Difference between revisions of "King0770-Notes-Enable-webui-for-cbpolicyd-Unsupported"

(Section VI - Quick Start)
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=King Notes Enable-webui-for-cbpolicyd-Unsupported=
 
=King Notes Enable-webui-for-cbpolicyd-Unsupported=
 
+
<br>
 +
<strong>Purpose of this article: Provide an easier method making changes to the cbpolicyd service.</strong>
 +
<br>
 
'''Summary of steps'''
 
'''Summary of steps'''
 
* Edit /opt/zimbra/conf/httpd.conf
 
* Edit /opt/zimbra/conf/httpd.conf
* Edit /opt/zimbra/cbpolicyd/share/webui/includes/config.php  
+
* Edit /opt/zimbra/cbpolicyd/share/webui/includes/config.php<br>
 +
<strong>NOTE: In ZCS8.7.x, the config.php is located in /opt/zimbra/common/share/webui/includes. </strong>
 
<br>
 
<br>
Purpose: Provide an easier method making changes to the cbpolicyd service.
 
 
<br>
 
<br>
 
'''When will there be support for the cbpolicyd service in the Admin Console?'''
 
'''When will there be support for the cbpolicyd service in the Admin Console?'''
Line 58: Line 60:
 
/opt/zimbra/httpd/bin/htpasswd -cb .htpasswd zimbra myPassword
 
/opt/zimbra/httpd/bin/htpasswd -cb .htpasswd zimbra myPassword
 
</pre></code>
 
</pre></code>
 +
 +
<strong>NOTE: If you are running ZCS version 8.7.x, replace /opt/zimbra/cbpolicyd/share/webui/ path with /opt/zimbra/common/share/webui/  in the /opt/zimbra/conf/httpd.conf file</strong>
  
 
==Section II - Edit the /opt/zimbra/cbpolicyd/share/webui/includes/config.php file ==
 
==Section II - Edit the /opt/zimbra/cbpolicyd/share/webui/includes/config.php file ==
Line 69: Line 73:
 
<code><pre>
 
<code><pre>
 
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
 
$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";
</pre></code>
+
</pre></code><br>
 +
 
 +
<strong>NOTE: In ZCS8.7.x, the config.php is located in /opt/zimbra/common/share/webui/includes. </strong>
  
 
==Section III - Requirements==
 
==Section III - Requirements==
Line 83: Line 89:
 
==Section V - FAQ==
 
==Section V - FAQ==
 
Question: Is this supported by Zimbra Support Team? <br>
 
Question: Is this supported by Zimbra Support Team? <br>
Answer:<strong>  No</strong>
+
Answer:<strong>  No, but you are free to make any changes as you see fit</strong>
 
<br>
 
<br>
 
Question: Does cbpolicyd need to be running in order to access cbpolicyd's webui?<br>
 
Question: Does cbpolicyd need to be running in order to access cbpolicyd's webui?<br>
Line 89: Line 95:
 
<br>
 
<br>
 
Question: I messed up the cbpolicyd database. Is there a way to start over from scratch?<br>
 
Question: I messed up the cbpolicyd database. Is there a way to start over from scratch?<br>
Answer:<strong>  Yes, run this command as the zimbra user:  /opt/zimbra/libexec/zmcbpolicydinit -force </strong>
+
Answer:<strong>  Yes, run this command as the zimbra user:  </strong>
 +
<code><pre>
 +
/opt/zimbra/libexec/zmcbpolicydinit -force
 +
</pre></code>
 
<br>
 
<br>
 
+
Question:  Is it possible to export my cbpolicyd config?<br>
==Section VI - Quick Start==
+
Answer:<strong> Yes, run this command as the zimbra user: </strong>
<strong>This should be considered experimental, highly advise to use a test machine first.</strong><br>
+
<code><pre>  
As the zimbra user, create cbpolicyd.sqlitedb database (if you haven't created it yet).<br>
+
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb .dump >> /tmp/test.sql
<code><pre>
 
