I have searched for a couple of days but still not able to find the answer. I installed cluebringer from apt-get (debian wheezy) on my production web server. It all appears to work except I see no outgoing messages in session_tracking database and also see no entries at all in quotas_limits. It appears nothing is being tracked when it goes out. My quotas table has the following entry: | ID | PolicyID | Name | Track | Period | Verdict | Data | Comment | Disabled | +----+----------+-------------------+-----------------------+--------+---------+------+---------+----------+ | 4 | 2 | Limit Outgoing | Sender:user@domain | 3600 | REJECT | NULL | NULL | 0 | select * from quotas_limits where QuotasID = 4; +----+----------+--------------+--------------+---------+----------+ | ID | QuotasID | Type | CounterLimit | Comment | Disabled | +----+----------+--------------+--------------+---------+----------+ | 6 | 4 | MessageCount | 600 | | 0 | +----+----------+--------------+--------------+---------+----------+ I have all domains, private IP and public IP of the servers listed in policy_group_members. I did use the @domainname format for the domain entries. Any clues? Till, in all your "spare" time, a tutorial on this would be excellent. I'd be happy to help with a rough draft since I just did the install. Thanks, Rod
Do you see messages in the mail.log from cluebringer? Yes, that would be nice. I have a draft of a guide here that I used for a few installs but it installs cluebringer manually from source and is not 100% consistent in the directory and user naming scheme yet (cluebringer vs. policyd).
No, nothing. 'grep clue mail.log.1' returns nothing (I also did it on mail.log. Now, I see something in quotas_tracking. However, it is very little from what I expected (6 rows on a machine that has 128 active users. I'll keep an eye on it. Maybe I was just too impatient. We are building out another machine for a client. When that is built out, I'll install cluebringer and take some decent notes. I'll attach them to this ticket when I do that and you can feel free to use them however you want. It will be ISPConfig3 on Debian Wheezy. Probably early next week. Thanks, Rod
FYI, under Wheezy and Cluebringer, the logs are stored in /var/log/cbpolicyd.log, and it doesn't appear there is a logrotate on it. Create the file cluebringer in /etc/logrotate.d with the following contents (testing now, but I think it will work). /var/log/cbpolicyd.log { daily missingok rotate 15 compress delaycompress notifempty create 640 cluebringer adm sharedscripts postrotate /etc/init.d/postfix-cluebringer restart endscript } If I did that right, it should rotate the logs nightly, keeping 15 logs
cluebringer instructions well, if I did this right, the instructions for installing cluebringer are attached. They are not the quality HowtoForge has, but basically are my notes when I just completed the installation on a new machine. I'll tell this thing to update me if anyone posts a reply to this, so you can use that to clarify anything. Falko, do you wan to turn this into a real HowTo or just leave it as is. I really am not a good documenter, but if you want screen shots and everything, I can tell one of my tech's to do it in her spare time. Rod
Hi, it would be nice if you could attach the instructions to the post or send them to me by email to dev [at] ispconfig [dot] org. I will turn them into a tutorial then.
