cluebringer.conf

List of protocols to load, one per line:

protocols=<<EOT
Postfix
Bizanga
EOT

List of modules to load, one per line:

modules=<<EOT
Core
AccessControl
Accounting
Amavis
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

User to become after starting up:

user=root

Group to become after starting up:

group=admins

Filename to store pid of parent process:

#pid_file=/var/run/policyd/policyd.pid

Filename to store cache:

cache_file=/var/run/cbpolicyd/cache

Prevent cbpolicyd from going into the background:

background=no

• min_server - Minimum servers to keep around
• min_spare_servers - Minimum spare servers to keep around ready to handle requests
• max_spare_servers - Maximum spare servers to have around doing nothing
• max_servers - Maximum servers alltogether
• max_requests - Maximum number of requests each child will serve

One may want to use the following as a rough guideline…

• Small mailserver: 2, 2, 4, 10, 1000
• Medium mailserver: 4, 4, 12, 25, 1000
• Large mailserver: 8, 8, 16, 64, 1000

min_servers=4
min_spare_servers=4
max_spare_servers=12
max_servers=25
max_requests=1000

Specify the level of logging to use when policyd is running:

log_level=2

Logging levels:

• 0 - Errors only
• 1 - Warnings and errors
• 2 - Notices, warnings, errors
• 3 - Info, notices, warnings, errors
• 4 - Debugging

File to log to instead of STDOUT:

log_file=/var/log/cbpolicyd.log

Log destination for mail logs:

• main - Default. Log to policyd's main log mechanism, accepts NO args
• syslog - log mail via syslog

• log_mail=facility@method,args

Valid methods for syslog:

• native - Let Sys::Syslog decide
• unix - Unix socket
• udp - UDP socket
• stream - Stream (for Solaris)

Example: unix native

log_mail=mail@syslog:native

Example: unix socket

log_mail=mail@syslog:unix

Example: udp

log_mail=mail@syslog:udp,127.0.0.1

Example: Solaris

log_mail=local0@syslog:stream,/dev/log

Default:

log_mail=maillog

Things to log in extreme detail:

• modules - Log detailed module running information
• tracking - Log detailed tracking information
• policies - Log policy resolution
• protocols - Log general protocol info, but detailed
• bizanga - Log the bizanga protocol
• cache - Log cache usage on client shutdown

There is no default for this configuration option. Options can be separated by commas:

log_detail=modules,tracking,policies,protocols

Protocol to use "tcp" or "unix", defaults to "tcp":

proto=tcp

IP to listen on, * for all. Blank for unix sockets. Defaults to *:

host=*

Port to run on, in the case of a unix socket it would be the path. Defaults to 10031:

port=10031
port=/var/run/cbpolicyd/policyd.sock

Time out in communication with clients:

• Idle timeout in postfix defaults to 1015s (active connection)

• timeout_idle=1015

• Busy sockets in postfix defaults to 100s

• timeout_busy=115

Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny otherwise the client connection will be closed.

cidr_allow=0.0.0.0/0
cidr_deny=

Database access details:

#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:database=policyd;host=localhost
#Username=root
#Password=

What to do when there is a database connection problem:

# tempfail - Return temporary failure
# pass - Return success
bypass_mode=tempfail

How many seconds before retrying a DB connection:

bypass_timeout=30

Table prefix to use, be sure to generate the schema with the table prefix aswell!

#table_prefix=example

The defaults are listed below.

Access Control module:

[AccessControl]
enable=1

Accounting module:

[Accounting]
enable=1

Amavis module:

[Amavis]
enable=0 # Disabled by default

CheckHelo module:

[CheckHelo]
enable=1

CheckSPF module:

[CheckSPF]
enable=1

Greylisting module:

[Greylisting]
enable=1
#training_mode=1
#defer_message=Greylisting in effect, please come back later
#blacklist_message=Greylisting in effect, sending server blacklisted

Quotas module:

[Quotas]
enable=1