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb  
 
SQLite version 3.6.20
 
Enter ".help" for instructions
 
Enter SQL statements terminated with a ";"
 
sqlite>
 
 
</pre></code>
 
</pre></code>
 
+
<br>
At the sqlite prompt type .databases; note the leading period character.<br>
+
Question:  Help! My /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb DB is gone! But I do have my exported cbpolicyd config, is there a way to import it?<br>
 +
Answer: <strong>  Yes. Run the following as the zimbra user to create the DB:</strong>
 
<code><pre>
 
<code><pre>
sqlite> .databases
+
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb .databases
seq  name            file                                                     
 
---  ---------------  ----------------------------------------------------------
 
0    main            /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb        
 
sqlite>
 
 
</pre></code>
 
</pre></code>
Then type .quit; again with the leading period character.<br>
+
<strong> Then run the following to import it:</strong>
 
<code><pre>
 
<code><pre>
sqlite> .quit
+
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /tmp/test.sql
 
</pre></code>
 
</pre></code>
 +
<br>
  
Copy the below data into a new /opt/zimbra/data/cbpolicyd/db/zimbraCBPOLICYD.sql file.<br>
 
Once the zimbraCBPOLICYD.sql file is created, export it.<br>
 
<code><pre>
 
sqlite /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb  < /opt/zimbra/data/cbpolicyd/db/zimbraCBPOLICYD.sql
 
</pre></code>
 
 
Contents of the zimbraCBPOLICYD.sql file.<br>
 
<code><pre>
 
PRAGMA foreign_keys=OFF;
 
BEGIN TRANSACTION;
 
CREATE TABLE policies (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
Name VARCHAR(255) NOT NULL,
 
 
Priority SMALLINT NOT NULL,
 
 
Description TEXT,
 
 
Disabled SMALLINT NOT NULL DEFAULT '0'
 
 
);
 
INSERT INTO "policies" VALUES(6,'Zimbra CBPolicyd Policies',0,'Zimbra CBPolicyd Policies',0);
 
CREATE TABLE policy_members (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
/*
 
Format of key:
 
NULL = any
 
a.b.c.d/e = IP address with optional /e
 
@domain = domain specification,
 
%xyz = xyz group,
 
abc@domain = abc user specification
 
 
all options support negation using !<key>
 
*/
 
Source TEXT,
 
Destination TEXT,
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
INSERT INTO "policy_members" VALUES(6,6,'any','any',NULL,0);
 
CREATE TABLE policy_groups (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
Name VARCHAR(255) NOT NULL,
 
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
Comment VARCHAR(1024),
 
 
 
UNIQUE (Name)
 
);
 
INSERT INTO "policy_groups" VALUES(1,'internal_ips',0,NULL);
 
INSERT INTO "policy_groups" VALUES(2,'internal_domains',0,NULL);
 
CREATE TABLE policy_group_members (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyGroupID INT8,
 
 
/* Format of member: a.b.c.d/e = ip,  @domain = domain, %xyz = xyz group, abc@domain = abc user */
 
Member VARCHAR(255) NOT NULL,
 
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
Comment VARCHAR(1024),
 
 
 
FOREIGN KEY (PolicyGroupID) REFERENCES policy_groups(ID)
 
);
 
INSERT INTO "policy_group_members" VALUES(1,1,'10.0.0.0/8',0,NULL);
 
INSERT INTO "policy_group_members" VALUES(2,2,'@example.org',0,NULL);
 
INSERT INTO "policy_group_members" VALUES(3,2,'@example.com',0,NULL);
 
CREATE TABLE session_tracking (
 
Instance VARCHAR(255),
 
QueueID VARCHAR(255),
 
 
UnixTimestamp BIGINT NOT NULL,
 
 
ClientAddress VARCHAR(64),
 
ClientName VARCHAR(255),
 
ClientReverseName VARCHAR(255),
 
 
Protocol VARCHAR(255),
 
 
EncryptionProtocol VARCHAR(255),
 
EncryptionCipher VARCHAR(255),
 
EncryptionKeySize VARCHAR(255),
 
 
SASLMethod VARCHAR(255),
 
SASLSender VARCHAR(255),
 
SASLUsername VARCHAR(255),
 
 
Helo VARCHAR(255),
 
 
Sender VARCHAR(255),
 
 
Size UNSIGNED BIG INT,
 
 
RecipientData TEXT,  /* Policy state information */
 
 
UNIQUE (Instance)
 
