How To Install PolicyD on Zimbra 8.5

Posted by

What is Policyd?

Policyd is an anti spam plugin. Policyd have some module like quotas, access control, spf check, greylisting and others.

Zimbra Collaboration Suite is an email server who use Postfix as engine for MTA. By default, policyd have been bundled with Zimbra from Zimbra version 7.

Why we must use Policyd?

Policyd have module quotas. This module can use for limit sending/receipt email. As example just allow sending/receipt email 200 emails/hours/users. If your email server attacked by spam or compromised password some users and used by spammer, the maximum email can be sent as many as 200 emails per hour. This policy will safe your IP public from blacklist on RBL. Besides, you can check who user send email with many email

How To Install Policyd on Zimbra 8.5?

This guidance is step by step how to install policyd on Zimbra 8.5 and latest

# Activate Policyd

su - zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

# Activate Policyd WebUI

– For Zimbra 8.5/8.6

Run the following command as root

cd /opt/zimbra/httpd/htdocs/
ln -s ../../cbpolicyd/share/webui .

Edit file /opt/zimbra/cbpolicyd/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

See the following example

#$DB_DSN="mysql:host=localhost;dbname=cluebringer";
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
$DB_USER="root";

Update 18 May 2017

– For Zimbra 8.7.x/8.8.x

Run the following command as root

cd /opt/zimbra/data/httpd/htdocs/
ln -s /opt/zimbra/common/share/webui/ .

Edit file /opt/zimbra/common/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

See the following example

#$DB_DSN="mysql:host=localhost;dbname=cluebringer";
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
$DB_USER="root";

Restart Zimbra service  and Zimbra Apache service

su - zimbra -c "zmcontrol restart"
su - zimbra -c "zmapachectl restart"

You can now access the Policyd Webui with browser at URL http://IPZimbra:7780/webui/index.php

Good luck and hopefully useful 😀

Let’s See the Video on Youtube

283 comments

  1. Thanks Iman,

    I added the whitelist as a sender IP.

    I have another question.. My Network Consist of 3 Network

    10.10.10.x – DMZ where my zimbra server resides and have different Public IP/ISP provider
    192.168.2.xx/23- LAN – different Public IP provider – 222.33.44.55
    192.168.1.x/24 – LAN – different Public IP provider – example 111.22.23.234

    our IP in LAN was blacklisted and a lot of users can’t send email to other mail server specially gmail/yahoo..
    my email server public IP have a good reputation, how can I resolve and prevent this?

    here is my zimbra MTA
    [zimbra@mail sysadmin]$ postconf mynetworks
    mynetworks = 127.0.0.0/8 10.10.10.0/24 [::1]/128 [fe80::]/64

    Thanks!

    1. Hello Ferjun,

      – Please make trusted network become 127.0.0.0/8 10.10.10.x/32 -> x is IP of your Zimbra
      – Block all connection port 25 from LAN to Internet and only allow from your Zimbra server

  2. Hi,

    I not able to find httpd folder in ubuntu 14.04 and zimbra 8.7. Kindly guide to configure policyd. And i want to restrict user can send upto 10 email id at the time

    1. Hello Pandiyan,

      1. i have not tried Zimbra 8.7. I will try in my lab
      2. You can change this rule smtpd_recipient_limit with your aim

  3. Hello Iman,

    CBPolicyD GUI for Zimbra 8.7 why is not compatible?
    The script (for Zimbra 8.5) makes the instalation until the end, but I don’t have access with GUI.
    I can’t see the folder “cbpolicyd” under: /opt/zimbra/.
    Can You help me?

  4. Hi Iman,

    Most of our email user encounter error below:

    450 4.7.1 : Sender address rejected: Access denied

    our zimbra have multidomain setup, when they send to multiple recipient this error occured..

    appreciate your help..
    Thanks!

  5. Hi Iman,
    when I run
    egrep ‘(reject|warning|error|fatal|panic):’ /var/log/zimbra.log

    i have a lot of warning can’t resolve to 111.55.XX.XX – is my public IP
    I follow your installation guide, using split DNS

    Aug 10 22:06:28 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
    Aug 10 22:07:06 mail postfix/smtpd[12061]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
    Aug 10 22:07:41 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
    Aug 10 22:09:09 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
    Aug 10 22:09:09 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 1111.55.XX.XX
    Aug 10 22:09:24 mail postfix/smtpd[8742]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX
    Aug 10 22:10:24 mail postfix/smtpd[11548]: warning: hostname mail.mydomain.com does not resolve to address 111.55.XX.XX

    Thanks!

