Hello good people, in today’s post we’ll have a look at how to install and get cbpolicy up and running on CentOS 7 / RHEL 7. We’ll cover installing MariaDB server the setting up policyd.
Enable EPEL release
sudo yum -y install epel-release
sudo yum -y update
sudo rebootFire these commands on the terminal:
sudo yum install -y mariadb mariadb-server perl-Cache-FastMmap perl-Config-IniFiles wget unzip vim
sudo systemctl enable mariadb
sudo systemctl start mariadb
Check mariadb service status:
$ systemctl status mariadb
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-06-06 01:41:53 UTC; 6s ago
Process: 1782 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 1698 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 1781 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─1781 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─1946 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid...
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: MySQL manual for more instructions.
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: Please report any problems at http://mariadb.org/jira
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: The latest information about MariaDB is available at http://mariadb.org/.
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: You can find additional information about the MySQL part at:
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: http://dev.mysql.com
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: Consider joining MariaDB's strong and vibrant community:
Jun 06 01:41:51 cent7.mylab.io mariadb-prepare-db-dir[1698]: https://mariadb.org/get-involved/
Jun 06 01:41:51 cent7.mylab.io mysqld_safe[1781]: 230606 01:41:51 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Jun 06 01:41:51 cent7.mylab.io mysqld_safe[1781]: 230606 01:41:51 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Jun 06 01:41:53 cent7.mylab.io systemd[1]: Started MariaDB database server.Download and install policyd rpm package:
wget https://download.policyd.org/v2.0.14/cluebringer-2.0.14-1.noarch.rpm
sudo yum localinstall cluebringer-2.0.14-1.noarch.rpm
Resolve all dependencies and install the policyd package on CentOS 7:
Dependencies Resolved
....
Transaction Summary
======================================================================================================================================================================================================
Install 1 Package (+21 Dependent packages)
Total size: 26 M
Total download size: 26 M
Installed size: 35 M
Is this ok [y/d/N]: yDownload cbpolicy source files for setting up db:
cd ~/
wget https://download.policyd.org/v2.0.14/cluebringer-v2.0.14.zip
unzip cluebringer-v2.0.14.zip
cd cluebringer-v2.0*/
cd database
In database/ run the following:
for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql
do
./convert-tsql mysql $i
done > policyd.sqlChange character set:
sed -i 's/TYPE=InnoDB CHARACTER SET latin1 COLLATE latin1_bin//' policyd.sqlNow Create policyd database
mysqladmin -u root -p create policydLoad policyd.mysql into your database, in this case MySQL:
$ mysql -u root -p
MariaDB [(none)]> use policyd;
Database changed
MariaDB [policyd]> source policyd.sql;
MariaDB [policyd]> \q
Bye
Configure cbpolicyd database:
$ sudo vim /etc/policyd/cluebringer.conf
[database]
DSN=DBI:mysql:database=policyd;host=localhost
Username=root
Password=DBPasswordTo setup cbpolicy UI,install the webui/* into your apache directory, check out includes/config.php and adjust the database details.
Setup Postfix to use cbpolicyd.
Add the following Postfix config setting in BOTH smtpd_recipient_restrictions and smtpd_end_of_data_restrictions:
check_policy_service inet:127.0.0.1:10031It’s recommended to add these parameters first, i.e.:
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks, ..., ...
Reference:
I also made Postfix administration cheat sheet which you can read from the link provided here.
