CBPolicyD Wiki Errata Note

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1780
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 4 Network Edition

CBPolicyD Wiki Errata Note

Postby L. Mark Stone » Fri Jul 06, 2018 8:56 pm

I've been working with two customers on CBPolicyD, as well as having deployed it in my own multi-tenant Zimbra Hosting Farm (I'm a Zimbra Hosting Partner), and I thought it would be helpful to point out that the tuning section in the Certified wiki article, at least as it relates to Zimbra 8.8.x, needs updating.

cbpolicyd with outbound rate limiting is helpful as and when you have a compromised mailbox; by rate limiting the outbound emails you can defer/eliminate your server getting blacklisted, so for me I always deploy cbpolicyd except when there is an outbound email gateway solution with enough horsepower to handle a compromised mailbox.

The documentation indicates that the tuning parameters are localconfig variables. In Zimbra 8.8.x, these are now Global Config variables that are inherited by each MTA server on which you install cbpolicyd.

Zimbra ships with cbpolicyd global config variables now set to the values appropriate for a Medium mailserver. In my own testing on previous versions of Zimbra, a Medium set of performance tuning variables will be fine to handle a few thousand busy mailboxes, at least for outbound rate limiting.

The Certified wiki is here: https://wiki.zimbra.com/wiki/CBpolicyd_support

You can see the defaults Zimbra sets like so:

Code: Select all

ubuntu@zimbra:~$ sudo su - zimbra
zimbra@zimbra:~$ zmprov -l gacf | grep -i cbpolicyd
zimbraCBPolicydAccessControlEnabled: FALSE
zimbraCBPolicydAccountingEnabled: FALSE
zimbraCBPolicydAmavisEnabled: FALSE
zimbraCBPolicydBindPort: 10031
zimbraCBPolicydBypassMode: tempfail
zimbraCBPolicydBypassTimeout: 30
zimbraCBPolicydCheckHeloEnabled: FALSE
zimbraCBPolicydCheckSPFEnabled: FALSE
zimbraCBPolicydGreylistingBlacklistMsg: Greylisting in effect, sending server blacklisted
zimbraCBPolicydGreylistingDeferMsg: Greylisting in effect, please come back later
zimbraCBPolicydGreylistingEnabled: FALSE
zimbraCBPolicydGreylistingTrainingEnabled: FALSE
zimbraCBPolicydLogLevel: 3
zimbraCBPolicydMaxRequests: 1000
zimbraCBPolicydMaxServers: 25
zimbraCBPolicydMaxSpareServers: 12
zimbraCBPolicydMinServers: 4
zimbraCBPolicydMinSpareServers: 4
zimbraCBPolicydQuotasEnabled: TRUE
zimbraCBPolicydTimeoutBusy: 120
zimbraCBPolicydTimeoutIdle: 1020

Don't edit it, but you can see some explanations of the performance tuning variables on 8.8.x by reviewing the relevant section of /opt/zimbra/conf/cbpolicyd.conf.in for example:

Code: Select all

# Preforking configuration
# min_server            - Minimum servers to keep around
# min_spare_servers     - Minimum spare servers to keep around ready to
#                         handle requests
# max_spare_servers     - Maximum spare servers to have around doing nothing
# max_servers           - Maximum servers alltogether
# max_requests          - Maximum number of requests each child will serve
# One may want to use the following as a rough guideline...
# Small mailserver:  2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000

# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging

# File to log to instead of stdout

Hope that helps others,

L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP and Consulting https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
User avatar
Advanced member
Advanced member
Posts: 67
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5

Re: CBPolicyD Wiki Errata Note

Postby zimico » Sat Jul 07, 2018 3:00 am

Thank Mark for your kind sharing.

All the best,
User avatar
Posts: 33
Joined: Thu Jul 30, 2015 2:44 pm
Location: Portland, ME

Re: CBPolicyD Wiki Errata Note

Postby DavidMerrill » Sun Jul 08, 2018 1:40 pm

Thanks for sharing Mark!
David Merrill - Zimbra Practice Lead
Reliable Networks - Zimbra Hosting, Licensing and Professional Services
Zeta Alliance
Posts: 10
Joined: Sat Jun 23, 2018 11:37 pm
Location: Mendoza, Argentina
ZCS/ZD Version: 8.8.8 Patch 4 Network Edition

Re: CBPolicyD Wiki Errata Note

Postby ALP » Tue Jul 10, 2018 2:01 am

Hi Mark, thanks for sharing. Since you have experience implementing Cbpolicyd on 8.8.x I made some queries to see if you can help me. I have version 8.8.8 and I have deployed Cbpolicyd to limit the sending of emails according to the following guidelines:


The problem is that it takes each recipient as a sent mail and this complicates the use of distribution lists. In addition, when a user exceeds the limit, the emails are rejected instead of being sent to the deferred queue. Has this happened to you in your implementations? Has managed to fix it?

Thank you very much.


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 30 guests