CBPolicyd with Zimbra MySQL: Difference between revisions
(Created page with "{{WIP}} ==Setting up CBPolicyd with Zimbra MySQL== Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL * Clone the repo: $ git clone https://githu...") |
|||
(15 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Setting up CBPolicyd with Zimbra MySQL= | |||
{{KB|{{ZC}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}} | |||
* Go to <code> | Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL. | ||
$ sh cbpolicyd. | |||
'''Note''': These steps do not support multi-MTA setups and if more than one MTA exist in an environment, these steps must be done on each MTA. | |||
* Clone the repo (as root) : | |||
$ git clone https://github.com/Zimbra/zm-core-utils.git | |||
* Go to <code>zm-core-utils/src/bin/</code> directory and execute the '''cbpolicyd.sh''' script: | |||
$ bash cbpolicyd.sh | |||
* Obtain password for <code>ad-policyd_db</code> user using below command: | |||
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in | |||
* Login to MySQL database to change or review your polices using mysql client as <code>ad-policyd_db</code> user. | |||
$ su - zimbra | |||
$ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p | |||
SELECT * FROM quotas_limits; | SELECT * FROM quotas_limits; | ||
Line 34: | Line 45: | ||
** 2 emails in a 60 second period. Messages beyond this rate are rejected. | ** 2 emails in a 60 second period. Messages beyond this rate are rejected. | ||
* As <code> | * As <code>ad-policyd_db</code> user, login to the MySQL database and execute the following commands for updating '''quotas_limits''' table to set the above mentioned policies: | ||
$ /opt/zimbra/bin/mysql policyd_db | $ /opt/zimbra/bin/mysql policyd_db | ||
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4; | UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4; | ||
Line 46: | Line 57: | ||
* Restart services: | * Restart services: | ||
$ zmmtactl restart | $ zmmtactl restart | ||
$ zmcbpolicydctl start | $ zmcbpolicydctl start | ||
'''Note:''' | |||
<br>The installed policy is a basic template to get started.<br> | |||
In many cases you will want to set the `Period` column in `quotas` table to 600 or 3600 and set `CounterLimit` to around 100 for all records of type `MessageCount` in `quotas_limits` table.<br> | |||
It is recommended to monitor the users e-mailing behavior prior to installing cbpolicyd. Be prepared to alter the limits after installing in case your users send more email than expected. | |||
==Testing the CBPolicyd configuration== | ==Testing the CBPolicyd configuration== | ||
Line 54: | Line 70: | ||
* You will see an error message in UI: | * You will see an error message in UI: | ||
''You are sending too many emails, contact helpdesk.'' | ''You are sending too many emails, contact helpdesk.'' | ||
* Similar message will also get logged in <code>/var/log/zimbra.log</code> | * Similar message will also get logged in <code>/var/log/zimbra.log</code> and <code>/opt/zimbra/log/cbpolicyd.log</code> | ||
== | ===Tested versions=== | ||
* | * Centos 7: 9.0.0_P14 | ||
* Centos 8: 8.8.15_P21 | |||
* Ubuntu 16: 9.0.0_P14 | |||
* Ubuntu 18: 8.8.15_P21 | |||
* | |||
Latest revision as of 20:59, 11 June 2021
Setting up CBPolicyd with Zimbra MySQL
Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL.
Note: These steps do not support multi-MTA setups and if more than one MTA exist in an environment, these steps must be done on each MTA.
- Clone the repo (as root) :
$ git clone https://github.com/Zimbra/zm-core-utils.git
- Go to
zm-core-utils/src/bin/
directory and execute the cbpolicyd.sh script:
$ bash cbpolicyd.sh
- Obtain password for
ad-policyd_db
user using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
- Login to MySQL database to change or review your polices using mysql client as
ad-policyd_db
user.
$ su - zimbra $ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p
SELECT * FROM quotas_limits;
- Following will be the output:
+----+----------+-----------------------+--------------+---------+----------+ | ID | QuotasID | Type | CounterLimit | Comment | Disabled | +----+----------+-----------------------+--------------+---------+----------+ | 1 | 1 | MessageCount | 10 | NULL | 0 | | 2 | 1 | MessageCumulativeSize | 8000 | NULL | 0 | | 3 | 2 | MessageCount | 12 | NULL | 0 | | 4 | 3 | MessageCount | 100 | NULL | 0 | | 5 | 4 | MessageCount | 125 | NULL | 0 | +----+----------+-----------------------+--------------+---------+----------+
- CBPolicyd has been installed successfully. Following are the details of the policy:
- Rate limit any sender from sending more than 100 emails every 60 seconds. Messages beyond this limit are deferred.
- Rate limit any @domain from receiving more than 125 emails in a 60 second period. Messages beyond this rate are rejected.
- For testing purpose, we can set the following policy:
- 2 emails every 60 seconds. Messages beyond this limit are deferred.
- 2 emails in a 60 second period. Messages beyond this rate are rejected.
- As
ad-policyd_db
user, login to the MySQL database and execute the following commands for updating quotas_limits table to set the above mentioned policies:
$ /opt/zimbra/bin/mysql policyd_db UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4; UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 5;
- To make the configuration effective, execute these commands as
zimbra
user:
$ su - zimbra $ zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd $ zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
- Restart services:
$ zmmtactl restart $ zmcbpolicydctl start
Note:
The installed policy is a basic template to get started.
In many cases you will want to set the `Period` column in `quotas` table to 600 or 3600 and set `CounterLimit` to around 100 for all records of type `MessageCount` in `quotas_limits` table.
It is recommended to monitor the users e-mailing behavior prior to installing cbpolicyd. Be prepared to alter the limits after installing in case your users send more email than expected.
Testing the CBPolicyd configuration
- Login to Zimbra Modern Web App.
- Send 2 emails within 60 seconds.
- You will see an error message in UI:
You are sending too many emails, contact helpdesk.
- Similar message will also get logged in
/var/log/zimbra.log
and/opt/zimbra/log/cbpolicyd.log
Tested versions
- Centos 7: 9.0.0_P14
- Centos 8: 8.8.15_P21
- Ubuntu 16: 9.0.0_P14
- Ubuntu 18: 8.8.15_P21