menu muncul ini:
Error connecting to Policyd v2 DB: invalid data source name.
Mohon bantuannya Mas.
Terima kasih
Hi mas,
Sepertinya konfigurasi yang dilakukan ada yang miss. Khususnya pada bagian konfigurasi DB. Silakan dicek kembali
justru itu saya belum ngerti, hehe.. mungkin mas iman bisa ngasih arahan bagaimana konfig DB-nya?
Coba cek panduan yang ini saja mas : https://imanudin.com/2014/10/16/tips-mengaktifkan-cbpolicyd-pada-zimbra-8-5/
My cbpolicyd lock and show this error on log
[2016/12/15-17:07:29 – 15009] [QUOTAS] ERROR: Failed to update quota_tracking item: awitpt::db::dblayer::DBDo(173): Error executing command ‘
%09%09%09%09%09UPDATE
%09%09%09%09%09%09quotas_tracking
%09%09%09%09%09SET
%09%09%09%09%09%09Counter = Counter + ?,
%09%09%09%09%09%09LastUpdate = ?
%09%09%09%09%09WHERE
%09%09%09%09%09%09QuotasLimitsID = ?
%09%09%09%09%09%09AND TrackKey = ?
%09%09%09%09%09’: database is locked
what happen ??
Hi,
I think your policyd getting hard work. Please tuning your policyd as mention in this guidance : https://wiki.zimbra.com/wiki/How-to_for_cbpolicyd#Performance_tuning
Hai mas imam,
Saya coba aktifkan cbpolicyd pada zimbra 8.6 di Ubuntu 14.04 tapi hasilnya ketika dibuka Error connecting to Policyd v2 DB: could not find driver. itu kenapa yah mas?
terima kasih
Hi mas Septiadi,
Pastikan database sudah dikonfigurasi sesuai dengan panduan pada link ini.
Hi,
Very useful article
Thanks very much. It worked out for me
how to un-install cbpolicyD ??
Hello Nagendra,
You can perform the following command
Hello Iman,
I tried to install and enable cbpolicyd but my server stopped sending out mails
I found following error in zimbra.log
Apr 8 12:33:29 mail postfix/smtpd[26089]: NOQUEUE: reject: RCPT from mail.mydomain.com[192.168.100.1]: 451 4.3.5 Server configuration problem; from= to= proto=ESMTP helo=
cbpolicyd.log was throwing.
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Process Backgrounded
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer – v2.1.x-201205100639
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Initializing system modules.
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: System modules initialized.
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Module load started…
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => AccessControl: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Accounting: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Amavis: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => CheckHelo: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => CheckSPF: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Greylisting: disabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Quotas: enabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Protocol(Postfix): enabled
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Protocol(Bizanga): enabled
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Module load done.
[2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Session tracking is ENABLED.
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: 2017/04/08-12:28:55 cbp (type Net::Server::PreFork) starting! pid(18826)
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Resolved [localhost]:10031 to [::1]:10031, IPv6
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
[2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Binding to TCP port 10031 on host ::1 with IPv6
[2017/04/08-12:28:55 – 18826] [CORE] ERROR: 2017/04/08-12:28:55 Can’t connect to TCP port 10031 on ::1 [Cannot assign requested address]
at line 68 in file /opt/zimbra/zimbramon/lib/Net/Server/Proto/TCP.pm
I did some RnD and found disabling IPv6 can cause that. I had disabled IPv6 on server so I commented out in /etc/hosts like below file and restarted services.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
After that it worked like a charm.
Hope this will help someone with same issue.
Hi Imran,
Thanks for the tips. Appreciated 🙂
My policy it works correctly, but there is a problem, i have 2000 accounts in my domain, but two of them send 1600 mails daily. How i can apply the police for all users except my two masive accounts?
Hi LeoDelgado,
You can configure Policy as follows
Source : !monitoring@imanudin.net,!admin@imanudin.net
Destination : !@imanudin.net
The above configuration will pass rate limit if sender from monitoring and admin
hi !!
i trying to configure policyd but facing trouble
i have configured “zcs-8.7.9_GA_1794.RHEL7_64.20170505054622 ” server on cent 7.
i tried to follow ur steps ,step 1 and 2 worked
but from step 3 i am unable to perform…
error is
-bash: cd: /opt/zimbra/httpd/htdocs/: No such file or directory
Hi Piyush,
I’ve updated the article. Please check my update 18 May 2017 in the article
how to add bulk email id in policy group members
Hello,
You can use Sqlite command line. The example configuration, you can find from here : https://wiki.zimbra.com/wiki/Cluebringer_Policy_Daemon#Defining_a_greylisting_policy_with_cbpolicyd
Hi Iman Brother,
I did everything just like this tutorial. But I’m having problem. I can see Policyd Web Administration but I can’t see any rule there and I can’t also add any rule into it. It just happen nothing. and shows nothing. Policies Quotas everything are showing empty.
