elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/migrations/cluebringer.to.iredapd.md

5.9 KiB
Raw Permalink Blame History

Migrate from Cluebringer to iRedAPD

[TOC]

Summary

iRedMail-0.9.3 and later releases drop Cluebringer, and replace it by iRedAPD, because:

  • Cluebringer is not under active development anymore.
  • No new Cluebringer release since 2013 (the latest stable release doesn't support IPv6).
  • Cluebringer is not available in Debian (jessie) official repositories anymore, developers didn't bring it back.

Not all Cluebringer features are implemented in iRedAPD, but the most important 2 features have been implemented:

  • throttling
  • greylisting

If you need other Cluebringer features, please stay with Cluebringer and let us know which features you need, so that we can implement it in future release of iRedAPD.

Migrate to iRedAPD

Upgrade iRedAPD to 1.7.0 or later releases

Please Make sure you're running iRedAPD-1.7.0 or later release, you can check the version number with command below:

grep '__version__' /opt/iredapd/libs/__init__.py

If you're not running iRedAPD-1.7.0 or later release, please follow our tutorial to upgrade it: Upgrade iRedAPD.

Migrate Cluebringer to iRedAPD

iRedAPD-1.7.0 and later release ship two scripts to migrate greylisting and throttling settings from Cluebringer:

  • /opt/iredapd/tools/migrate_cluebringer_greylisting.py: used to migrate greylisting settings.
  • /opt/iredapd/tools/migrate_cluebringer_throttle.py: used to migrate throttling settings.

Please open above two files, update below parameters with correct SQL server address, port, database name, username and password for your existing Cluebringer database. You can find them in files below:

  • On RHEL/CentOS, it's /etc/policyd/cluebringer.conf.
  • Debian/Ubuntu: it's /etc/cluebringer/cluebringer.conf.
  • FreeBSD: it's /usr/local/etc/cluebringer.conf.
  • OpenBSD: Not applicable, cluebringer is not available on OpenBSD.
cluebringer_db_host = '127.0.0.1'
cluebringer_db_port = 3306
cluebringer_db_name = 'cluebringer'
cluebringer_db_user = 'root'
cluebringer_db_password = ''

Then run below commands to migrate greylisting and throttling settings:

# cd /opt/iredapd/tools/
# python migrate_cluebringer_greylisting.py
# python migrate_cluebringer_throttle.py

That's it.

After migration

Enable required plugins, remove old plugins

Restarting iRedAPD service is required if you changed its config file.

  • To enable whitelists, blacklists, greylisting and throttling offered by iRedAPD, please enable plugins amavisd_wblist, greylisting and throttle in iRedAPD config file like below:
# File: /opt/iredapd/settings.py

plugins = [..., 'amavisd_wblist', 'greylisting', 'throttle']

The order of plugin names doesn't matter.

  • Several plugins in old iRedAPD have been removed, you should remove them from parameter plugins = in iRedAPD config file:

    • ldap_amavisd_block_blacklisted_senders
    • ldap_recipient_restrictions
    • sql_user_restrictions
    • amavisd_message_size_limit

    First 3 plugins are replaced by amavisd_wblist, last one is replaced by plugin throttle.

Disable Cluebringer in Postfix

After migrated to iRedAPD, we need to update Postfix config file /etc/postfix/main.cf (Linux) or /usr/local/etc/postfix/main.cf (FreeBSD) to remove Cluebringer settings:

  • Remove all check_policy_service inet:127.0.0.1:10031 in main.cf, like below:
smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:10031       # <- Remove this line
    ...

smtpd_end_of_data_restrictions =
    ...
    check_policy_service inet:127.0.0.1:10031       # <- Remove this line
    ...

Enable iRedAPD in Postfix

Make sure iRedAPD are enabled in BOTH smtpd_recipient_restrictions and smtpd_end_of_data_restrictions like below:

smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    ...

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

!!! note

If you have additional IP addresses/networks listed in Postfix setting
"mynetworks =", you have to list them all in iRedAPD config file
(`/opt/iredapd/settings.py`) too, like below:

```MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]```

Restart Postfix service

Reloading or restarting Postfix service is required after changed main.cf.

  • On Linux/FreeBSD:
# service postfix restart
  • On OpenBSD:
# /etc/rc.d/postfix restart

Stop Cluebringer service, and remove Cluebringer packages

We don't need Cluebringer anymore, so it's ok to stop cluebringer service and remove the packages:

  • On RHEL/CentOS:
# service cbpolicyd stop && yum remove cluebringer
  • On Debian/Ubuntu:
# service postfix-cluebringer stop && apt-get remove --purge postfix-cluebringer
  • On FreeBSD:
# service policyd2 stop && cd /usr/ports/mail/policyd2/ && make deinstall

  • Edit root user's cron job, remove the one used to clean up Cluebringer SQL database:

    1. Run command to edit root user's cron job: # crontab -e -u root
    2. Find cron job like below, remove it or comment out it:
3   3   *   *   *   /usr/sbin/cbpadmin --config=/etc/policyd/cluebringer.conf --cleanup >/dev/null
  • Optionally, you can drop its SQL database cluebringer also.

Disable Cluebringer in iRedAdmin-Pro

To disable Cluebringer integration in iRedAdmin-Pro, please set policyd_enabled = False in iRedAdmin-Pro config file, then restart Apache or uwsgi (if you're running Nginx) service.

After you have upgraded to the latest iRedAdmin-Pro release (at least iRedAdmin-Pro-LDAP-2.4.0, or iRedAdmin-Pro-SQL-2.2.0, both released on Dec 14, 2015), you can either COMMENT OUT or REMOVE all parameters which start with policyd_ in iRedAdmin-Pro config file, for example:

policyd_enabled =
policyd_db_host =
policyd_db_port =
policyd_db_name =
policyd_db_user =
policyd_db_password =