);
 
CREATE TABLE access_control (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
Verdict VARCHAR(255),
 
Data TEXT,
 
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
CREATE TABLE accounting (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
/* Tracking Options */
 
Track VARCHAR(255) NOT NULL,  /* Format:  <type>:<spec>
 
 
      SenderIP - This takes a bitmask to mask the IP with. A good default is /24
 
 
      Sender & Recipient - Either "user@domain" (default), "user@" or "@domain" for the entire
 
      email addy or email addy domain respectively.
 
  */
 
 
/* Period over which to account traffic */
 
AccountingPeriod SMALLINT NOT NULL,  /* 0 - Track by day, 1 - Track by week, 2 - Track by month */
 
 
/* Limits for this period */
 
MessageCountLimit UNSIGNED BIG INT,  /* Limit is in Kbyte, NULL means no limit */
 
MessageCumulativeSizeLimit UNSIGNED BIG INT,  /* LImit is in Kbyte, NULL means no limit */
 
 
/* Verdict if limits are exceeded */
 
Verdict VARCHAR(255), /* Verdict when limit is exceeded */
 
Data TEXT, /* Data sent along with verdict */
 
 
LastAccounting SMALLINT NOT NULL DEFAULT '0',
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
CREATE TABLE accounting_tracking (
 
 
AccountingID INT8,
 
TrackKey VARCHAR(512),
 
PeriodKey VARCHAR(512),
 
 
/* Last time this record was update */
 
LastUpdate UNSIGNED BIG INT,  /* NULL means not updated yet */
 
 
MessageCount UNSIGNED BIG INT,
 
MessageCumulativeSize UNSIGNED BIG INT,  /* Counter is in Kbyte */
 
 
UNIQUE (AccountingID,TrackKey,PeriodKey),
 
FOREIGN KEY (AccountingID) REFERENCES accounting(ID)
 
);
 
CREATE TABLE amavis_rules (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
/*
 
Mode of operation (the _m columns):
 
 
This is done with the _m column names
 
 
0 - Inherit
 
1 - Merge  (only valid for lists)
 
2 - Overwrite
 
 
*/
 
 
 
/* Bypass options */
 
bypass_virus_checks SMALLINT,
 
bypass_virus_checks_m SMALLINT NOT NULL DEFAULT '0',
 
 
bypass_banned_checks SMALLINT,
 
bypass_banned_checks_m SMALLINT NOT NULL DEFAULT '0',
 
 
bypass_spam_checks SMALLINT,
 
bypass_spam_checks_m SMALLINT NOT NULL DEFAULT '0',
 
 
bypass_header_checks SMALLINT,
 
bypass_header_checks_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* Anti-spam options: NULL = inherit */
 
spam_tag_level FLOAT,
 
spam_tag_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_tag2_level FLOAT,
 
spam_tag2_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_tag3_level FLOAT,
 
spam_tag3_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_kill_level FLOAT,
 
spam_kill_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_dsn_cutoff_level FLOAT,
 
spam_dsn_cutoff_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_quarantine_cutoff_level FLOAT,
 
spam_quarantine_cutoff_level_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_modifies_subject SMALLINT,
 
spam_modifies_subject_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_tag_subject VARCHAR(255),  /* _SCORE_ is the score, _REQD_ is the required score */
 
spam_tag_subject_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_tag2_subject VARCHAR(255),
 
spam_tag2_subject_m SMALLINT NOT NULL DEFAULT '0',
 
 
spam_tag3_subject VARCHAR(255),
 
spam_tag3_subject_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* General checks: NULL = inherit */
 
max_message_size BIGINT,  /* in Kbyte */
 
max_message_size_m SMALLINT NOT NULL DEFAULT '0',
 
 
banned_files TEXT,
 
banned_files_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* Whitelist & blacklist */
 
