summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-12-09 08:11:16 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:17 +0200
commit7c089f71667a1a14cc508772ca289d4d1d2edd27 (patch)
tree2858164a1015603ebb8f2478b920e84a7dd62dd6 /roles/IMAP/tasks
parent185cf14065554038820c696e7d35f47017b43783 (diff)
Configure the content filter.
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new. Each user has his/her amavis preferences, and own Bayes filter (to maximize privacy). One question remains, though: how to set spamassassin's trusted_networks / internal_networks / msa_networks? It seems not obivious to get it write with IPSec and dynamic IPs. (Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
Diffstat (limited to 'roles/IMAP/tasks')
-rw-r--r--roles/IMAP/tasks/amavis.yml56
-rw-r--r--roles/IMAP/tasks/main.yml2
-rw-r--r--roles/IMAP/tasks/spam.yml51
3 files changed, 109 insertions, 0 deletions
diff --git a/roles/IMAP/tasks/amavis.yml b/roles/IMAP/tasks/amavis.yml
new file mode 100644
index 0000000..6f47328
--- /dev/null
+++ b/roles/IMAP/tasks/amavis.yml
@@ -0,0 +1,56 @@
+- name: Install amavis and its decoders
+ apt: pkg={{ item }}
+ with_items:
+ - amavisd-new
+ - libnet-ldap-perl
+ - libauthen-sasl-perl
+ - gzip
+ - bzip2
+ - xz-utils
+ - lzop
+ - rpm2cpio
+ - pax
+ - binutils
+ - p7zip-full
+ - unrar-free
+ - arj
+ - nomarch
+ - zoo
+ - ripole
+ - cabextract
+ - unar
+ - tnef
+ notify:
+ - Restart Amavis
+
+- name: Add 'clamav' to the group 'amavis'
+ user: name=clamav groups=amavis append=yes
+ register: r1
+ notify:
+ - Restart ClamAV
+ - Restart Amavis
+
+- name: Configure Amavis (1)
+ copy: src=etc/amavis/conf.d/05-domain_id
+ dest=/etc/amavis/conf.d/05-domain_id
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart Amavis
+
+- name: Configure Amavis (2)
+ template: src=etc/amavis/conf.d/{{ item }}.j2
+ dest=/etc/amavis/conf.d/{{ item }}
+ owner=root group=root
+ mode=0644
+ register: r3
+ with_items:
+ - 15-content_filter_mode
+ - 50-user
+ notify:
+ - Restart Amavis
+
+- name: Start Amavis
+ service: name=amavis state=started
+ when: not (r1.changed or r2.changed or r3.changed)
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index df21dd2..b43f9fb 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -1,3 +1,5 @@
---
- include: imap.yml tags=imap,dovecot
- include: mda.yml tags=mda,mail,postfix
+- include: amavis.yml tags=amavis
+- include: spam.yml tags=spam,spamassassin
diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml
new file mode 100644
index 0000000..d326656
--- /dev/null
+++ b/roles/IMAP/tasks/spam.yml
@@ -0,0 +1,51 @@
+- name: Install spamassassin
+ apt: pkg={{ item }}
+ with_items:
+ - razor
+ - spamassassin
+ - spamc
+ - libdbi-perl
+ notify:
+ - Restart Amavis
+
+- name: Create a 'spamassassin' database
+ mysql_db: name=spamassassin state=present
+ encoding=latin1 collation=latin1_general_ci
+ notify:
+ - Copy SQL tables for spamassassin
+ - Create SQL tables for spamassassin
+
+- meta: flush_handlers
+
+- name: Copy SpamAssassin's configuration
+ copy: src=etc/{{ item }}
+ dest=/etc/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ - spamassassin/local.cf
+ - spamassassin/v310.pre
+ notify:
+ - Restart Amavis
+
+- name: Ensure SpamAssassin is not auto-started at boot time
+ lineinfile: dest=/etc/default/spamassassin
+ regexp='^(\s*#)?\s*ENABLED='
+ line='ENABLED=0'
+ owner=root group=root
+ mode=0644
+
+- name: Create a 'amavis' SQL user
+ # This *must* be the user we run spamd as
+ # See https://svn.apache.org/repos/asf/spamassassin/trunk/sql/README.bayes
+ mysql_user: >
+ name=amavis auth_plugin=auth_socket
+ priv="spamassassin.awl: SELECT,INSERT,UPDATE,DELETE
+ /spamassassin.bayes_seen: SELECT,INSERT, DELETE
+ /spamassassin.bayes_token: SELECT,INSERT,UPDATE,DELETE
+ /spamassassin.bayes_global_vars: SELECT
+ /spamassassin.bayes_vars: SELECT,INSERT,UPDATE,DELETE
+ /spamassassin.bayes_expire: SELECT,INSERT, DELETE"
+ state=present
+ notify:
+ - Restart Amavis