CBPolicyd with Zimbra MySQL

Revision as of 01:36, 14 May 2021 by Ashah (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Setting up CBPolicyd with Zimbra MySQL

   KB 24291        Last updated on 2021-05-14  




0.00
(0 votes)

Execute the following steps on MTA Node to setup CBPolicyd with Zimbra MySQL

  • Clone the repo (as root) :
$ git clone https://github.com/Zimbra/zm-core-utils.git
  • Go to zm-core-utils/src/bin/ directory and execute the cbpolicyd.sh script:
$ bash cbpolicyd.sh
  • Obtain password for ad-policyd_db user using below command:
$ grep Pass /opt/zimbra/conf/cbpolicyd.conf.in
  • Login to MySQL database to change or review your polices using mysql client as ad-policyd_db user.
$ su - zimbra
$ /opt/zimbra/bin/mysql policyd_db -u ad-policyd_db -p 

SELECT * FROM quotas_limits;
  • Following will be the output:
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type                  | CounterLimit | Comment | Disabled | 
+----+----------+-----------------------+--------------+---------+----------+
|  1 |        1 | MessageCount          |           10 | NULL    |        0 |
|  2 |        1 | MessageCumulativeSize |         8000 | NULL    |        0 |
|  3 |        2 | MessageCount          |           12 | NULL    |        0 |
|  4 |        3 | MessageCount          |          100 | NULL    |        0 |
|  5 |        4 | MessageCount          |          125 | NULL    |        0 |
+----+----------+-----------------------+--------------+---------+----------+
  • CBPolicyd has been installed successfully. Following are the details of the policy:
    • Rate limit any sender from sending more than 100 emails every 60 seconds. Messages beyond this limit are deferred.
    • Rate limit any @domain from receiving more than 125 emails in a 60 second period. Messages beyond this rate are rejected.
  • For testing purpose, we can set the following policy:
    • 2 emails every 60 seconds. Messages beyond this limit are deferred.
    • 2 emails in a 60 second period. Messages beyond this rate are rejected.
  • As ad-policyd_db user, login to the MySQL database and execute the following commands for updating quotas_limits table to set the above mentioned policies:
$ /opt/zimbra/bin/mysql policyd_db
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 4;
UPDATE quotas_limits SET CounterLimit = 2 WHERE ID = 5;
  • To make the configuration effective, execute these commands as zimbra user:
$ su - zimbra
$ zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
$ zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
  • Restart services:
$ zmmtactl restart
$ zmcbpolicydctl start

Note:
The installed policy is a basic template to get started.
In many cases you will want to set the `Period` column in `quotas` table to 600 or 3600 and set `CounterLimit` to around 100 for all records of type `MessageCount` in `quotas_limits` table.
It is recommended to monitor the users e-mailing behavior prior to installing cbpolicyd. Be prepared to alter the limits after installing in case your users send more email than expected.

Testing the CBPolicyd configuration

  • Login to Zimbra Modern Web App.
  • Send 2 emails within 60 seconds.
  • You will see an error message in UI:
You are sending too many emails, contact helpdesk.
  • Similar message will also get logged in /var/log/zimbra.log and /opt/zimbra/log/cbpolicyd.log

Tested versions

  • Centos 7: 9.0.0_P14
  • Centos 8: 8.8.15_P21
  • Ubuntu 16: 9.0.0_P14
  • Ubuntu 18: 8.8.15_P21
Retrieved from "http://wiki.zimbra.com/index.php?title=CBPolicyd_with_Zimbra_MySQL&oldid=68127"
Jump to: navigation, search