I have an idea.. I think my database is not readable or something like this. But I don’t know how to fix this on sqlite.
Can you please tell me how can I fix it?
Hi Serazum Munir,
Please re-populate database
Hi,
I’m having some issues enabling the WEBUI.
See, my zimbra is set up as a multiserver configuration, so, I have a ldap server, a mbox server and a mta server.
I enabled cbpolicy d on the MTA, since it seemed the most sensible, but now I have /opt/zimbra/cbpolicyd/share/webui on
the MTA and /opt/zimbra/data/httpd/htdocs/ on the Mbox.
What should I do?
Hi Facundo,
You only need to enable CBPolicyD on MTA servers.
Hi,
Can cbpolicyd running in multi server environment? If yes in which server i need to install cbpolicyd plugin either in MTA or Mailbox…
This has been answered in your earlier post.
Thx man.
CBPolicyD WebUI Restriction For 8.7.11
step1. cd /opt/zimbra/common/share/webui/
vi .htaccess
AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName “User and Password”
AuthType Basic
require valid-user
————————————————————————————————–
step2. touch .htpasswd
/opt/zimbra/common/bin/htpasswd -cb .htpasswd USERNAME PASSWORD
—————————————————————————————————————————-
step3. vi /opt/zimbra/conf/httpd.conf
Alias /webui /opt/zimbra/common/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
———————————————————————————————————————————————-
step4. Run the following command as root
1. cd /opt/zimbra/data/httpd/htdocs/
2. ln -s /opt/zimbra/common/share/webui/
step5. su – zimbra -c “zmapachectl restart”
Tested working fine……
I am config same you. But, error: http://prntscr.com/j2riuj
I think this is due to the .htaccess file configuration. Can you help me solve this.
I am config: cd /opt/zimbra/common/share/webui/
vi .htaccess
http://prntscr.com/j2rkd1
Many Thanks!
Hi Hant,
How if you remove htaccess configuration from Zimbra Apache? it’s still problem access or not?
I’am remove from Zimbra Apache, it is good, but add .htaccess —>>error
mas iman,
saya sukses install policyD web ui
tetapi sewaktu create add polices group, tidak bisa tercreate group yang sudah yg saya buat, masih kosong policyd default.
saya lakukan berulang2 tetapi tidak bisa juga di create group nya
Hi mas,
Coba jalankan perintah yang ada pada comment disini : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/comment-page-2/#comment-19201
su – zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd
apakah ‘zmhostname’ ini hostname or domain
example : mail.testing.com or testing.com or tetap zmhostname
tks mas iman
Hi mas,
`zmhostname` ditulis apa adanya. Tanda (`) bukan kutip satu. Melainkan tanda backtick (`). Tanda tersebut adanya dibawah tombol esc
Hi Iman if i suppose to move my policy as it is from zimbra 8.6 to 8.8 new server so how can i do this can you please guide us.
Hi,
Yes you can. You can copy/rsync policyd database from old server into new server. You can find PolicyD database from this location
Hi,
Thanks for all the help. But I am receiving a wired error when I am trying to start Apache.
Starting apache...httpd: Syntax error on line 148 of /opt/zimbra/conf/httpd.conf: Cannot load modules/libphp5.so into server: libaspell.so.15: cannot open shared object file: No such file or directory failed.Well the problem speaks for itself but I could not locate any solution for that on my Ubuntu host machine. It would be very kind of you if you know the solution. As geegle’s search is bringing strange results.
Hi Omi,
You can install aspell package from your Ubuntu to solve the problem
Thanks a lot. It worked!
I followed the tutorial and was successful in enabling PolicyD and also done Protect Policyd WebUI ,but unfortunately none of the Policy is not getting saved ,nothing is getting written to sqlite db.
