Bash Scripts for cbpolicyd: Difference between revisions

No edit summary
No edit summary
Line 3: Line 3:
<div class="col-md-12 ibox-content">
<div class="col-md-12 ibox-content">
=Bash Scripts for CBPolicyD=
=Bash Scripts for CBPolicyD=
{{KB|{{Unsupported}}|{{ZCS 8.0}}||}}
{{KB|{{Unsupported}}|{{ZCS 10.0}}{{ZCS 9.0}}{{ZCS 8.8}}||}}
{{WIP}}==Introduction==
{{WIP}}==Introduction==


You can do many things using policies, but not all.
Automated cbpolicd installer for single-server. Tested on Zimbra 8.8.15 p7 CentOS7, Zimbra 9.0.0 p29 CentOS 7, Zimbra 9.0.0 patch 29 on Ubuntu 20, Zimbra 10 on Ubuntu 20.


Here you can find some bash examples, a bare starting point to implement new functionalities.
* Installs policyd on MariaDB or MySQL (shipped with Zimbra) and show commands on how to activate on Zimbra
* No webui is installed


==How to query sqlite==
You can download the script from here and run it as root:


Basically, you can
https://raw.githubusercontent.com/Zimbra-Community/zimbra-tools/master/cbpolicyd.sh


echo "query string;"  | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
You can use mysqldump to make backups of your policyd database. It is recommended you keep a copy of the cbpolicyd.sh up-to-date with your custom policies and rules so that you can easily re-install policyd on Zimbra upgrades or in disaster recovery situations. You can also install policyd on a separate MariaDB server that way you can have multiple Zimbra MTA nodes talk to the same policyd database.




where "query string" is an sql statement you have tested on sql interactive cli
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
==Trapping abused sasl users==
I was interested in trap sasl senders, when sasl credentials are abused and you have many connections per second each coming from a different ip.
The table to use is session_tracking.
To search for sasl username and orininating ip, you can isse:
echo "select distinct  SASLUsername, ClientAddress from session_tracking;" | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb | more
If you want restrict it to last 10 minutes:
echo "select distinct  SASLUsername, ClientAddress from session_tracking where ( (strftime('%s','now') - UnixTimestamp) < 600) | sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb | more
You have to filter out all connections coming from mtas that can send to your server w/out authentication:
select distinct  SASLUsername, ClientAddress from session_tracking where ( (strftime('%s','now') - UnixTimestamp) < 3600) and (ClientAddress != '1.2.3.4') and (ClientAddress != '4.3.2.1') ;
==The script==
This is the complete bash script example:
#! /bin/bash
rm -f /tmp/temp
echo "select distinct  SASLUsername, ClientAddress
from session_tracking
where ( (strftime('%s','now') - UnixTimestamp) < 600)
and (ClientAddress != 'a.b.c.d') and (ClientAddress != '1.2.3.4') ;" | sqlite3 /opt/zimbra/data/cbpolicyd /db/cbpolicyd.sqlitedb | cut -f 1 -d '|' \
            | sort | uniq -c | awk '{ if( $1 > 5 ) print $2 " has sent from: " $1 " uniq ip " }'  > /tmp/temp
[ -s /tmp/temp ] && cat /tmp/temp  |  mail -s "alarm: botnet attack botnet in act" alarm@yourdomain
[ -s /tmp/temp ] && user=`cat /tmp/temp |  awk '{ print $1 }'` && su - zimbra -c "zmprov sp $user changeme"
{{Article Footer|Zimbra Collaboration Suite 8.4|11/15/2013}}


[[Category:Policyd]]
[[Category:Policyd]]
[[Category:Anti-spam]]
[[Category:Anti-spam]]
[[Category:ZCS 10.0]]
[[Category:ZCS 9.0]]
[[Category:ZCS 8.8]]

Revision as of 10:11, 18 January 2023

  1. Zimbra Tech Center
  2. Community Sandbox
  3. Bash Scripts for cbpolicyd

Bash Scripts for CBPolicyD

   KB 20646        Last updated on 2023-01-18  




0.00
(0 votes)

Introduction

Automated cbpolicd installer for single-server. Tested on Zimbra 8.8.15 p7 CentOS7, Zimbra 9.0.0 p29 CentOS 7, Zimbra 9.0.0 patch 29 on Ubuntu 20, Zimbra 10 on Ubuntu 20.

  • Installs policyd on MariaDB or MySQL (shipped with Zimbra) and show commands on how to activate on Zimbra
  • No webui is installed

You can download the script from here and run it as root:

https://raw.githubusercontent.com/Zimbra-Community/zimbra-tools/master/cbpolicyd.sh

You can use mysqldump to make backups of your policyd database. It is recommended you keep a copy of the cbpolicyd.sh up-to-date with your custom policies and rules so that you can easily re-install policyd on Zimbra upgrades or in disaster recovery situations. You can also install policyd on a separate MariaDB server that way you can have multiple Zimbra MTA nodes talk to the same policyd database.

Retrieved from "http://wiki.zimbra.com/index.php?title=Bash_Scripts_for_cbpolicyd&oldid=69437"
Jump to: navigation, search