Sep 132009
 

Prerequisites

Requirements for Policyd v2

  • MySQL
  • Net::Server >= 0.96
  • Net::CIDR
  • Config::IniFiles (Debian based: libconfig-inifiles-perl, RPM based: perl-Config-IniFiles)
  • Cache::FastMmap (Debian based: libcache-fastmmap-perl, RPM based: perl-Cache-FastMmap)
  • Mail::SPF (Required for SPF)

Requirements for webui

  • PHP v5+

Download policyd v2

# wget http://downloads.sourceforge.net/project/policyd/2.0.x%20%28Stable%29/v2.0.7/cluebringer-2.0.7.tar.bz2?use_mirror=biznetnetworks

Build rpm from source tarball

# rpmbuild -ta cluebringer-2.0.7.tar.bz2

Install the rpm

# rpm -ivh /usr/src/redhat/RPMS/cluebringer-2.0.7-1.noarch.rpm

In database/ run…

# for i in  core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql <- press enter
> do <- press enter
>  ./convert-tsql mysql $i <- press enter
> done > policyd.mysql <- press enter

This will build policyd.mysql, be sure to ALWAYS load core.tsql first, you only really need the
schema for the modules you plan to use, no harm in adding all of them though.

Create policyd database

# mysqladmin -u root -ppassword create policyd

Load policyd.mysql into MySQL

# mysql -u root -p policyd < database/policyd.mysql
Enter password:

Press enter

Edit cluebringer.conf and adjust the MySQL server details

#vi /etc/policyd/cluebringer.conf
find the [database] section
DSN=DBI:mysql:database=policyd;host=localhost
Username=root
Password=your-root-password

Start cbpolicyd service

# /etc/init.d/cbpolicyd start

Make sure the service is started

# ps ax | grep policyd
 7888 ?        Ss     0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
 7891 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
 7892 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
 7893 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
 7894 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf
# netstat -pln | grep :10031
tcp        0      0 0.0.0.0:10031               0.0.0.0:*                   LISTEN      7888/perl

By default cbpolicyd not starting automatically at every runlevel.

# chkconfig --list cbpolicyd
cbpolicyd       0:off   1:off   2:off   3:off   4:off   5:off   6:off

We should add it manualy to runlevel

# chkconfig --level 2345 cbpolicyd on

Edit webui config and adjust the MySQL server details

# /etc/policyd/webui.conf
$DB_DSN="mysql:host=localhost;dbname=policyd";
$DB_USER="root";
$DB_PASS="your-root-password";

Setup Postfix to use cbpolicyd
Add the following Postfix config…

check_policy_service inet:127.0.0.1:10031

in BOTH  smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.

Now configuring httpd part
if you have already working website just create symlink for Poilcyd webui

# ln -s /usr/share/cluebringer/webui/ /path/to/www/webui

Seems like Policyd webui does not protecting the web interface with authentication?

We can create  .htaccess/.htpasswd
Create .htaccess file in /usr/share/cluebringer/webui/

# /usr/share/cluebringer/webui/.htaccess
AuthUserFile /usr/share/cluebringer/webui/.htpasswd
AuthGroupFile /dev/null
AuthName "user and password"
AuthType Basic

<LIMIT GET>
require valid-user
</LIMIT>

Create user with htpasswd

# htpasswd -c /usr/share/cluebringer/webui/.htpasswd your-user

httpasswd will asked for password
Don’t forget to modify httpd config

<Directory "/var/www/html/cabal/policyd">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Point your browser to http://www.yourdomain.tld/policyd/

That’s it for now

Source: INSTALL file cluebringer-2.0.7.tar.bz2

  19 Responses to “Postfix + Centos + Policyd V2 + MySQL”

Comments (19)
  1. Hi my installation is complete. i am facing this error please me

    Error connecting to Policyd v2 DB: SQLSTATE[28000] [1045] Access denied for user ‘root’@’localhost’ (using password: NO)

