cluebringer.conf
[server]
protocols
List of protocols to load, one per line:
protocols=<<EOT Postfix Bizanga EOT
modules
List of modules to load, one per line:
modules=<<EOT Core AccessControl Accounting Amavis CheckHelo CheckSPF Greylisting Quotas EOT
user
User to become after starting up:
user=root
group
Group to become after starting up:
group=admins
pid_file
Filename to store pid of parent process:
#pid_file=/var/run/policyd/policyd.pid
cache_file
Filename to store cache:
cache_file=/var/run/cbpolicyd/cache
background
Prevent cbpolicyd from going into the background:
background=no
Preforking configuration
- min_server - Minimum servers to keep around
- min_spare_servers - Minimum spare servers to keep around ready to handle requests
- max_spare_servers - Maximum spare servers to have around doing nothing
- max_servers - Maximum servers alltogether
- max_requests - Maximum number of requests each child will serve
One may want to use the following as a rough guidelineā¦
- Small mailserver: 2, 2, 4, 10, 1000
- Medium mailserver: 4, 4, 12, 25, 1000
- Large mailserver: 8, 8, 16, 64, 1000
min_servers=4 min_spare_servers=4 max_spare_servers=12 max_servers=25 max_requests=1000
log_level
Specify the level of logging to use when policyd is running:
log_level=2
Logging levels:
- 0 - Errors only
- 1 - Warnings and errors
- 2 - Notices, warnings, errors
- 3 - Info, notices, warnings, errors
- 4 - Debugging
log_file
File to log to instead of STDOUT:
log_file=/var/log/cbpolicyd.log
Log destination and methods
Log destination for mail logs:
- main - Default. Log to policyd's main log mechanism, accepts NO args
- syslog - log mail via syslog
log_mail=facility@method,args
Valid methods for syslog:
- native - Let Sys::Syslog decide
- unix - Unix socket
- udp - UDP socket
- stream - Stream (for Solaris)
Example: unix native
log_mail=mail@syslog:native
Example: unix socket
log_mail=mail@syslog:unix
Example: udp
log_mail=mail@syslog:udp,127.0.0.1
Example: Solaris
log_mail=local0@syslog:stream,/dev/log
Default:
log_mail=maillog
log_detail
Things to log in extreme detail:
- modules - Log detailed module running information
- tracking - Log detailed tracking information
- policies - Log policy resolution
- protocols - Log general protocol info, but detailed
- bizanga - Log the bizanga protocol
- cache - Log cache usage on client shutdown
There is no default for this configuration option. Options can be separated by commas:
log_detail=modules,tracking,policies,protocols
proto
Protocol to use "tcp" or "unix", defaults to "tcp":
proto=tcp
host
IP to listen on, * for all. Blank for unix sockets. Defaults to *:
host=*
port
Port to run on, in the case of a unix socket it would be the path. Defaults to 10031:
port=10031 port=/var/run/cbpolicyd/policyd.sock
timeout_idle
Time out in communication with clients:
- Idle timeout in postfix defaults to 1015s (active connection)
timeout_idle=1015
- Busy sockets in postfix defaults to 100s
timeout_busy=115
cidr_allow/cidr_deny
Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny otherwise the client connection will be closed.
cidr_allow=0.0.0.0/0 cidr_deny=
[database]
DSN
Database access details:
#DSN=DBI:SQLite:dbname=policyd.sqlite DSN=DBI:mysql:database=policyd;host=localhost #Username=root #Password=
bypass_mode
What to do when there is a database connection problem:
# tempfail - Return temporary failure # pass - Return success bypass_mode=tempfail
bypass_timeout
How many seconds before retrying a DB connection:
bypass_timeout=30
table_prefix
Table prefix to use, be sure to generate the schema with the table prefix aswell!
#table_prefix=example
Module enabling/disabling
The defaults are listed below.
Access Control module:
[AccessControl] enable=1
Accounting module:
[Accounting] enable=1
Amavis module:
[Amavis] enable=0 # Disabled by default
CheckHelo module:
[CheckHelo] enable=1
CheckSPF module:
[CheckSPF] enable=1
Greylisting module:
[Greylisting] enable=1 #training_mode=1 #defer_message=Greylisting in effect, please come back later #blacklist_message=Greylisting in effect, sending server blacklisted
Quotas module:
[Quotas] enable=1