  6. Hi Iman,

    [sysadmin@mail ~]$ cat /etc/resolv.conf
    # Generated by NetworkManager
    search mydomain.com
    nameserver 172.16.20.40
    nameserver 8.8.8.8
    [sysadmin@mail ~]$ cat /etc/hosts
    #127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    #::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    127.0.0.1 localhost
    172.16.20.40 mail.mydomain.com mail

    [sysadmin@mail ~]$ nslookup mail.mydomain.com
    Server: 172.16.20.40
    Address: 172.16.20.40#53

    Name: mail.mydomain.com
    Address: 172.16.20.40

    we also experiencing very slow zimbra webmail..

    1. Hello Ferjun,

      Your configuration has been good. Please try to change LMTP with run the following command :

      zmprov mcf zimbraMtaLmtpHostLookup native
      
  7. hi iman,

    I already changed mail.cf – lmtp_host_lookup = dns to lmtp_host_lookup = native , but still issue doesn’t resolve.

    I also having permission issue below..

    I tried to fix permission but does not resolve the issue. (run this twice)

    As “root” user:
    1) su – zimbra -c ‘zmcontrol stop’
    2) /opt/zimbra/libexec/zmfixperms -v -e
    3) su – zimbra -c ‘zmcontrol start’

    4 23:17:28 mail zmconfigd[21238]: Exception in bin/zmsaslauthdctl: (Cannot run program “/opt/zimbra/bin/zmsaslauthdctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmswatchctl: (Cannot run program “/opt/zimbra/bin/zmswatchctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmspellctl: (Cannot run program “/opt/zimbra/bin/zmspellctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmstatctl: (Cannot run program “/opt/zimbra/bin/zmstatctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmmailboxdctl: (Cannot run program “/opt/zimbra/bin/zmmailboxdctl” (in directory “/root”): error=13, Permission denied)
    Aug 14 23:17:28 mail zmconfigd[21238]: Exception in bin/zmclamdctl: (Cannot run program “/opt/zimbra/bin/zmclamdctl” (in directory “/root”): error=13, Permission denied)

  8. HI iman
    i installed zimbra 8.7 Open source edition on Cent Os 7 – 64 bit.. SIngle server
    Is there any way to Implement Policyd on this.

    A kind request,
    your help is needed

  9. Hi iman
    The script (for Zimbra 8.5) makes the installation until the end, but I don’t have access with GUI.
    I can’t see the folder “cbpolicyd” under: /opt/zimbra/.

  10. Fro Zimbra 8.7 using this link, and after finished you will get forbidden access but don’t worry, use this link https://imanudin.net/2014/09/12/zimbra-tips-how-to-protect-policyd-webui/
    to create protection but because it’s have different folder I will give my way below ;
    create .htpasswd

    cd /opt/zimbra/common/share/webui/
    vi .htaccess
    fill with the following lines
    view sourceprint?
    AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
    AuthGroupFile /dev/null
    AuthName “User and Password”
    AuthType Basic

    require valid-user

    create htpasswd file, username and password
    view sourceprint?

    touch .htpasswd
    /opt/zimbra/common/bin/htpasswd -cb .htpasswd USERNAME PASSWORD <—– change with your user and password
    change username and password with username/password do you want. Edit httpd.conf Apache Zimbra
    view sourceprint?
    vi /opt/zimbra/conf/httpd.conf
    add the following configuration at the bottom
    view sourceprint?
    Alias /webui /opt/zimbra/common/share/webui/

    # Comment out the following 3 lines to make web ui accessible from anywhere
    AllowOverride AuthConfig
    Order Deny,Allow
    Allow from all

    Restart Apache Zimbra service
    view sourceprint?
    su – zimbra -c “zmapachectl restart”

    1. Hi Iman and Alexander, After upgrade to 8.7 I can’t access PolicyD and follow your guide to update PolicyD and it works fine w/o authentication.
      I have 2 cbpolicyd in /opt/zimbra/ with same content and also try to change AuthUserfile to “AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd and AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd”
      PolicyD is working fine without password, after doing this I got Internal Server error.

      after deleting the created .htacess on opt/zimbra/common/share/webui/ it works fine again..

