Hello good people, in today’s post we’ll have a look at how to install and get cbpolicy up and running on CentOS 7.x. We’ll cover installing Mariadb server the setting up policyd.

Install software deps:

Fire these commands on the terminal:

yum install -y mariadb mariadb-server  perl-Cache-FastMmap perl-Config-IniFiles
systemctl enable mariadb
systemctl start mariadb

Download and install policyd rpm package

wget https://download.policyd.org/v2.0.14/cluebringer-2.0.14-1.noarch.rpm
rpm -ivh cluebringer-2.0.14-1.noarch.rpm

Download cbpolicy source files for setting up db

wget https://download.policyd.org/v2.0.14/cluebringer-v2.0.14.zip
unzip cluebringer-v2.0.14.zip
cd cluebringer-v2.0.14
cd database

In database/ run the following:

for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql; 
./convert-tsql mysql $i
done > policyd.sql

Now Create policyd database

mysqladmin -u root -p create policyd

Load policyd.mysql into your database, in this case MySQL:

sed -i 's/TYPE=InnoDB CHARACTER SET latin1 COLLATE latin1_bin//' policyd.sql
mysql -u root -ppassword policyd < policyd.sql

Configure cbpolicyd database

sed -i 's/#Username=root/Username=root/'  /etc/policyd/cluebringer.conf
sed -i 's/#Password=/Password=Password@321!/'  /etc/policyd/cluebringer.conf

To setup cbpolicy UI,install the webui/* into your apache directory, check out includes/config.phpand adjust the database details.

Setup Postfix to use cbpolicyd.

Add the following Postfix config setting in BOTH smtpd_recipient_restrictions and smtpd_end_of_data_restrictions:

check_policy_service inet:

It’s recommended to add these parameters first, i.e.:

smtpd_recipient_restrictions = check_policy_service inet:, permit_mynetworks, ..., ...