Can you suggest what to do next .Using zimbra 8.8.5 and location of sqlite.db is /opt/zimbra/data/cbpolicyd/db# ls -ltr
total 0
-rw-r—– 1 zimbra zimbra 0 Mar 6 05:17 cbpolicyd.sqlitedb
Hi Deepa,
Maybe you should re-create database. Please look at guidance from this link : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/comment-page-2/#comment-19201
I tried to do as mentioned in the link ,still not able to see any tables inside sqlite .
sqlite3 cbpolicyd.sqlitedb
SQLite version 3.11.0 2016-02-15 17:29:24
Enter “.help” for usage hints.
sqlite>
sqlite> .tables
sqlite> .quit
Hi Deepa,
You can remove database firstly and re-create again
Yes I recreated with help of https://wiki.zimbra.com/wiki/Database_errors_in_ZCS_8.6 document and now able to see the tables in it .
sqlite> .tables
accounting_tracking greylisting_whitelist
checkhelo_blacklist policy_group_members
checkhelo_tracking policy_groups
checkhelo_whitelist policy_members
greylisting_autoblacklist quotas_limits
greylisting_autowhitelist quotas_tracking
greylisting_tracking session_tracking
Thanks for all your help 🙂
Hi Deepa,
Glad to hear that 🙂
Hi Iman,
I’m having some issues installing the Cbpolicyd.
My zimbra is set up as a multiserver, so I have a ldap server, a proxy server, a mailbox server and a mta server.
Follow your guide, I don’t know how to install, because I have /opt/zimbra/cbpolicyd/share/webui on
the MTA server and /opt/zimbra/data/httpd/htdocs/ on the Mailbox server.
What should I do?
Hi Kaidou,
You should install Policyd on MTA servers. If you need to expose Policyd WebUI, you can use Apache from system instead of Zimbra
Thank you very much, Iman.
Mas,
kalau untuk zimbra multi server install cbpolcyd nya di mana ya mas (ldap, smtp, mailbox) ?
saya udah coba install di mailbox tp pas di restart servicenya cbpolcyd nya ga mau running tetep stopped
kalau misalnya install di smtp cbpolcyd nya bisa running cuma web polcyd nya ga bisa akses sqlite nya
mohon masukannya mas
thanks
Hi mas Herry,
Untuk akses Webuinya, bisa menggunakan apache bawaan sistem. Contohnya seperti pada link berikut : https://imanudin.com/2013/10/01/tips-zimbra-implementasi-policyd-pada-zimbra-multi-server/. Untuk pathnya, silakan disesuaikan
Salaam Iman
I did everything as instructed. Now when I run: su – zimbra -c “zmapachectl restart”
I see this error:
Starting apache…httpd: Syntax error on line 148 of /opt/zimbra/conf/httpd.conf: Cannot load modules/libphp5.so into server: libaspell.so.15: cannot open shared object file: No such file or directory
failed.
Do you know any solution for this? I think without this step I cannot use PolicyD. My Zimbra is 8.6.0 in case you need to know. Would appreciate a suggestion from you.
Hi Omi Azad,
Please try to install spell or aspell package. And you can try again to restart Zimbra Apache
Hi Iman.
I did everything as instructed and everything has work king good. But today when i go to web gui had an error:
Error connecting to the database: SQLSTATE[HY000] [14] unable to open database file
And please teach me how to fix that. Thanks!
Hi Tung Nguyen,
Please try to give permission access to your database. I am usually perform this action 🙂
Many thanks Iman.
I had resolved this problem,
cd /opt/zimbra/data/cbpolicyd
chmod -R 755 db
Not Found
The requested URL /webui/index.php was not found on this server.
am getting this error on zimbra 8.8.9
Hi,
Please adjust with your Zimbra version. Please see the guidance for Zimbra 8.8.x
I have the same problem than @nagendra. Where I need adjust the Zimbra version?
Hi Nahim,
You can see guidance on “Update 18 May 2017”
i followed the same but still not working.. how to un-install and install again
Hello,
I configured it as in the tutorial. External receivers (gmail.com, hotmai.com) also have quotas.
I would like to disable quotas for external incoming emails. How do I do?
Hello Andre,
You can define a source with your domain only. Below is example
Hi Imam,
How if there is no httpd directory on this step
“cd /opt/zimbra/httpd/htdocs/
ln -s ../../cbpolicyd/share/webui” ?
Thanks
Hello,
What Zimbra version? please use guidance “Update 18 May 2017” if using Zimbra 8.7 and latest
Hi Imam,
I use Zimbra 8.6 and i try to setup cbpolicyd on it but i cannot access the WEB GUI. it got error
This site can’t be reached
x.x.x.x refused to connect.