      Do you have any idea what’s wrong with my configuration? Thanks..

      [root@mail webui]# cd /opt/zimbra/cbpolicyd
      cbpolicyd/ cbpolicyd-2.1.0-beta/

      [root@email]# cd /opt/zimbra/common/share/webui/
      [root@email]# vi .htaccess

      #AuthUserFile /opt/zimbra/cbpolicyd-2.0.10/share/webui/.htpasswd
      AuthUserFile /opt/zimbra/cbpolicyd/share/webui/.htpasswd
      AuthGroupFile /dev/null
      AuthName “User and Password”
      AuthType Basic

      require valid-user

    1. Hello Kamal,

      Please perform the following command

      su - zimbra
      zmprov ms `zmhostname` -zimbraServiceInstalled cbpolicyd -zimbraServiceEnabled cbpolicyd
      zmcontrol restart
      
  11. Mas Iman,
    saya menggunakan ubuntu 14.04 zimbra 8.6. ngikutin tutorial diatas, hasilnya setelah zmcontrol restart:
    cbpolicyd stop
    policyd is not running.
    kalo buka webui bisa, tapi pas klik menu muncul ini:
    Error connecting to Policyd v2 DB: invalid data source name.

    Mohon bantuannya Mas.
    Terima kasih

  12. My cbpolicyd lock and show this error on log

    [2016/12/15-17:07:29 – 15009] [QUOTAS] ERROR: Failed to update quota_tracking item: awitpt::db::dblayer::DBDo(173): Error executing command ‘
    %09%09%09%09%09UPDATE
    %09%09%09%09%09%09quotas_tracking
    %09%09%09%09%09SET
    %09%09%09%09%09%09Counter = Counter + ?,
    %09%09%09%09%09%09LastUpdate = ?
    %09%09%09%09%09WHERE
    %09%09%09%09%09%09QuotasLimitsID = ?
    %09%09%09%09%09%09AND TrackKey = ?
    %09%09%09%09%09’: database is locked

    what happen ??

  13. Hai mas imam,

    Saya coba aktifkan cbpolicyd pada zimbra 8.6 di Ubuntu 14.04 tapi hasilnya ketika dibuka Error connecting to Policyd v2 DB: could not find driver. itu kenapa yah mas?

    terima kasih

    1. Hello Nagendra,

      You can perform the following command

      su - zimbra
      zmprov ms `zmhostname` -zimbraServiceInstalled cbpolicyd -zimbraServiceEnabled cbpolicyd
      zmcontrol restart
      
  14. Hello Iman,

    I tried to install and enable cbpolicyd but my server stopped sending out mails
    I found following error in zimbra.log
    Apr 8 12:33:29 mail postfix/smtpd[26089]: NOQUEUE: reject: RCPT from mail.mydomain.com[192.168.100.1]: 451 4.3.5 Server configuration problem; from= to= proto=ESMTP helo=

    cbpolicyd.log was throwing.
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Process Backgrounded
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Policyd v2 / Cluebringer – v2.1.x-201205100639
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Initializing system modules.
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: System modules initialized.
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Module load started…
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => AccessControl: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Accounting: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Amavis: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => CheckHelo: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => CheckSPF: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Greylisting: disabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Quotas: enabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Protocol(Postfix): enabled
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: => Protocol(Bizanga): enabled
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Module load done.
    [2017/04/08-12:28:55 – 18826] [CBPOLICYD] NOTICE: Session tracking is ENABLED.
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: 2017/04/08-12:28:55 cbp (type Net::Server::PreFork) starting! pid(18826)
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Resolved [localhost]:10031 to [127.0.0.1]:10031, IPv4
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Resolved [localhost]:10031 to [::1]:10031, IPv6
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Binding to TCP port 10031 on host 127.0.0.1 with IPv4
    [2017/04/08-12:28:55 – 18826] [CORE] NOTICE: Binding to TCP port 10031 on host ::1 with IPv6
    [2017/04/08-12:28:55 – 18826] [CORE] ERROR: 2017/04/08-12:28:55 Can’t connect to TCP port 10031 on ::1 [Cannot assign requested address]
    at line 68 in file /opt/zimbra/zimbramon/lib/Net/Server/Proto/TCP.pm

    I did some RnD and found disabling IPv6 can cause that. I had disabled IPv6 on server so I commented out in /etc/hosts like below file and restarted services.

