CBPolicyd with Zimbra MySQL: Difference between revisions
Line 58: | Line 58: | ||
* You will see an error message in UI: | * You will see an error message in UI: | ||
''You are sending too many emails, contact helpdesk.'' | ''You are sending too many emails, contact helpdesk.'' | ||
* Similar message will also get logged in <code>/var/log/zimbra.log</code> | * Similar message will also get logged in <code>/var/log/zimbra.log and /opt/zimbra/log/cbpolicyd.log</code> | ||
== Creating a new user in MySQL database== | == Creating a new user in MySQL database== |
Revision as of 12:04, 29 April 2021
- This article is a Work in Progress, and may be unfinished or missing sections.
Setting up CBPolicyd with Zimbra MySQL
Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL
- Clone the repo:
$ git clone https://github.com/Zimbra/zm-core-utils.git
- Go to
zm-core-utils/src/bin/
directory and execute the cbpolicyd.sh script:
$ sh cbpolicyd.sh
- If you want to change or review your polices using mysql client, as
ad-policyd_db
user login to mysql database and execute the command.
$ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p
Password can be obtained using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
SELECT * FROM quotas_limits;
- Following will be the output:
+----+----------+-----------------------+--------------+---------+----------+ | ID | QuotasID | Type | CounterLimit | Comment | Disabled | +----+----------+-----------------------+--------------+---------+----------+ | 1 | 1 | MessageCount | 10 | NULL | 0 | | 2 | 1 | MessageCumulativeSize | 8000 | NULL | 0 | | 3 | 2 | MessageCount | 12 | NULL | 0 | | 4 | 3 | MessageCount | 100 | NULL | 0 | | 5 | 4 | MessageCount | 125 | NULL | 0 | +----+----------+-----------------------+--------------+---------+----------+
- CBPolicyd has been installed successfully. Following are the details of the policy:
- Rate limit any sender from sending more than 100 emails every 60 seconds. Messages beyond this limit are deferred.
- Rate limit any @domain from receiving more than 125 emails in a 60 second period. Messages beyond this rate are rejected.
- For testing purpose, we can set the following policy:
- 2 emails every 60 seconds. Messages beyond this limit are deferred.
- 2 emails in a 60 second period. Messages beyond this rate are rejected.
- As
ad-policyd_db
user, login to the MySQL database and execute the following commands for updating quotas_limits table to set the above mentioned policies:
$ /opt/zimbra/bin/mysql policyd_db UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4; UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 5;
- To make the configuration effective, execute these commands as
zimbra
user:
$ su - zimbra $ zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd $ zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
- Restart services:
$ zmmtactl restart $ zmcbpolicydctl start
Testing the CBPolicyd configuration
- Login to Zimbra Modern Web App.
- Send 2 emails within 60 seconds.
- You will see an error message in UI:
You are sending too many emails, contact helpdesk.
- Similar message will also get logged in
/var/log/zimbra.log and /opt/zimbra/log/cbpolicyd.log
Creating a new user in MySQL database
- New user can be created and granted permission to access MySQL. As
zimbra
user, execute the following steps:
$ su - zimbra $ mysql CREATE USER 'testuser'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON * . * TO 'testuser'@'%';
- Login to MySQL database using the newly created user:
$ su - zimbra $ mysql -u testuser -p Enter password:password Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 6086