CBPolicyd with Zimbra MySQL: Difference between revisions

 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{WIP}}
__FORCETOC__
<div class="col-md-12 ibox-content">


==Setting up CBPolicyd with Zimbra MySQL==
=Setting up CBPolicyd with Zimbra MySQL=
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}}


Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL


* Clone the repo:
 
Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL.
 
'''Note''': These steps do not support multi-MTA setups and if more than one MTA exist in an environment, these steps must be done on each MTA. 
 
* Clone the repo (as root) :
  $ git clone https://github.com/Zimbra/zm-core-utils.git
  $ git clone https://github.com/Zimbra/zm-core-utils.git


Line 11: Line 17:
  $ bash cbpolicyd.sh
  $ bash cbpolicyd.sh


* If you want to change or review your polices using mysql client, as <code>ad-policyd_db</code> user login to mysql database and execute the command.  
* Obtain password for <code>ad-policyd_db</code> user using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
 
* Login to MySQL database to change or review your polices using mysql client as <code>ad-policyd_db</code> user.
$ su - zimbra
  $ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p  
  $ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p  
ad-policyd_db user password can be obtained using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in


  SELECT * FROM quotas_limits;
  SELECT * FROM quotas_limits;
Line 50: Line 58:
  $ zmmtactl restart
  $ zmmtactl restart
  $ zmcbpolicydctl start
  $ zmcbpolicydctl start
'''Note:'''
<br>The installed policy is a basic template to get started.<br>
In many cases you will want to set the `Period` column in `quotas` table to 600 or 3600 and set `CounterLimit` to around 100 for all records of type `MessageCount` in `quotas_limits` table.<br>
It is recommended to monitor the users e-mailing behavior prior to installing cbpolicyd. Be prepared to alter the limits after installing in case your users send more email  than expected.


==Testing the CBPolicyd configuration==
==Testing the CBPolicyd configuration==
Line 57: Line 70:
* You will see an error message in UI:
* You will see an error message in UI:
  ''You are sending too many emails, contact helpdesk.''
  ''You are sending too many emails, contact helpdesk.''
* Similar message will also get logged in <code>/var/log/zimbra.log and /opt/zimbra/log/cbpolicyd.log</code>
* Similar message will also get logged in <code>/var/log/zimbra.log</code> and <code>/opt/zimbra/log/cbpolicyd.log</code>
 
===Tested versions===
* Centos 7: 9.0.0_P14
* Centos 8: 8.8.15_P21
* Ubuntu 16: 9.0.0_P14
* Ubuntu 18: 8.8.15_P21

Latest revision as of 20:59, 11 June 2021

Setting up CBPolicyd with Zimbra MySQL

   KB 24291        Last updated on 2021-06-11  




0.00
(0 votes)


Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL.

Note: These steps do not support multi-MTA setups and if more than one MTA exist in an environment, these steps must be done on each MTA.

  • Clone the repo (as root) :
$ git clone https://github.com/Zimbra/zm-core-utils.git
  • Go to zm-core-utils/src/bin/ directory and execute the cbpolicyd.sh script:
$ bash cbpolicyd.sh
  • Obtain password for ad-policyd_db user using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
  • Login to MySQL database to change or review your polices using mysql client as ad-policyd_db user.
$ su - zimbra
$ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p 
SELECT * FROM quotas_limits;
  • Following will be the output:
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type                  | CounterLimit | Comment | Disabled | 
+----+----------+-----------------------+--------------+---------+----------+
|  1 |        1 | MessageCount          |           10 | NULL    |        0 |
|  2 |        1 | MessageCumulativeSize |         8000 | NULL    |        0 |
|  3 |        2 | MessageCount          |           12 | NULL    |        0 |
|  4 |        3 | MessageCount          |          100 | NULL    |        0 |
|  5 |        4 | MessageCount          |          125 | NULL    |        0 |
+----+----------+-----------------------+--------------+---------+----------+
  • CBPolicyd has been installed successfully. Following are the details of the policy:
    • Rate limit any sender from sending more than 100 emails every 60 seconds. Messages beyond this limit are deferred.
    • Rate limit any @domain from receiving more than 125 emails in a 60 second period. Messages beyond this rate are rejected.
  • For testing purpose, we can set the following policy:
    • 2 emails every 60 seconds. Messages beyond this limit are deferred.
    • 2 emails in a 60 second period. Messages beyond this rate are rejected.
  • As ad-policyd_db user, login to the MySQL database and execute the following commands for updating quotas_limits table to set the above mentioned policies:
$ /opt/zimbra/bin/mysql policyd_db
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4;
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 5;
  • To make the configuration effective, execute these commands as zimbra user:
$ su - zimbra
$ zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
$ zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE 
  • Restart services:
$ zmmtactl restart
$ zmcbpolicydctl start

Note:
The installed policy is a basic template to get started.
In many cases you will want to set the `Period` column in `quotas` table to 600 or 3600 and set `CounterLimit` to around 100 for all records of type `MessageCount` in `quotas_limits` table.
It is recommended to monitor the users e-mailing behavior prior to installing cbpolicyd. Be prepared to alter the limits after installing in case your users send more email than expected.

Testing the CBPolicyd configuration

  • Login to Zimbra Modern Web App.
  • Send 2 emails within 60 seconds.
  • You will see an error message in UI:
You are sending too many emails, contact helpdesk.
  • Similar message will also get logged in /var/log/zimbra.log and /opt/zimbra/log/cbpolicyd.log

Tested versions

  • Centos 7: 9.0.0_P14
  • Centos 8: 8.8.15_P21
  • Ubuntu 16: 9.0.0_P14
  • Ubuntu 18: 8.8.15_P21
Jump to: navigation, search