    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    #::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

    After that it worked like a charm.
    Hope this will help someone with same issue.

  15. My policy it works correctly, but there is a problem, i have 2000 accounts in my domain, but two of them send 1600 mails daily. How i can apply the police for all users except my two masive accounts?

    1. Hi LeoDelgado,

      You can configure Policy as follows

      Source : !monitoring@imanudin.net,!admin@imanudin.net
      Destination : !@imanudin.net

      The above configuration will pass rate limit if sender from monitoring and admin

  16. hi !!
    i trying to configure policyd but facing trouble
    i have configured “zcs-8.7.9_GA_1794.RHEL7_64.20170505054622 ” server on cent 7.

    i tried to follow ur steps ,step 1 and 2 worked
    but from step 3 i am unable to perform…
    error is
    -bash: cd: /opt/zimbra/httpd/htdocs/: No such file or directory

  17. Hi Iman Brother,

    I did everything just like this tutorial. But I’m having problem. I can see Policyd Web Administration but I can’t see any rule there and I can’t also add any rule into it. It just happen nothing. and shows nothing. Policies Quotas everything are showing empty.

    I have an idea.. I think my database is not readable or something like this. But I don’t know how to fix this on sqlite.

    Can you please tell me how can I fix it?

    1. Hi Serazum Munir,
      Please re-populate database

      cd /opt/zimbra/cbpolicyd/share/database/
      for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql
      do
      ./convert-tsql sqlite $i
      done > /tmp/db1.sql
      
  18. Hi,
    I’m having some issues enabling the WEBUI.
    See, my zimbra is set up as a multiserver configuration, so, I have a ldap server, a mbox server and a mta server.
    I enabled cbpolicy d on the MTA, since it seemed the most sensible, but now I have /opt/zimbra/cbpolicyd/share/webui on
    the MTA and /opt/zimbra/data/httpd/htdocs/ on the Mbox.
    What should I do?

  19. Hi,
    Can cbpolicyd running in multi server environment? If yes in which server i need to install cbpolicyd plugin either in MTA or Mailbox…

  20. CBPolicyD WebUI Restriction For 8.7.11

    step1. cd /opt/zimbra/common/share/webui/
    vi .htaccess

    AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
    AuthGroupFile /dev/null
    AuthName “User and Password”
    AuthType Basic

    require valid-user

    ————————————————————————————————–

    step2. touch .htpasswd
    /opt/zimbra/common/bin/htpasswd -cb .htpasswd USERNAME PASSWORD
    —————————————————————————————————————————-
    step3. vi /opt/zimbra/conf/httpd.conf

    Alias /webui /opt/zimbra/common/share/webui/

    # Comment out the following 3 lines to make web ui accessible from anywhere
    AllowOverride AuthConfig
    Order Deny,Allow
    Allow from all

    ———————————————————————————————————————————————-

    step4. Run the following command as root

    1. cd /opt/zimbra/data/httpd/htdocs/
    2. ln -s /opt/zimbra/common/share/webui/

    step5. su – zimbra -c “zmapachectl restart”

    Tested working fine……

  21. mas iman,
    saya sukses install policyD web ui
    tetapi sewaktu create add polices group, tidak bisa tercreate group yang sudah yg saya buat, masih kosong policyd default.
    saya lakukan berulang2 tetapi tidak bisa juga di create group nya

  22. su – zimbra
    zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

    apakah ‘zmhostname’ ini hostname or domain
    example : mail.testing.com or testing.com or tetap zmhostname

    tks mas iman

    1. Hi mas,

      `zmhostname` ditulis apa adanya. Tanda (`) bukan kutip satu. Melainkan tanda backtick (`). Tanda tersebut adanya dibawah tombol esc

  23. Hi Iman if i suppose to move my policy as it is from zimbra 8.6 to 8.8 new server so how can i do this can you please guide us.

    1. Hi,
      Yes you can. You can copy/rsync policyd database from old server into new server. You can find PolicyD database from this location

      /opt/zimbra/data/cbpolicyd/db
      
  24. Hi,
    Thanks for all the help. But I am receiving a wired error when I am trying to start Apache.

    Starting apache...httpd: Syntax error on line 148 of /opt/zimbra/conf/httpd.conf: Cannot load modules/libphp5.so into server: libaspell.so.15: cannot open shared object file: No such file or directory failed.

    Well the problem speaks for itself but I could not locate any solution for that on my Ubuntu host machine. It would be very kind of you if you know the solution. As geegle’s search is bringing strange results.

  25. I followed the tutorial and was successful in enabling PolicyD and also done Protect Policyd WebUI ,but unfortunately none of the Policy is not getting saved ,nothing is getting written to sqlite db.
    Can you suggest what to do next .Using zimbra 8.8.5 and location of sqlite.db is /opt/zimbra/data/cbpolicyd/db# ls -ltr
    total 0
    -rw-r—– 1 zimbra zimbra 0 Mar 6 05:17 cbpolicyd.sqlitedb

      1. I tried to do as mentioned in the link ,still not able to see any tables inside sqlite .

        sqlite3 cbpolicyd.sqlitedb
        SQLite version 3.11.0 2016-02-15 17:29:24
        Enter “.help” for usage hints.
        sqlite>
        sqlite> .tables
        sqlite> .quit

          1. Yes I recreated with help of https://wiki.zimbra.com/wiki/Database_errors_in_ZCS_8.6 document and now able to see the tables in it .
            sqlite> .tables
            accounting_tracking greylisting_whitelist
            checkhelo_blacklist policy_group_members
            checkhelo_tracking policy_groups
            checkhelo_whitelist policy_members
            greylisting_autoblacklist quotas_limits
            greylisting_autowhitelist quotas_tracking
            greylisting_tracking session_tracking

            Thanks for all your help 🙂

  26. Hi Iman,
    I’m having some issues installing the Cbpolicyd.
    My zimbra is set up as a multiserver, so I have a ldap server, a proxy server, a mailbox server and a mta server.
    Follow your guide, I don’t know how to install, because I have /opt/zimbra/cbpolicyd/share/webui on
    the MTA server and /opt/zimbra/data/httpd/htdocs/ on the Mailbox server.
    What should I do?

    1. Hi Kaidou,

      You should install Policyd on MTA servers. If you need to expose Policyd WebUI, you can use Apache from system instead of Zimbra

  27. Mas,
    kalau untuk zimbra multi server install cbpolcyd nya di mana ya mas (ldap, smtp, mailbox) ?
    saya udah coba install di mailbox tp pas di restart servicenya cbpolcyd nya ga mau running tetep stopped
    kalau misalnya install di smtp cbpolcyd nya bisa running cuma web polcyd nya ga bisa akses sqlite nya

    mohon masukannya mas
    thanks

  28. Salaam Iman
    I did everything as instructed. Now when I run: su – zimbra -c “zmapachectl restart”
    I see this error:

    Starting apache…httpd: Syntax error on line 148 of /opt/zimbra/conf/httpd.conf: Cannot load modules/libphp5.so into server: libaspell.so.15: cannot open shared object file: No such file or directory
    failed.

    Do you know any solution for this? I think without this step I cannot use PolicyD. My Zimbra is 8.6.0 in case you need to know. Would appreciate a suggestion from you.

  29. Hi Iman.

    I did everything as instructed and everything has work king good. But today when i go to web gui had an error:

    Error connecting to the database: SQLSTATE[HY000] [14] unable to open database file

    And please teach me how to fix that. Thanks!

    1. Hi Tung Nguyen,
      Please try to give permission access to your database. I am usually perform this action 🙂

      cd /opt/zimbra/data/cbpolicyd
      chmod -R 777 db
      
  30. Not Found

    The requested URL /webui/index.php was not found on this server.

    am getting this error on zimbra 8.8.9

  31. Hello,
    I configured it as in the tutorial. External receivers (gmail.com, hotmai.com) also have quotas.
    I would like to disable quotas for external incoming emails. How do I do?

