This is an old revision of the document!


[server]

List of protocols to load, one per line:

protocols=<<EOT
Postfix
Bizanga
EOT

List of modules to load, one per line:

modules=<<EOT
Core
AccessControl
Accounting
Amavis
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

User to become after starting up:

user=root

Group to become after starting up:

group=admins

Filename to store pid of parent process:

#pid_file=/var/run/policyd/policyd.pid

Filename to store cache:

cache_file=/var/run/cbpolicyd/cache

Prevent cbpolicyd from going into the background:

background=no
  • min_server - Minimum servers to keep around
  • min_spare_servers - Minimum spare servers to keep around ready to handle requests
  • max_spare_servers - Maximum spare servers to have around doing nothing
  • max_servers - Maximum servers alltogether
  • max_requests - Maximum number of requests each child will serve

One may want to use the following as a rough guidelineā€¦

  • Small mailserver: 2, 2, 4, 10, 1000
  • Medium mailserver: 4, 4, 12, 25, 1000
  • Large mailserver: 8, 8, 16, 64, 1000
min_servers=4
min_spare_servers=4
max_spare_servers=12
max_servers=25
max_requests=1000

Specify the level of logging to use when policyd is running:

log_level=2

Logging levels:

  • 0 - Errors only
  • 1 - Warnings and errors
  • 2 - Notices, warnings, errors
  • 3 - Info, notices, warnings, errors
  • 4 - Debugging

File to log to instead of STDOUT:

log_file=/var/log/cbpolicyd.log

Log destination for mail logs:

  • main - Default. Log to policyd's main log mechanism, accepts NO args
  • syslog - log mail via syslog
  • log_mail=facility@method,args

Valid methods for syslog:

  • native - Let Sys::Syslog decide
  • unix - Unix socket
  • udp - UDP socket
  • stream - Stream (for Solaris)

Example: unix native

log_mail=mail@syslog:native

Example: unix socket

log_mail=mail@syslog:unix

Example: udp

log_mail=mail@syslog:udp,127.0.0.1

Example: Solaris

log_mail=local0@syslog:stream,/dev/log

Default:

log_mail=maillog

Things to log in extreme detail:

  • modules - Log detailed module running information
  • tracking - Log detailed tracking information
  • policies - Log policy resolution
  • protocols - Log general protocol info, but detailed
  • bizanga - Log the bizanga protocol
  • cache - Log cache usage on client shutdown

There is no default for this configuration option. Options can be separated by commas:

log_detail=modules,tracking,policies,protocols

Protocol to use "tcp" or "unix", defaults to "tcp":

proto=tcp

IP to listen on, * for all. Blank for unix sockets. Defaults to *:

host=*

Port to run on, in the case of a unix socket it would be the path. Defaults to 10031:

port=10031
port=/var/run/cbpolicyd/policyd.sock

Time out in communication with clients:

  • Idle timeout in postfix defaults to 1015s (active connection)
  • timeout_idle=1015
  • Busy sockets in postfix defaults to 100s
  • timeout_busy=115

Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny otherwise the client connection will be closed.

cidr_allow=0.0.0.0/0
cidr_deny=

[database]

Database access details:

#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:database=policyd;host=localhost
#Username=root
#Password=

What to do when there is a database connection problem:

# tempfail - Return temporary failure
# pass - Return success
bypass_mode=tempfail

How many seconds before retrying a DB connection:

bypass_timeout=30

Table prefix to use, be sure to generate the schema with the table prefix aswell!

#table_prefix=example

Module enabling/disabling

The defaults are listed below.

Access Control module:

[AccessControl]
enable=1

Accounting module:

[Accounting]
enable=1

Amavis module:

[Amavis]
enable=0 # Disabled by default

CheckHelo module:

[CheckHelo]
enable=1

CheckSPF module:

[CheckSPF]
enable=1

Greylisting module:

[Greylisting]
enable=1
#training_mode=1
#defer_message=Greylisting in effect, please come back later
#blacklist_message=Greylisting in effect, sending server blacklisted

Quotas module:

[Quotas]
enable=1