Postfix + Centos + Policyd V2 + MySQL

Requirements for Policyd v2

• MySQL
• Net::Server >= 0.96
• Net::CIDR
• Config::IniFiles (Debian based: libconfig-inifiles-perl, RPM based: perl-Config-IniFiles)
• Cache::FastMmap (Debian based: libcache-fastmmap-perl, RPM based: perl-Cache-FastMmap)
• Mail::SPF (Required for SPF)

Requirements for webui

• PHP v5+

Download policyd v2

# wget http://downloads.sourceforge.net/project/policyd/2.0.x%20%28Stable%29/v2.0.7/cluebringer-2.0.7.tar.bz2?use_mirror=biznetnetworks

Build rpm from source tarball

# rpmbuild -ta cluebringer-2.0.7.tar.bz2

Install the rpm

# rpm -ivh /usr/src/redhat/RPMS/cluebringer-2.0.7-1.noarch.rpm

In database/ run…

# for i in  core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql <- press enter > do <- press enter >  ./convert-tsql mysql $i <- press enter > done > policyd.mysql <- press enter

This will build policyd.mysql, be sure to ALWAYS load core.tsql first, you only really need the
schema for the modules you plan to use, no harm in adding all of them though.
Create policyd database

# mysqladmin -u root -ppassword create policyd

Load policyd.mysql into MySQL

# mysql -u root -p policyd < database/policyd.mysql Enter password:

Press enter

Edit cluebringer.conf and adjust the MySQL server details

#vi /etc/policyd/cluebringer.conf find the [database] section DSN=DBI:mysql:database=policyd;host=localhost Username=root Password=your-root-password

Start cbpolicyd service

1	# /etc/init.d/cbpolicyd start

Make sure the service is started

# ps ax | grep policyd  7888 ?        Ss     0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf  7891 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf  7892 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf  7893 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf  7894 ?        S      0:00 /usr/bin/perl /usr/sbin/cbpolicyd --config /etc/policyd/cluebringer.conf

# netstat -pln | grep :10031 tcp        0      0 0.0.0.0:10031               0.0.0.0:*                   LISTEN      7888/perl

By default cbpolicyd not starting automatically at every runlevel.

# chkconfig --list cbpolicyd cbpolicyd       0:off   1:off   2:off   3:off   4:off   5:off   6:off

We should add it manualy to runlevel

# chkconfig --level 2345 cbpolicyd on

Edit webui config and adjust the MySQL server details

# /etc/policyd/webui.conf $DB_DSN="mysql:host=localhost;dbname=policyd"; $DB_USER="root"; $DB_PASS="your-root-password";

Setup Postfix to use cbpolicyd
Add the following Postfix config…

1	check_policy_service inet:127.0.0.1:10031

in BOTH  smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.
Now configuring httpd part
if you have already working website just create symlink for Poilcyd webui

# ln -s /usr/share/cluebringer/webui/ /path/to/www/webui

Seems like Policyd webui does not protecting the web interface with authentication?
We can create  .htaccess/.htpasswd
Create .htaccess file in /usr/share/cluebringer/webui/

# /usr/share/cluebringer/webui/.htaccess AuthUserFile /usr/share/cluebringer/webui/.htpasswd AuthGroupFile /dev/null AuthName "user and password" AuthType Basic   <LIMIT GET> require valid-user </LIMIT>

Create user with htpasswd

# htpasswd -c /usr/share/cluebringer/webui/.htpasswd your-user

httpasswd will asked for password
Don’t forget to modify httpd config

<Directory "/var/www/html/cabal/policyd"> AllowOverride AuthConfig Order allow,deny Allow from all </Directory>

Point your browser to http://www.yourdomain.tld/policyd/

That’s it for now