sender_whitelist TEXT,
 
sender_whitelist_m SMALLINT NOT NULL DEFAULT '0',
 
 
sender_blacklist TEXT,
 
sender_blacklist_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* Admin notifications */
 
notify_admin_newvirus VARCHAR(255),
 
notify_admin_newvirus_m SMALLINT NOT NULL DEFAULT '0',
 
 
notify_admin_virus VARCHAR(255),
 
notify_admin_virus_m SMALLINT NOT NULL DEFAULT '0',
 
 
notify_admin_spam VARCHAR(255),
 
notify_admin_spam_m SMALLINT NOT NULL DEFAULT '0',
 
 
notify_admin_banned_file VARCHAR(255),
 
notify_admin_banned_file_m SMALLINT NOT NULL DEFAULT '0',
 
 
notify_admin_bad_header VARCHAR(255),
 
notify_admin_bad_header_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* Quarantine options */
 
quarantine_virus VARCHAR(255),
 
quarantine_virus_m SMALLINT NOT NULL DEFAULT '0',
 
 
quarantine_banned_file VARCHAR(255),
 
quarantine_banned_file_m SMALLINT NOT NULL DEFAULT '0',
 
 
quarantine_bad_header VARCHAR(255),
 
quarantine_bad_header_m SMALLINT NOT NULL DEFAULT '0',
 
 
quarantine_spam VARCHAR(255),
 
quarantine_spam_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
/* Interception options */
 
bcc_to VARCHAR(255),
 
bcc_to_m SMALLINT NOT NULL DEFAULT '0',
 
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
INSERT INTO "amavis_rules" VALUES(1,1,'Default system amavis policy',NULL,0,1,2,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,100000,2,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0,NULL,0);
 
CREATE TABLE quotas (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
/* Tracking Options */
 
Track VARCHAR(255) NOT NULL,  /* Format:  <type>:<spec>
 
 
      SenderIP - This takes a bitmask to mask the IP with. A good default is /24
 
 
      Sender & Recipient - Either "user@domain" (default), "user@" or "@domain" for the entire
 
      email addy or email addy domain respectively.
 
  */
 
 
/* Period over which this policy is valid,  this is in seconds */
 
Period UNSIGNED BIG INT,
 
 
Verdict VARCHAR(255),
 
Data TEXT,
 
 
LastQuota SMALLINT NOT NULL DEFAULT '0',
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
INSERT INTO "quotas" VALUES(3,6,'Sender:user@domain','Sender:user@domain',60,'DEFER','Deferring: Too many messages from sender in last 60',0,NULL,0);
 
INSERT INTO "quotas" VALUES(4,6,'Recipient:@domain','Recipient:@domain',60,'REJECT',NULL,0,NULL,0);
 
CREATE TABLE quotas_limits (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
QuotasID INT8,
 
 
Type VARCHAR(255),  /* "MessageCount" or "MessageCumulativeSize" */
 
CounterLimit UNSIGNED BIG INT,
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (QuotasID) REFERENCES quotas(ID)
 
);
 
INSERT INTO "quotas_limits" VALUES(4,3,'MessageCount',20,NULL,0);
 
INSERT INTO "quotas_limits" VALUES(5,4,'MessageCount',50,NULL,0);
 
CREATE TABLE quotas_tracking (
 
 
QuotasLimitsID INT8,
 
TrackKey VARCHAR(512),
 
 
/* Last time this record was update */
 
LastUpdate UNSIGNED BIG INT,  /* NULL means not updated yet */
 
 
Counter NUMERIC(10,4),
 
 
UNIQUE (QuotasLimitsID,TrackKey),
 
FOREIGN KEY (QuotasLimitsID) REFERENCES quotas_limits(ID)
 
);
 