Search Google for 178 7780 webui index
ERR_CONNECTION_REFUSED
i try to telnet using port 7780 and it didnt work.
Can you help me?
Hello,
Please make sure you has been restart Zimbra Apache and running well
Hi Iman,
This happen when i send an email
Le mail n’a pas été envoyé ; une ou plusieurs adresses n’ont pas été acceptées.
Adresses rejetées : alphar
Hello Kadedr,
Please try to check zimbra.log to get more information
Hello,
My policy is not working emails that should be deffered are rather getting rejected. I have configured the policy as 60 outgoing emails per minute and the emails which exceeds after 60 are not getting deffered. Do you have any solultion to this issue.
Thanks.
Hello Abin,
If an email that sent from the normal user, the email will be rejected. But if an email that sent from spam user (robot), the email will be deferred. This is caused too many emails received by the server. I also experienced it
Hello,
Great article.. It works..
But let me know does it work with SSL? I have geeting error when I put “https”
Best regards..
Hello,
You can use virtualhost and try to add this line on httpd.conf
ServerName mail.imanudin.net
SSLEngine on
SSLCertificateFile /opt/zimbra/ssl/zimbra/commercial/commercial.crt
SSLCertificateKeyFile /opt/zimbra/ssl/zimbra/commercial/commercial.key
SSLCertificateChainFile /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Alias /webui /opt/zimbra/cbpolicyd/share/webui/
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
My both emails from both user account and robot(application) are not getting deffered the emails are directly rejected. You mentioned that the emails from robot should be deffered but that emails are also not getting deffered after the limit limitation value exceeds.
Do you have soultion for which the emails should be deffered.???
Will look forward to it as soon as possible
Hello,
You can install 2 servers. First server without limitation and the second server with Policyd. All email from the first server relayed to the second server.
i got error iman /opt/zimbra/bin/zmcbpolicydctl status norewrite returned 1 (24 – 13) (0.01 sec). why and where i need to change. looks like ownership user root or user zimbra problem
Hello,
Please make sure you are login as Zimbra user (su – zimbra, not su zimbra)
My zimbra is distributed, I have the mail, mta and ldapetween, where should I do an installation?
This destination htdocs only exists in the mailbox.
cd /opt/zimbra/httpd/htdocs/ ; ln -s ../../cbpolicyd/share/webui .
Would you run this command in mta?
zmprov ms `zmhostname` + zimbraServiceInstalled cbpolicyd + zimbraServiceEnabled cbpolicyd
Or would you run this command no mailbox stating mta?
zmprov ms mta.zimbra.com + zimbraServiceInstalled cbpolicyd + zimbraServiceEnabled cbpolicyd
Hello,
Please see from this comment : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/comment-page-2/#comment-21766
It worked, thanks!
hi
Thanks for you guidiance can you please tell me if i want to change it 200 emails/hours/users from 1000 emails/hours/users how can i change this thing . please let me know . i am using zimbra open source.
Hello,
You can change from quotas menu. Please see the example from this link : https://imanudin.net/2014/09/09/zimbra-tips-how-to-configure-rate-limit-sending-message-on-policyd/
Hello,
i have around 600 users. How to set policy that user can send emails more than 200 per hours. is there any solutions.
Hello,
If you have been installed Policyd, you can change from quotas menu. Please see the example from this link : https://imanudin.net/2014/09/09/zimbra-tips-how-to-configure-rate-limit-sending-message-on-policyd/
hi
i am facing this problem since last 2 weeek . can you please let me know how to resolve this issue.
i have change ip and update all dns record as well like spf dkmi and dmarc . please let me know how to resolve this type. i have flled google support form too manay times. looknig your response. its just issue with gmail .
Error:
This is the mail system at host mail.hbfc.com.pk.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
: host alt1.gmail-smtp-in.l.google.com[108.177.14.27]
said: 550-5.7.1 [202.63.219.250 12] Our system has detected that this
message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam
sent to Gmail, 550-5.7.1 this message has been blocked. Please visit
550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550
5.7.1 for more information. z85si37729198ljb.177 – gsmtp (in reply to end
of DATA command)
Hello,
Please use another IP. Or you can use SMTP Relay like Sendgrid
i changed two times .should i use different network class?
Yes, you can try change with different network class
is it posible to disable session_tracking, saya hanya perlu quota dan spf
Untuk tracking, bisa diclean setiap malam : https://wiki.zimbra.com/wiki/How-to_for_cbpolicyd#Script_to_purge_sesstion_tracking_DB