Page 1 of 1

CBPolicyD Wiki Errata Note

Posted: Fri Jul 06, 2018 8:56 pm
by L. Mark Stone
I've been working with two customers on CBPolicyD, as well as having deployed it in my own multi-tenant Zimbra Hosting Farm (I'm a Zimbra Hosting Partner), and I thought it would be helpful to point out that the tuning section in the Certified wiki article, at least as it relates to Zimbra 8.8.x, needs updating.

cbpolicyd with outbound rate limiting is helpful as and when you have a compromised mailbox; by rate limiting the outbound emails you can defer/eliminate your server getting blacklisted, so for me I always deploy cbpolicyd except when there is an outbound email gateway solution with enough horsepower to handle a compromised mailbox.

The documentation indicates that the tuning parameters are localconfig variables. In Zimbra 8.8.x, these are now Global Config variables that are inherited by each MTA server on which you install cbpolicyd.

Zimbra ships with cbpolicyd global config variables now set to the values appropriate for a Medium mailserver. In my own testing on previous versions of Zimbra, a Medium set of performance tuning variables will be fine to handle a few thousand busy mailboxes, at least for outbound rate limiting.

The Certified wiki is here:

You can see the defaults Zimbra sets like so:

Code: Select all

ubuntu@zimbra:~$ sudo su - zimbra
zimbra@zimbra:~$ zmprov -l gacf | grep -i cbpolicyd
zimbraCBPolicydAccessControlEnabled: FALSE
zimbraCBPolicydAccountingEnabled: FALSE
zimbraCBPolicydAmavisEnabled: FALSE
zimbraCBPolicydBindPort: 10031
zimbraCBPolicydBypassMode: tempfail
zimbraCBPolicydBypassTimeout: 30
zimbraCBPolicydCheckHeloEnabled: FALSE
zimbraCBPolicydCheckSPFEnabled: FALSE
zimbraCBPolicydGreylistingBlacklistMsg: Greylisting in effect, sending server blacklisted
zimbraCBPolicydGreylistingDeferMsg: Greylisting in effect, please come back later
zimbraCBPolicydGreylistingEnabled: FALSE
zimbraCBPolicydGreylistingTrainingEnabled: FALSE
zimbraCBPolicydLogLevel: 3
zimbraCBPolicydMaxRequests: 1000
zimbraCBPolicydMaxServers: 25
zimbraCBPolicydMaxSpareServers: 12
zimbraCBPolicydMinServers: 4
zimbraCBPolicydMinSpareServers: 4
zimbraCBPolicydQuotasEnabled: TRUE
zimbraCBPolicydTimeoutBusy: 120
zimbraCBPolicydTimeoutIdle: 1020

Don't edit it, but you can see some explanations of the performance tuning variables on 8.8.x by reviewing the relevant section of /opt/zimbra/conf/ for example:

Code: Select all

# Preforking configuration
# min_server            - Minimum servers to keep around
# min_spare_servers     - Minimum spare servers to keep around ready to
#                         handle requests
# max_spare_servers     - Maximum spare servers to have around doing nothing
# max_servers           - Maximum servers alltogether
# max_requests          - Maximum number of requests each child will serve
# One may want to use the following as a rough guideline...
# Small mailserver:  2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000

# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging

# File to log to instead of stdout

Hope that helps others,

Re: CBPolicyD Wiki Errata Note

Posted: Sat Jul 07, 2018 3:00 am
by zimico
Thank Mark for your kind sharing.

All the best,

Re: CBPolicyD Wiki Errata Note

Posted: Sun Jul 08, 2018 1:40 pm
by DavidMerrill
Thanks for sharing Mark!

Re: CBPolicyD Wiki Errata Note

Posted: Tue Jul 10, 2018 2:01 am
by ALP
Hi Mark, thanks for sharing. Since you have experience implementing Cbpolicyd on 8.8.x I made some queries to see if you can help me. I have version 8.8.8 and I have deployed Cbpolicyd to limit the sending of emails according to the following guidelines:

The problem is that it takes each recipient as a sent mail and this complicates the use of distribution lists. In addition, when a user exceeds the limit, the emails are rejected instead of being sent to the deferred queue. Has this happened to you in your implementations? Has managed to fix it?

Thank you very much.