CREATE TABLE checkhelo (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
 
/* Blacklisting, we want to reject people impersonating us */
 
UseBlacklist SMALLINT,  /* Checks blacklist table */
 
BlacklistPeriod UNSIGNED BIG INT,  /* Period to keep the host blacklisted for, if not set or 0
 
    the check will be live */
 
 
/* Random helo prevention */
 
UseHRP SMALLINT,  /* Use helo randomization prevention */
 
HRPPeriod UNSIGNED BIG INT,  /* Period/window we check for random helo's */
 
HRPLimit UNSIGNED BIG INT,  /* Our limit for the number of helo's is this */
 
 
/* RFC compliance options */
 
RejectInvalid SMALLINT,  /* Reject invalid HELO */
 
RejectIP SMALLINT,  /* Reject if HELO is an IP */
 
RejectUnresolvable SMALLINT,  /* Reject unresolvable HELO */
 
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
CREATE TABLE checkhelo_blacklist (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
Helo VARCHAR(255) NOT NULL,
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
UNIQUE (Helo)
 
);
 
CREATE TABLE checkhelo_whitelist (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
Source VARCHAR(512) NOT NULL,  /* Valid format is:    SenderIP:a.b.c.d[/e]  */
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
UNIQUE (Source)
 
);
 
CREATE TABLE checkhelo_tracking (
 
Address VARCHAR(64) NOT NULL,
 
Helo VARCHAR(255) NOT NULL,
 
LastUpdate UNSIGNED BIG INT NOT NULL,
 
 
UNIQUE (Address,Helo)
 
);
 
CREATE TABLE checkspf (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
/* Do we want to use SPF?  1 or 0 */
 
UseSPF SMALLINT,
 
/* Reject when SPF fails */
 
RejectFailedSPF SMALLINT,
 
/* Add SPF header */
 
AddSPFHeader SMALLINT,
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
INSERT INTO "checkspf" VALUES(1,6,'SPF Policy',1,0,1,'Zimbra CheckSPF Policy',0);
 
CREATE TABLE greylisting (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
PolicyID INT8,
 
 
Name VARCHAR(255) NOT NULL,
 
 
 
/* General greylisting settings */
 
UseGreylisting SMALLINT,  /* Actually use greylisting */
 
GreylistPeriod UNSIGNED BIG INT,  /* Period in seconds to greylist for */
 
 
/* Record tracking */
 
Track VARCHAR(255) NOT NULL,  /* Format:  <type>:<spec>
 
SenderIP - This takes a bitmask to mask the IP with, A good default is /24
 
*/
 
 
/* Bypass greylisting: sender+recipient level */
 
GreylistAuthValidity UNSIGNED BIG INT,  /* Period for which last authenticated greylist entry is valid for.
 
    This effectively bypasses greylisting for the second email a sender
 
    sends a recipient. */
 
GreylistUnAuthValidity UNSIGNED BIG INT,  /* Same as above but for unauthenticated entries */
 
 
 
/* Auto-whitelisting: sending server level */
 
UseAutoWhitelist SMALLINT,  /* Use auto-whitelisting */
 
AutoWhitelistPeriod UNSIGNED BIG INT,  /* Period to look back to find authenticated triplets */
 
AutoWhitelistCount UNSIGNED BIG INT,  /* Count of authenticated triplets after which we auto-whitelist */
 
AutoWhitelistPercentage UNSIGNED BIG INT,  /* Percentage of at least Count triplets that must be authenticated
 
  before auto-whitelisting. This changes the behaviour or Count */
 
 
/* Auto-blacklisting: sending server level */
 
UseAutoBlacklist SMALLINT,  /* Use auto-blacklisting */
 
AutoBlacklistPeriod UNSIGNED BIG INT,  /* Period to look back to find unauthenticated triplets */
 
AutoBlacklistCount UNSIGNED BIG INT,  /* Count of authenticated triplets after which we auto-whitelist */
 
AutoBlacklistPercentage UNSIGNED BIG INT,  /* Percentage of at least Count triplets that must be authenticated
 
  before auto-whitelisting. This changes the behaviour or Count */
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
FOREIGN KEY (PolicyID) REFERENCES policies(ID)
 
);
 
INSERT INTO "greylisting" VALUES(1,6,'Zimbra Greylisting percentage',1,120,'SenderIP:/32',604800,86400,1,604800,100,95,1,604800,100,100,NULL,0);
 
