CBPolicyd with Zimbra MySQL: Difference between revisions

(Created page with "{{WIP}} ==Setting up CBPolicyd with Zimbra MySQL== Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL * Clone the repo: $ git clone https://githu...")
 
Line 6: Line 6:


* Clone the repo:
* Clone the repo:
  $ git clone https://github.com/Zimbra-Community/zimbra-tools.git
  $ git clone https://github.com/Zimbra/zm-core-utils.git


* Go to <code>zimbra-tools</code> directory and execute the '''cbpolicyd.sh''' script:
* Go to <code>zm-core-utils/src/bin/</code> directory and execute the '''cbpolicyd.sh''' script:
  $ sh cbpolicyd.sh
  $ sh cbpolicyd.sh


* If you want to change or review your polices using mysql client, as <code>root</code> user login to mysql database and execute the command.
* If you want to change or review your polices using mysql client, as <code>ad-policyd_db</code> user login to mysql database and execute the command.  
  $ /opt/zimbra/bin/mysql policyd_db
  $ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p
Password can be obtained using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
 
  SELECT * FROM quotas_limits;
  SELECT * FROM quotas_limits;


Line 34: Line 38:
** 2 emails in a 60 second period. Messages beyond this rate are rejected.
** 2 emails in a 60 second period. Messages beyond this rate are rejected.


* As <code>root</code> user, login to the MySQL database and execute the following commands for updating '''quotas_limits''' table to set the above mentioned policies:
* As <code>ad-policyd_db</code> user, login to the MySQL database and execute the following commands for updating '''quotas_limits''' table to set the above mentioned policies:
  $ /opt/zimbra/bin/mysql policyd_db
  $ /opt/zimbra/bin/mysql policyd_db
  UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4;
  UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4;
Line 46: Line 50:
* Restart services:
* Restart services:
  $ zmmtactl restart
  $ zmmtactl restart
  $ zmcbpolicydctl start  
  $ zmcbpolicydctl start


==Testing the CBPolicyd configuration==
==Testing the CBPolicyd configuration==

Revision as of 12:03, 29 April 2021


Setting up CBPolicyd with Zimbra MySQL

Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL

  • Clone the repo:
$ git clone https://github.com/Zimbra/zm-core-utils.git
  • Go to zm-core-utils/src/bin/ directory and execute the cbpolicyd.sh script:
$ sh cbpolicyd.sh
  • If you want to change or review your polices using mysql client, as ad-policyd_db user login to mysql database and execute the command.
$ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p

Password can be obtained using below command: 

$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in

SELECT * FROM quotas_limits;
  • Following will be the output:
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type                  | CounterLimit | Comment | Disabled | 
+----+----------+-----------------------+--------------+---------+----------+
|  1 |        1 | MessageCount          |           10 | NULL    |        0 |
|  2 |        1 | MessageCumulativeSize |         8000 | NULL    |        0 |
|  3 |        2 | MessageCount          |           12 | NULL    |        0 |
|  4 |        3 | MessageCount          |          100 | NULL    |        0 |
|  5 |        4 | MessageCount          |          125 | NULL    |        0 |
+----+----------+-----------------------+--------------+---------+----------+
  • CBPolicyd has been installed successfully. Following are the details of the policy:
    • Rate limit any sender from sending more than 100 emails every 60 seconds. Messages beyond this limit are deferred.
    • Rate limit any @domain from receiving more than 125 emails in a 60 second period. Messages beyond this rate are rejected.
  • For testing purpose, we can set the following policy:
    • 2 emails every 60 seconds. Messages beyond this limit are deferred.
    • 2 emails in a 60 second period. Messages beyond this rate are rejected.
  • As ad-policyd_db user, login to the MySQL database and execute the following commands for updating quotas_limits table to set the above mentioned policies:
$ /opt/zimbra/bin/mysql policyd_db
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4;
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 5;
  • To make the configuration effective, execute these commands as zimbra user:
$ su - zimbra
$ zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
$ zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
  • Restart services:
$ zmmtactl restart
$ zmcbpolicydctl start

Testing the CBPolicyd configuration

  • Login to Zimbra Modern Web App.
  • Send 2 emails within 60 seconds.
  • You will see an error message in UI:
You are sending too many emails, contact helpdesk.
  • Similar message will also get logged in /var/log/zimbra.log

Creating a new user in MySQL database

  • New user can be created and granted permission to access MySQL. As zimbra user, execute the following steps:
$ su - zimbra
$ mysql 
CREATE USER 'testuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'testuser'@'%';
  • Login to MySQL database using the newly created user:
$ su - zimbra
$ mysql -u testuser -p
Enter password:password
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6086
Retrieved from "http://wiki.zimbra.com/index.php?title=CBPolicyd_with_Zimbra_MySQL&oldid=68111"
Jump to: navigation, search