  2. it’s your mysql acl disallowed you accesing localhost, try substitute localhost with 127.0.0.1

  3. Sir i have a problem. I have a postfix and using gmail as a relay without authentication,the problem is this postfix is just

    using for sending email .I need your help i want to restrict the postfix send a 10 emails in a 1min , i have tried my setting but its not

    working my server ip is blacklisted on RBL level-1 so i want to restrict it. i have also use a policy daemon but i dont how to use it if you have any idea about this please help me out

    Can plz sent me step by step guide line

  4. i am very greatfull to you if email me with snapshot how to configure this thing
    email id is

    ali.ramzan@hotmail.com

  5. i am stuck 🙁 please help me out .i want to restric the postfix to sedn 10email in 60 second

  6. Are you there?

    Please post your email id or your skype id?
    i want to contact with you personally

  7. i still not get what you want to achieve, i don’t have skype, but you can contact me at hari.h -at- kutukupret.com

  8. my question is simple

    how to restrict postfix server send just 10 emails in 1 min clear ?

    whole postfix server send just 10emails in 1min.

  9. hold every your outgoing email (by setting your default transport to hold) then release it using cronjob for 10 emails every 1 minute.that can be done using script by accessing postfix queue selecting each 10 mails on top of the queue for example, here’s a perl script example how to enumerate postfix queue and release the queue, you can modify the script as you expect. but it’s not tested.smtp transaction depend on bot sender and receiver, you cannot expected your mail would be accepted once you have sent at destination/receiver site. IMHO just let postfix queueing/scheduling algorithm handle that, and fix the real problem.

    #!/usr/bin/perl
    
    $REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";
    
    @data = qx</usr/sbin/postqueue -p>;
    for (@data) {
      if (/^(\w+)(\*|\!)?\s/) {
         $queue_id = $1;
      }
      if($queue_id) {
        if (/$REGEXP/i) {
          $Q{$queue_id} = 1;
          $queue_id = "";
        }
      }
    }
    
    open(POSTSUPER,"|postsuper -H -") || die "couldn't open postsuper" ;
    
    foreach (keys %Q) {
      print POSTSUPER "$_\n";
    };
    close(POSTSUPER);
    
  10. I have one more question.

    i have set this script run every after 1 min Right?

  11. I have no idea about perl. You just guide me how can i run this script.I am using Red Hat Enterprise Linux Server release 5.5 (Tikanga).
    i just set this script every 1min in crontab?

  12. I have no idea about perl. You just guide me how can i run this script.I am using Red Hat Enterprise Linux Server release 5.5 (Tikanga).
    i set this perl script with cronjob same as you mentioned.

  13. I have no idea about perl.

  14. How can i do this with policy daemon any idea you have? i am sorry for my multiple post

  15. Please reply my last post?

  16. I got following error after running:-
    service cbpolicyd start
    Starting cbpolicyd: Bad name after server’ at /usr/sbin/cbpolicyd line 49.

    line 49 of /usr/sbin/cbpolicyd is:-my $server = $self->{‘server’}
    sir can you please resolve this issue.

  17. Hi guys,
    I have installed policyd on centos 6.5 64-bit. I am unable to start cbpolicyd. It gives the following error:-
    tarting cbpolicyd: Can’t locate List/MoreUtils.pm in @INC (@INC contains: /usr/local/lib/policyd-2.0 /usr/lib/policyd-2.0 /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/share/perl5/vendor_perl/Config/IniFiles.pm line 14.
    BEGIN failed–compilation aborted at /usr/share/perl5/vendor_perl/Config/IniFiles.pm line 14.
    Compilation failed in require at /usr/sbin/cbpolicyd line 32.
    BEGIN failed–compilation aborted at /usr/sbin/cbpolicyd line 32.
    [FAILED]

    Can you please help me out on this issue.

  18. Great post Leenoux, thank you.

  19. Hi,
    I have been trying this for months has any one accomplish this on ubuntu server 14.04?

    Thank you

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.