Differences

This shows you the differences between two versions of the page.

--- cluebringer.conf [2012-06-07 12:17] – randerson
+++ cluebringer.conf [2013-12-06 09:17] – Change colon to full stop rspencer
@@ Line 1: / Line 1: @@
-=====[server]=====
+====== [server] ======
-====protocols====
+===== protocols =====
-List of protocols to load, one per line. ie:
-<code>protocols=<<EOT
+List of protocols to load, one per line:
+<code>
+protocols=<<EOT
 Postfix
 Bizanga
-EOT</code>
+EOT
+</code>
-====modules====
+===== modules =====
-List of modules to load, one per line. ie:
-<code>modules=<<EOT
+List of modules to load, one per line:
+<code>
+modules=<<EOT
 Core
 AccessControl
@@ Line 19: / Line 26: @@
 Greylisting
 Quotas
-EOT</code>
+EOT
+</code>
+===== user =====
+User to become after starting up:
+<code>
+user=root
+</code>
+===== group =====
+Group to become after starting up:
+<code>
+group=admins
+</code>
+===== pid_file =====
+Filename to store pid of parent process:
+<code>
+#pid_file=/var/run/policyd/policyd.pid
+</code>
+===== cache_file =====
+Filename to store cache:
+<code>
+cache_file=/var/run/cbpolicyd/cache
+</code>
+===== background =====
+Prevent cbpolicyd from going into the background:
+<code>
+background=no
+</code>
+===== Preforking configuration =====
+  * min_server            - Minimum servers to keep around
+  * min_spare_servers     - Minimum spare servers to keep around ready to handle requests
+  * max_spare_servers     - Maximum spare servers to have around doing nothing
+  * max_servers           - Maximum servers alltogether
+  * max_requests          - Maximum number of requests each child will serve
+One may want to use the following as a rough guideline...
+  * Small mailserver:  2, 2, 4, 10, 1000
+  * Medium mailserver: 4, 4, 12, 25, 1000
+  * Large mailserver: 8, 8, 16, 64, 1000
+<code>
+min_servers=4
+min_spare_servers=4
+max_spare_servers=12
+max_servers=25
+max_requests=1000
+</code>
+===== log_level =====
+Specify the level of logging to use when policyd is running:
+<code>
+log_level=2
+</code>
+Logging levels:
+  * 0 - Errors only
+  * 1 - Warnings and errors
+  * 2 - Notices, warnings, errors
+  * 3 - Info, notices, warnings, errors
+  * 4 - Debugging
+===== log_file =====
+File to log to instead of STDOUT:
+<code>
+log_file=/var/log/cbpolicyd.log
+</code>
+===== Log destination and methods =====
+Log destination for mail logs:
+  * main          - Default. Log to policyd's main log mechanism, accepts NO args
+  * syslog        - log mail via syslog
+  * <code>log_mail=facility@method,args</code>
+Valid methods for syslog:
+  * native        - Let Sys::Syslog decide
+  * unix          - Unix socket
+  * udp           - UDP socket
+  * stream        - Stream (for Solaris)
+Example: unix native
+<code>
+log_mail=mail@syslog:native
+</code>
+Example: unix socket
+<code>
+log_mail=mail@syslog:unix
+</code>
+Example: udp
+<code>
+log_mail=mail@syslog:udp,127.0.0.1
+</code>
+Example: Solaris
+<code>
+log_mail=local0@syslog:stream,/dev/log
+</code>
+Default:
+<code>
+log_mail=maillog
+</code>
+===== log_detail =====
+Things to log in extreme detail:
+  * modules       - Log detailed module running information
+  * tracking      - Log detailed tracking information
+  * policies      - Log policy resolution
+  * protocols     - Log general protocol info, but detailed
+  * bizanga       - Log the bizanga protocol
+  * cache         - Log cache usage on client shutdown
+There is no default for this configuration option. Options can be
+separated by commas:
+<code>
+log_detail=modules,tracking,policies,protocols
+</code>
+===== proto =====
+Protocol to use "tcp" or "unix", defaults to "tcp":
+<code>
+proto=tcp
+</code>
+===== host =====
+IP to listen on, * for all. Blank for unix sockets. Defaults to *:
+<code>
+host=*
+</code>
+===== port =====
+Port to run on, in the case of a unix socket it would be the path. Defaults to 10031:
+<code>
+port=10031
+port=/var/run/cbpolicyd/policyd.sock
+</code>
+===== timeout_idle =====
+Time out in communication with clients:
+  * Idle timeout in postfix defaults to 1015s (active connection)
+  *<code>timeout_idle=1015</code>
+  * Busy sockets in postfix defaults to 100s
+  *<code>timeout_busy=115</code>
+===== cidr_allow/cidr_deny =====
+Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny otherwise the client connection will be closed.
+<code>
+cidr_allow=0.0.0.0/0
+cidr_deny=
+</code>
+====== [database] ======
+===== DSN =====
+Database access details:
+<code>
+#DSN=DBI:SQLite:dbname=policyd.sqlite
+DSN=DBI:mysql:database=policyd;host=localhost
+#Username=root
+#Password=
+</code>
+===== bypass_mode =====
+What to do when there is a database connection problem:
+<code>
+# tempfail - Return temporary failure
+# pass - Return success
+bypass_mode=tempfail
+</code>
+===== bypass_timeout =====
+How many seconds before retrying a DB connection:
+<code>
+bypass_timeout=30
+</code>
+===== table_prefix =====
+Table prefix to use, be sure to generate the schema with the table prefix aswell!
+<code>
+#table_prefix=example
+</code>
+====== Module enabling/disabling ======
+The defaults are listed below.
+Access Control module:
+<code>
+[AccessControl]
+enable=1
+</code>
+Accounting module:
+<code>
+[Accounting]
+enable=1
+</code>
+Amavis module:
+<code>
+[Amavis]
+enable=0 # Disabled by default
+</code>
+CheckHelo module:
+<code>
+[CheckHelo]
+enable=1
+</code>
+CheckSPF module:
+<code>
+[CheckSPF]
+enable=1
+</code>
+Greylisting module:
-====user====
+<code>
-User to become after starting up. ie:
+[Greylisting]
-<code>user=root</code>
+enable=1
+#training_mode=1
+#defer_message=Greylisting in effect, please come back later
+#blacklist_message=Greylisting in effect, sending server blacklisted
+</code>
-====group====
+Quotas module:
-Group to become after starting up. ie:
-<code>group=admins</code>
-====pid_file====
+<code>
-Filename to store pid of parent process. ie:
+[Quotas]
-<code>#pid_file=/var/run/policyd/policyd.pid</code>
+enable=1
+</code>