Last active
November 15, 2021 22:30
-
-
Save dbrownidau/a4c67996001e0129c209d03f9547186d to your computer and use it in GitHub Desktop.
Policyd installation (debian 10, postgresql, postfix)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Debain 10, postgresql, postfix | |
| # This servers as a lose lazy refernce, not a turnkey runscript. | |
| # See: https://wiki.policyd.org/installing | |
| # requirements | |
| apt install libnet-server-perl libnet-cidr-perl libnet-dns-perl libmail-spf-perl libtimedate-perl libdbi-perl libdbd-pg-perl | |
| # Use 2.1.x snapshot | |
| wget https://download.policyd.org/v2.1.x-201310261831/cluebringer-v2.1.x-201310261831.tar.gz | |
| tar xvf cluebringer-v2.1.x-201310261831.tar.gz | |
| # postgres db setup | |
| sudo -u postgres psql | |
| create user policyd; | |
| \password | |
| create database policyd owner policyd; | |
| cd cluebringer-v2.1.x-201310261831/ | |
| cd database | |
| for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql; do ./convert-tsql pgsql $i; done > policyd.sql | |
| #removed #comments from sql script | |
| sed '/^#/ d' policyd.sql > cleaned.sql | |
| psql -h 127.0.0.1 -U policyd -W policyd < cleaned.sql | |
| cd .. | |
| # policyd2.1 expects the config to be in /etc/cbpolicyd/ | |
| cp cluebringer.conf /etc/cbpolicyd/ | |
| mkdir /usr/local/lib/cbpolicyd-2.1 | |
| cp -r cbp /usr/local/lib/cbpolicyd-2.1/ | |
| cp -r awitpt/awitpt /usr/local/lib/cbpolicyd-2.1/ | |
| cp cbpadmin /usr/local/bin/ | |
| cp cbpolicyd /usr/local/sbin/ | |
| mkdir /var/log/cbpolicyd | |
| mkdir /var/run/cbpolicyd | |
| useradd -r -s /usr/sbin/nologin cbpolicyd #probably don't run as root, yeah | |
| chown cbpolicyd.cbpolicyd /var/log/cbpolicyd /var/run/cbpolicyd | |
| # Here's my nice systemd script just for you | |
| echo "[Unit] | |
| Description=Policyd | |
| After=network.target | |
| After=syslog.target | |
| After=postgresql.service | |
| Before=postfix.service | |
| Requires=postgresql.service | |
| [Install] | |
| WantedBy=multi-user.target | |
| [Service] | |
| User=cbpolicyd | |
| Group=cbpolicyd | |
| Type=forking | |
| ExecStart=/usr/local/sbin/cbpolicyd | |
| Restart=on-failure | |
| TimeoutSec=60 | |
| Restart=always" > /etc/systemd/system/policyd.service | |
| # | |
| # You need to edit /etc/cbpolicyd/cluebringer.conf and uncomment many/most of the directives now. | |
| # enabled logging and chech /var/log/cbpolicyd/cbpolicyd.log for errors. | |
| # | |
| # Also you should reference https://wiki.policyd.org/installing for the webui | |
| # it's basically a wordpress installation for comparison. Follow the bouncing ball | |
| # | |
| # Oh, also add | |
| # smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, permit_mynetworks... etc | |
| # smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 | |
| # to your postfix main.cf | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment