Difference between revisions of "Bash Scripts for cbpolicyd"

(How to query sqlite)
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
{{BC|Zeta Alliance}}                        <!-- Note, this will also add [[Category: Zeta Alliance]] to bottom of wiki page. -->
 +
__FORCETOC__                              <!-- Will force a TOC regards of size of article. __NOTOC__  if no TOC is wanted. -->
 +
<div class="col-md-12 ibox-content">
 +
=Bash Scripts for CBPolicyD=            <!-- Normally will reflect page title. Is listed at very top of page. -->
 +
{{KB|{{ZETA}}|{{ZCS 10.0}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}}            <!-- Can only handle 3 ZCS versions. -->
 +
{{WIP}}                                                <!-- For pages that are "work in progress". -->
 +
 
==Introduction==
 
==Introduction==
  
You can do many things using policies, but not all.
+
Automated cbpolicd installer for single-server. Tested on Zimbra 8.8.15 p7 CentOS7, Zimbra 9.0.0 p29 CentOS 7, Zimbra 9.0.0 patch 29 on Ubuntu 20, Zimbra 10 on Ubuntu 20.
 
 
Here you can find some bash examples, a bare starting point to implement new functionalities.
 
 
 
==How to query sqlite==
 
 
 
 
 
 
 
Basically, you can
 
 
 
echo "query string;"  | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
 
 
 
 
 
where "query string" is an sql statement you have tested on sql interactive cli
 
 
 
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
 
 
 
===Trapping abused sasl users===
 
 
 
I was interested in trap sasl senders, when sasl credentials are abused and you have many connections per second each coming from a different ip.
 
 
 
The table to use is session_tracking.
 
 
 
To search for sasl username and orininating ip, you can isse:
 
 
 
 
 
echo "select distinct  SASLUsername, ClientAddress from session_tracking;" | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb | more
 
 
 
 
 
If you want restrict it to last 10 minutes:
 
 
 
 
 
echo "select distinct  SASLUsername, ClientAddress from session_tracking where ( (strftime('%s','now') - UnixTimestamp) < 600) | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb | more
 
 
 
 
 
 
 
You have to filter out all connections coming from mtas that can send to your server w/out authentication:
 
 
 
 
 
select distinct  SASLUsername, ClientAddress from session_tracking where ( (strftime('%s','now') - UnixTimestamp) < 3600) and (ClientAddress != '1.2.3.4') and (ClientAddress != '4.3.2.1') ;
 
 
 
 
 
  
===The script===
+
* Installs policyd on MariaDB or MySQL (shipped with Zimbra) and show commands on how to activate on Zimbra
 +
* No webui is installed
  
This is the complete bash script example:
+
You can download the script from here and run it as root:
  
#! /bin/bash
+
https://raw.githubusercontent.com/Zimbra-Community/zimbra-tools/master/cbpolicyd.sh
 
rm -f /tmp/temp
 
 
echo "select distinct  SASLUsername, ClientAddress
 
from session_tracking
 
where ( (strftime('%s','now') - UnixTimestamp) < 600)
 
and (ClientAddress != 'a.b.c.d') and (ClientAddress != '1.2.3.4') ;" | sqlite3 /opt/zimbra/data/cbpolicyd /db/cbpolicyd.sqlitedb | cut -f 1 -d '|' \
 
            | sort | uniq -c | awk '{ if( $1 > 5 ) print $2 " has sent from: " $1 " uniq ip " }'  > /tmp/temp
 
 
 
[ -s /tmp/temp ] && cat /tmp/temp  |  mail -s "alarm: botnet attack botnet in act" alarm@yourdomain
 
 
[ -s /tmp/temp ] && user=`cat /tmp/temp |  awk '{ print $1 }'` && su - zimbra -c "zmprov sp $user changeme"
 
  
 +
You can use mysqldump to make backups of your policyd database. It is recommended you keep a copy of the cbpolicyd.sh up-to-date with your custom policies and rules so that you can easily re-install policyd on Zimbra upgrades or in disaster recovery situations. You can also install policyd on a separate MariaDB server that way you can have multiple Zimbra MTA nodes talk to the same policyd database.
  
  
{{Article Footer|Zimbra Collaboration Suite 8.4|11/15/2013}}
 
  
 
[[Category:Policyd]]
 
[[Category:Policyd]]
 
[[Category:Anti-spam]]
 
[[Category:Anti-spam]]
 +
[[Category:ZCS 10.0]]
 +
[[Category:ZCS 9.0]]
 +
[[Category:ZCS 8.8]]
 +
[[Category: Zeta Alliance]]

Latest revision as of 10:14, 18 January 2023

Bash Scripts for CBPolicyD

   KB 20646        Last updated on 2023-01-18  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Introduction

Automated cbpolicd installer for single-server. Tested on Zimbra 8.8.15 p7 CentOS7, Zimbra 9.0.0 p29 CentOS 7, Zimbra 9.0.0 patch 29 on Ubuntu 20, Zimbra 10 on Ubuntu 20.

  • Installs policyd on MariaDB or MySQL (shipped with Zimbra) and show commands on how to activate on Zimbra
  • No webui is installed

You can download the script from here and run it as root:

https://raw.githubusercontent.com/Zimbra-Community/zimbra-tools/master/cbpolicyd.sh

You can use mysqldump to make backups of your policyd database. It is recommended you keep a copy of the cbpolicyd.sh up-to-date with your custom policies and rules so that you can easily re-install policyd on Zimbra upgrades or in disaster recovery situations. You can also install policyd on a separate MariaDB server that way you can have multiple Zimbra MTA nodes talk to the same policyd database.
Jump to: navigation, search