INSERT INTO "greylisting" VALUES(2,6,'Zimbra Greylisting Count',1,120,'SenderIP:/32',604800,86400,1,604800,50,NULL,1,604800,80,NULL,NULL,0);
 
CREATE TABLE greylisting_whitelist (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
Source VARCHAR(255) NOT NULL,  /* Either CIDR  a.b.c.d, a.b.c.d/x, or reversed  host*-*.whatever.com */
 
 
Comment VARCHAR(1024),
 
 
Disabled SMALLINT NOT NULL DEFAULT '0',
 
 
UNIQUE (Source)
 
);
 
INSERT INTO "greylisting_whitelist" VALUES(1,'SenderIP:SenderIP:1.2.3.4_NEED_TO_CHANGE','It is advised to whitelist all mailbox servers, so that outgoing mail from the web client does not end up triggering the greylist. Replace "1.2.3.4" with the IP address of the mailbox servers',1);
 
CREATE TABLE greylisting_autowhitelist (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
 
TrackKey VARCHAR(512) NOT NULL,
 
 
Added UNSIGNED BIG INT NOT NULL,
 
LastSeen UNSIGNED BIG INT NOT NULL,
 
 
Comment VARCHAR(1024),
 
 
UNIQUE (TrackKey)
 
);
 
CREATE TABLE greylisting_autoblacklist (
 
ID INTEGER PRIMARY KEY AUTOINCREMENT,
 
  
TrackKey VARCHAR(512) NOT NULL,
+
More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes
  
Added UNSIGNED BIG INT NOT NULL,
+
[[Category:Administration]]
 
+
[[Category:Command Line Interface]]
Comment VARCHAR(1024),
+
[[Category:MTA]]
 
+
[[Category:King0770-Notes]]
UNIQUE (TrackKey)
 
);
 
CREATE TABLE greylisting_tracking (
 
 
 
TrackKey VARCHAR(512) NOT NULL, /* The address really, masked with whatever */
 
Sender VARCHAR(255) NOT NULL,
 
Recipient VARCHAR(255) NOT NULL,
 
 
 
FirstSeen UNSIGNED BIG INT NOT NULL,
 
LastUpdate UNSIGNED BIG INT NOT NULL,
 
 
 
Tries UNSIGNED BIG INT NOT NULL,  /* Authentication tries */
 
Count UNSIGNED BIG INT NOT NULL,  /* Authenticated count */
 
 
 
UNIQUE(TrackKey,Sender,Recipient)
 
);
 
DELETE FROM sqlite_sequence;
 
INSERT INTO "sqlite_sequence" VALUES('policies',6);
 
INSERT INTO "sqlite_sequence" VALUES('policy_members',6);
 
INSERT INTO "sqlite_sequence" VALUES('policy_groups',2);
 
INSERT INTO "sqlite_sequence" VALUES('policy_group_members',3);
 
INSERT INTO "sqlite_sequence" VALUES('amavis_rules',1);
 
INSERT INTO "sqlite_sequence" VALUES('quotas',4);
 
INSERT INTO "sqlite_sequence" VALUES('quotas_limits',5);
 
INSERT INTO "sqlite_sequence" VALUES('checkhelo_blacklist',4);
 
INSERT INTO "sqlite_sequence" VALUES('checkspf',1);
 
INSERT INTO "sqlite_sequence" VALUES('greylisting',2);
 
INSERT INTO "sqlite_sequence" VALUES('greylisting_whitelist',1);
 
CREATE INDEX session_tracking_idx1 ON session_tracking (QueueID,ClientAddress,Sender);
 
CREATE INDEX session_tracking_idx2 ON session_tracking (UnixTimestamp);
 
CREATE INDEX accounting_tracking_idx1 ON accounting_tracking (LastUpdate);
 
CREATE INDEX quotas_tracking_idx1 ON quotas_tracking (LastUpdate);
 
CREATE INDEX checkhelo_tracking_idx1 ON checkhelo_tracking (LastUpdate);
 