  32. Hi Imam,
    How if there is no httpd directory on this step
    “cd /opt/zimbra/httpd/htdocs/
    ln -s ../../cbpolicyd/share/webui” ?

    Thanks

  33. Hi Imam,

    I use Zimbra 8.6 and i try to setup cbpolicyd on it but i cannot access the WEB GUI. it got error
    This site can’t be reached
    x.x.x.x refused to connect.
    Search Google for 178 7780 webui index
    ERR_CONNECTION_REFUSED

    i try to telnet using port 7780 and it didnt work.
    Can you help me?

  34. Hi Iman,

    This happen when i send an email

    Le mail n’a pas été envoyé ; une ou plusieurs adresses n’ont pas été acceptées.
    Adresses rejetées : alphar

  35. Hello,

    My policy is not working emails that should be deffered are rather getting rejected. I have configured the policy as 60 outgoing emails per minute and the emails which exceeds after 60 are not getting deffered. Do you have any solultion to this issue.

    Thanks.

    1. Hello Abin,
      If an email that sent from the normal user, the email will be rejected. But if an email that sent from spam user (robot), the email will be deferred. This is caused too many emails received by the server. I also experienced it

  36. Hello,
    Great article.. It works..
    But let me know does it work with SSL? I have geeting error when I put “https”

    Best regards..

    1. Hello,
      You can use virtualhost and try to add this line on httpd.conf


      ServerName mail.imanudin.net
      SSLEngine on
      SSLCertificateFile /opt/zimbra/ssl/zimbra/commercial/commercial.crt
      SSLCertificateKeyFile /opt/zimbra/ssl/zimbra/commercial/commercial.key
      SSLCertificateChainFile /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
      Alias /webui /opt/zimbra/cbpolicyd/share/webui/

      # Comment out the following 3 lines to make web ui accessible from anywhere
      AllowOverride AuthConfig
      Order Deny,Allow
      Allow from all

  37. My both emails from both user account and robot(application) are not getting deffered the emails are directly rejected. You mentioned that the emails from robot should be deffered but that emails are also not getting deffered after the limit limitation value exceeds.
    Do you have soultion for which the emails should be deffered.???
    Will look forward to it as soon as possible

    1. Hello,
      You can install 2 servers. First server without limitation and the second server with Policyd. All email from the first server relayed to the second server.

  38. i got error iman /opt/zimbra/bin/zmcbpolicydctl status norewrite returned 1 (24 – 13) (0.01 sec). why and where i need to change. looks like ownership user root or user zimbra problem

  39. My zimbra is distributed, I have the mail, mta and ldapetween, where should I do an installation?

    This destination htdocs only exists in the mailbox.
    cd /opt/zimbra/httpd/htdocs/ ; ln -s ../../cbpolicyd/share/webui .

    Would you run this command in mta?
    zmprov ms `zmhostname` + zimbraServiceInstalled cbpolicyd + zimbraServiceEnabled cbpolicyd

    Or would you run this command no mailbox stating mta?
    zmprov ms mta.zimbra.com + zimbraServiceInstalled cbpolicyd + zimbraServiceEnabled cbpolicyd

  40. hi

    Thanks for you guidiance can you please tell me if i want to change it 200 emails/hours/users from 1000 emails/hours/users how can i change this thing . please let me know . i am using zimbra open source.

  41. hi
    i am facing this problem since last 2 weeek . can you please let me know how to resolve this issue.
    i have change ip and update all dns record as well like spf dkmi and dmarc . please let me know how to resolve this type. i have flled google support form too manay times. looknig your response. its just issue with gmail .

    Error:

    This is the mail system at host mail.hbfc.com.pk.

    I’m sorry to have to inform you that your message could not
    be delivered to one or more recipients. It’s attached below.

    For further assistance, please send mail to postmaster.

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The mail system

    : host alt1.gmail-smtp-in.l.google.com[108.177.14.27]
    said: 550-5.7.1 [202.63.219.250 12] Our system has detected that this
    message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam
    sent to Gmail, 550-5.7.1 this message has been blocked. Please visit
    550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550
    5.7.1 for more information. z85si37729198ljb.177 – gsmtp (in reply to end
    of DATA command)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.