Sorry, I thought I had attached it. I'll post it inline to make sure it is available. apt-get install postfix-cluebringer postfix-cluebringer-mysql postfix-cluebringer-webui mysql -p create database policyd; grant all on policyd.* to policyd@localhost identified by 'somepassword'; exit cd /tmp cp /usr/share/doc/postfix-cluebringer/database/policyd-db.mysql.gz . gunzip policyd-db.mysql.gz sed 's/TYPE=InnoDB CHARACTER SET latin1 COLLATE latin1_bin//' < policyd-db.mysql > policyd-db.mysql.sql mysql -p policyd < policyd-db.mysql.sql joe /etc/cluebringer/cluebringer.conf Uncomment the line (line 124 in my copy) #DSN=DBI:mysql:database=policyd;host=localhost (modify if you used a different database name) Also, find the block (starts on line 144 in mine) B_Type=_DBC_DBTYPE_ DB_Host=_DBC_DBSERVER_ DB_Port=_DBC_DBPORT_ DB_Name=_DBC_DBNAME_ Username=_DBC_DBUSER_ Password=_DBC_DBPASS_ and fill in all the blanks. Mine looks like this DB_Type=mysql DB_Host= DB_Port=3306 DB_Name=policyd Username=policyd Password=somepassword Save file and exit joe /etc/cluebringer/cluebringer-webui.conf Find the block which reads (about line 11) $DB_DSN="_DBC_DBTYPE_:host=_DBC_DBSERVER_;dbname=_DBC_DBNAME_"; $DB_USER="_DBC_DBUSER_"; $DB_PASS="_DBC_DBPASS_"; and change to $DB_DSN="mysql:host=localhost;dbname=policyd"; $DB_USER="policyd"; $DB_PASS="somepassword"; /etc/init.d/postfix-cluebringer start cluebringer listens on port 10031 by default. Verify cluebringer is running by the following: netstat -pant | grep 10031 it should return the following line (listening on localhost only) tcp 0 0 127.0.0.1:10031 0.0.0.0:* LISTEN 7756/perl Now, add it to Postfix by adding the command 'check_policy_service inet:127.0.0.1:10031' to the lines smtpd_end_of_data_restrictions and smtpd_recipient_restrictions. The first one (smtpd_end_of_data_restrictions) does not exist in a standard ISPConfig install, so simply add that line. smtpd_recipient_restrictions should exist. Simply prepend the restriction to the existing ones, separated by a comma. Do not remove existing, simply place the section in the line. joe /etc/postfix/main.cf smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination OR, issue the following two commands. This assumes you have the exact same postconf file I have postconf -e 'smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031' postconf -e 'smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' Restart postfix and watch syslog to ensure it is working The installer does not build a logrotate script for cbpolicyd.log, so we need to create one: joe /etc/logrotate.d/cluebringer /var/log/cbpolicyd.log { daily missingok rotate 15 compress delaycompress notifempty create 640 cluebringer adm sharedscripts postrotate /etc/init.d/postfix-cluebringer restart endscript } cp -av /usr/share/doc/postfix-cluebringer-webui/examples/httpd/cluebringer-httpd.conf /etc/apache2/conf.d/ By default, cluebringer webui only allows connections from localhost. This is good as it has no security, however, if you have a secure static IP, you can add an allow to the configuration that will let you log in from that machine only. THIS IS A SECURITY RISK. If you don't know what I'm talking about, don't do it. joe /etc/apache2/conf.d/cluebringer-httpd.conf Find line which says Allow from 127.0.0.1 and add a line under it which says Allow from my.secure.ip.address replacing my.secure.ip.address with the IP address of your secure machine. /etc/init.d/apache2 restart Configure cluebringer via webui If you are security concious and left the webui set to only localhost (127.0.0.1), use the following command to get to the web interface: ssh -L localhost:8080:localhost:80 my.web.server Open a web browser to http://localhost:8080/cluebringer You should now configure the cluebringer service. At the very least, you should set up the internal ip's and internal domains
Error Messages in cluebringer install I kept getting the following error message in the cluebring log after installation. I found several mentions of it when searching the net. Use of uninitialized value $email_domain in lc at /usr/lib/postfix-cluebringer/cbp/policies.pm line 476 I figured, what the heck, I know Perl, so I went and looked. It is not initializing array elements if they are null, which is what is causing the problem. Look in /usr/lib/postfix-cluebringer/cbp/policies.pm, about line 475 for the following line, then add the lines between the "modified by RWR" lines. First line is already in the module, as I said, on line 475 in my copy. my ($template_user,$template_domain) = ($template =~ /^(\S*)@(\S+)$/); # modified by RWR $template_domain = '' unless $template_domain; $email_domain = '' unless $email_domain; $email_user = '' unless $email_user; $template_user = '' unless $template_user; # end modification This is sloppy as I did not take the time to see exactly what was going on. Basically, it initializes the four variables to an empty string if they are not defined (actually, if they are anything which evaluates to false, but that is good enough for this). Rod