CREATE INDEX greylisting_tracking_idx1 ON greylisting_tracking (LastUpdate,Count);
 
COMMIT;
 
</pre></code>
 

Latest revision as of 15:36, 28 April 2020

King Notes Enable-webui-for-cbpolicyd-Unsupported


Purpose of this article: Provide an easier method making changes to the cbpolicyd service.
Summary of steps

  • Edit /opt/zimbra/conf/httpd.conf
  • Edit /opt/zimbra/cbpolicyd/share/webui/includes/config.php

NOTE: In ZCS8.7.x, the config.php is located in /opt/zimbra/common/share/webui/includes.

When will there be support for the cbpolicyd service in the Admin Console? See, https://bugzilla.zimbra.com/show_bug.cgi?id=70376

Section I - Edit /opt/zimbra/conf/httpd.conf

Edit /opt/zimbra/conf/httpd.conf and add index.php to the DirectoryIndex line.
FROM

<IfModule dir_module>
    DirectoryIndex index.html index.html.var 
</IfModule>

TO

<IfModule dir_module>
    DirectoryIndex index.html index.html.var index.php
</IfModule>

Add the following at the bottom of the /opt/zimbra/conf/httpd.conf file

Alias /webui /opt/zimbra/cbpolicyd/share/webui/
<Directory "/opt/zimbra/cbpolicyd/share/webui/">
    AllowOverride AuthConfig
    Order Deny,Allow
    Allow from all
</Directory>

Save your changes, and restart zimbra's apache service.

zmapachectl restart

You may elect to choose a more secure directive for apache, for example.

Alias /webui /opt/zimbra/cbpolicyd/share/webui/
<Directory "/opt/zimbra/cbpolicyd/share/webui/">
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
</Directory>

You can also implement simple authentication for the webui directory.

cd /opt/zimbra/cbpolicyd/share/webui/
/opt/zimbra/httpd/bin/htpasswd -cb .htpasswd zimbra myPassword

NOTE: If you are running ZCS version 8.7.x, replace /opt/zimbra/cbpolicyd/share/webui/ path with /opt/zimbra/common/share/webui/ in the /opt/zimbra/conf/httpd.conf file

Section II - Edit the /opt/zimbra/cbpolicyd/share/webui/includes/config.php file

Edit the /opt/zimbra/cbpolicyd/share/webui/includes/config.php file, and change the $DB_DSN line.
FROM

$DB_DSN="mysql:host=localhost;dbname=cluebringer";

TO

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

NOTE: In ZCS8.7.x, the config.php is located in /opt/zimbra/common/share/webui/includes.

Section III - Requirements

You will need Zimbra's apache and spell packages installed. If the zimbra node running cbpolicyd service does not have apache or spell packages installed, you can manually install apache and spell.

rpm -ivh zimbra-apache-8.6.0_GA_1153.RHEL6_64-20141215151258.x86_64.rpm
rpm -ivh zimbra-spell-8.6.0_GA_1153.RHEL6_64-20141215151258.x86_64.rpm

Section IV - cbpolicyd URL

Once the changes are made, the URL should be available. http://mta.domain.com:7780/webui/ OR http://mta.domain.com:7780/webui/index.php/

Section V - FAQ

Question: Is this supported by Zimbra Support Team?
Answer: No, but you are free to make any changes as you see fit
Question: Does cbpolicyd need to be running in order to access cbpolicyd's webui?
Answer: No
Question: I messed up the cbpolicyd database. Is there a way to start over from scratch?
Answer: Yes, run this command as the zimbra user:

 
/opt/zimbra/libexec/zmcbpolicydinit -force


Question: Is it possible to export my cbpolicyd config?
Answer: Yes, run this command as the zimbra user:

 
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb .dump >> /tmp/test.sql


Question: Help! My /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb DB is gone! But I do have my exported cbpolicyd config, is there a way to import it?
Answer: Yes. Run the following as the zimbra user to create the DB:

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb .databases

Then run the following to import it:

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /tmp/test.sql



More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes

Jump to: navigation, search