Easy Install cbpolicyd On CentOS 7

I have encountered the situation when users have weak passwords and are guessed by spammers so valid accounts are used for SPAM. The solution they choose in case is the limitation of mails sent over a period of time.

1. Install dependencies on the application

yum install -y mariadb mariadb-server perl-Cache-FastMmap perl-Config-IniFiles

2. Download and install policyd rpm package and source files for setting up db.

wget https://download.policyd.org/v2.0.14/cluebringer-2.0.14-1.noarch.rpm
rpm -Uvh cluebringer-2.0.14-1.noarch.rpm
wget https://download.policyd.org/v2.0.14/cluebringer-v2.0.14.zip

3. Settings database.

unzip cluebringer-v2.0.14.zip
cd cluebringer-v2.0.14/database/

Prepare sql file

vim run.sh
#!/bin/bash
for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql;
do
./convert-tsql mysql $i
done > policyd.sql

Change in file
sed -i 's/TYPE=InnoDB CHARACTER SET latin1 COLLATE latin1_bin//' policyd.sql

4. Create database and populate.
mysql -u root -p
create database policyd;
GRANT all on policyd.* to ‘policyd’@’localhost’ identified by ‘Your-password’;
\q
mysql -u root -p policyd < policyd.sql

5. Configure cbpolicyd database on webui.conf

vim /etc/policyd/cluebringer.conf
config line like this
[database]
#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:database=policyd;host=localhost
Username=policyd
Password=Your-password

vim /etc/policyd/webui.conf
config line like this
$DB_DSN="mysql:host=localhost;dbname=policyd";
$DB_USER="policyd";
$DB_PASS="Your-password";

6. Setup in your page policyd and postfix.
Access for config file
cd /var/www/html/
ln -s /usr/share/cluebringer/webui/ policyd

Now you need to create your apache access with vhosts.

Modify postfix
Add the following Postfix config setting in BOTH smtpd_recipient_restrictions and

smtpd_end_of_data_restrictions: check_policy_service inet:127.0.0.1:10031

It’s recommended to add these parameters first, i.e.:

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, ..

You can check logs on /var/log/cbpolicyd.log and /var/log/maillog
Start service /etc/init.d/cbpolicyd start
Enable:
[root@mail html]# systemctl enable cbpolicyd
cbpolicyd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig cbpolicyd on