summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-14 23:26:10 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:33 +0200
commitd87fefa9d38e6b8c99eafa16ea75dc8c879c41df (patch)
tree381285e5a22776de2c3683f6776f1be814760ca1
parentb5894c224ea973e8d80f249b4f82e9c381fbac6b (diff)
Upgrade amavis config to Jessie.
-rw-r--r--roles/amavis/tasks/main.yml9
-rw-r--r--roles/amavis/templates/etc/amavis/conf.d/50-user.j210
-rw-r--r--roles/common/files/etc/logcheck/ignore.d.server/postfix-local2
-rw-r--r--roles/common/files/etc/postfix/master.cf2
4 files changed, 15 insertions, 8 deletions
diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml
index da1f86a..a30772d 100644
--- a/roles/amavis/tasks/main.yml
+++ b/roles/amavis/tasks/main.yml
@@ -2,6 +2,7 @@
apt: pkg={{ item }}
with_items:
- amavisd-new
+ - libnet-ldap-perl
# Mail::DKIM
- libmail-dkim-perl
- gzip
@@ -25,11 +26,17 @@
- name: Add 'clamav' to the group 'amavis'
user: name=clamav groups=amavis append=yes
- register: r1
notify:
- Restart ClamAV
- Restart Amavis
+- name: Set AllowSupplementaryGroups=true
+ lineinfile: "dest=/etc/clamav/clamd.conf
+ regexp='^AllowSupplementaryGroups\\s'
+ line='AllowSupplementaryGroups true'"
+ notify:
+ - Restart ClamAV
+
- name: Create directory /var/lib/dkim
file: path=/var/lib/dkim
state=directory
diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
index ae2031b..92805b8 100644
--- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
+++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
@@ -156,7 +156,7 @@ $policy_bank{'OUTGOING'} = {
quarantine_method_by_ccat => { &CC_VIRUS => [$virus_quarantine_method], &CC_UNCHECKED => undef, &CC_CLEAN => undef },
admin_maps_by_ccat => { &CC_VIRUS => ["postmaster\@$mydomain"], &CC_UNCHECKED => undef },
lovers_maps_by_ccat => { &CC_VIRUS => undef, &CC_UNCHECKED => 1 },
- final_destiny_by_ccat => { &CC_VIRUS => D_DISCARD, &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS },
+ final_destiny_maps_by_ccat => { &CC_VIRUS => D_DISCARD, &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS },
};
$policy_bank{'INCOMING'} = {
@@ -175,12 +175,12 @@ $policy_bank{'INCOMING'} = {
# (Remember to disallow setting amavisSpamQuarantineCutoffLevel and
# amavisVirusQuarantine*To in the LDAP schema.)
# XXX: users might want to quarantine messages and get a notification instead
- quarantine_method_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) },
- admin_maps_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH ) },
+ quarantine_method_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) },
+ admin_maps_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH ) },
# Always deliver messages
- final_destiny_by_ccat => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH) },
- lovers_maps_by_ccat => { map {$_ => 1 } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) },
+ final_destiny_maps_by_ccat => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH) },
+ lovers_maps_by_ccat => { map {$_ => 1 } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) },
};
#------------ Do not modify anything below this line -------------
diff --git a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
index d85979a..c43b315 100644
--- a/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
+++ b/roles/common/files/etc/logcheck/ignore.d.server/postfix-local
@@ -84,7 +84,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-mx/tlsproxy\[[[:digit:]]+\]: (CONNECT from|DISCONNECT) \[[[:xdigit:].:]{3,39}\]:[[:digit:]]+$
#
# Amavis
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|UNCHECKED) {RelayedOutbound}, OUTGOING LOCAL \[(IPv6:)?[[:xdigit:].:]{3,39}\]:[[:digit:]]+( \[[[:xdigit:].:]{3,39}\])? <[^>]*> -> <[^>]*>(,<[^>]*>)*,( Queue-ID: [[:xdigit:]]+,)?( Message-ID: <[^>]+>,)? mail_id: [_-+[:alnum:]]+, Hits: -, size: [[:digit:]]+, queued_as: [[:xdigit:]]+, dkim_new=[-.:[:alnum:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|UNCHECKED(-[A-Z]+)?) {RelayedOutbound}, OUTGOING LOCAL \[(IPv6:)?[[:xdigit:].:]{3,39}\]:[[:digit:]]+( \[[[:xdigit:].:]{3,39}\])? <[^>]*> -> <[^>]*>(,<[^>]*>)*,( Queue-ID: [[:xdigit:]]+,)?( Message-ID: <[^>]+>,)? mail_id: [_-+[:alnum:]]+, Hits: -, size: [[:digit:]]+, queued_as: [[:xdigit:]]+, dkim_new=[-.:[:alnum:]]+, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|UNCHECKED) {RelayedOutbound}, OUTGOING LOCAL \[(IPv6:)?[[:xdigit:].:]{3,39}\]:[[:digit:]]+( \[[[:xdigit:].:]{3,39}\])? <[^>]*> -> <[^>]*>(,<[^>]*>)*,<[^>]*\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) \.\.\.[^>]*>(,<[^>]*>)*,( Queue-ID: [[:xdigit:]]+,)?( Message-ID: <[^>]+>,)? mail_id: [_-+[:alnum:]]+, Hits: -, size: [[:digit:]]+, queued_as: [[:xdigit:]]+, dkim_new=[-.:[:alnum:]]+, [[:digit:]]+ ms$
# SMTP client connection caching was introduced in 2.6.0; the SMTP session is held for the next task, and is terminated by Postfix if the next mail comes soon enough
diff --git a/roles/common/files/etc/postfix/master.cf b/roles/common/files/etc/postfix/master.cf
index 5fb91a5..dd5dfe8 100644
--- a/roles/common/files/etc/postfix/master.cf
+++ b/roles/common/files/etc/postfix/master.cf
@@ -66,7 +66,7 @@ amavisfeed unix - - n - 5 lmtp
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_relay_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=