spamassassin: list our IPSec subnet in trusted_networks.

author: Guilhem Moulin <guilhem@fripost.org> 2016-05-22 17:57:38 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-05-22 17:59:01 +0200
commit: b536632f32d81dceb11f2b7ebf2ec1a284498901 (patch)
tree: c4a8cbbd68c7985d91ec6b501586049028d2f666 /roles/IMAP
parent: deb4777fb64a8427fa029bcd932a0c58adf203d6 (diff)
3 files changed, 30 insertions, 9 deletions
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index f9b25d1..b26cb10 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -8,9 +8,9 @@
     - mda
     - mail
     - postfix
-# TODO spam filter
+## TODO spam filter
 #- include: spam.yml
-#  tags
+#  tags:
 #    - spam
+#    - amavis
 #    - spamassassin
-#
diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml
index 06624dd..3091b85 100644
--- a/roles/IMAP/tasks/spam.yml
+++ b/roles/IMAP/tasks/spam.yml
@@ -25,22 +25,34 @@
 
 - meta: flush_handlers
 
+
 - name: Copy SpamAssassin's configuration
   copy: src=etc/{{ item }}
         dest=/etc/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
-    - spamassassin/local.cf
     - spamassassin/v310.pre
     - spamassassin/v320.pre
+  register: r1
+  notify:
+    - Restart Amavis
+
+- name: Copy SpamAssassin's configuration (2)
+  template: src=etc/{{ item }}.j2
+            dest=/etc/{{ item }}
+            owner=root group=root
+            mode=0644
+  with_items:
+    - spamassassin/local.cf
+  register: r2
   notify:
     - Restart Amavis
 
 - name: Provision /etc/default/spamassassin
   lineinfile: dest=/etc/default/spamassassin
-              regexp='^(\s*#)?\s*{{ item.var }}='
-              "line={{ item.var }}={{ item.value }}"
+              regexp='^(\\s*#)?\\s*{{ item.var }}\\s*='
+              line='{{ item.var }}={{ item.value }}'
               owner=root group=root
               mode=0644
   with_items:
@@ -59,5 +71,12 @@
            /spamassassin.bayes_vars:        SELECT,INSERT,UPDATE,DELETE
            /spamassassin.bayes_expire:      SELECT,INSERT,       DELETE"
       state=present
+  register: r3
   notify:
     - Restart Amavis
+
+- name: Start Amavis
+  service: name=amavis state=started
+  when: not (r1.changed or r2.changed or r3.changed)
+
+- meta: flush_handlers
diff --git a/roles/IMAP/files/etc/spamassassin/local.cf b/roles/IMAP/templates/etc/spamassassin/local.cf.j2
index 8ae4a4b..edef554 100644
--- a/roles/IMAP/files/etc/spamassassin/local.cf
+++ b/roles/IMAP/templates/etc/spamassassin/local.cf.j2
@@ -21,12 +21,14 @@ report_safe 0
 #   Set which networks or hosts are considered 'trusted' by your mail
 #   server (i.e. not spammers)
 #
-# TODO: Unclear how to do with IPSec and dynamic IPs.
 clear_trusted_networks
-trusted_networks 192.168.122.2 192.168.122.3
+trusted_networks 127.0.0.1/8 {{ ipsec_subnet }} {{ groups.MX | join(' ') }}
 
+# MXes and internal relays should be listed in bouth trusted_networks
+# and clear_internal_networks, cf.
+# https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html
 clear_internal_networks
-internal_networks 192.168.122.2 192.168.122.3
+internal_networks {{ groups.MX | join(' ') }}
 
 
 #   Set file-locking method (flock is not safe over NFS, but is faster)
author	Guilhem Moulin <guilhem@fripost.org>	2016-05-22 17:57:38 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-05-22 17:59:01 +0200
commit	b536632f32d81dceb11f2b7ebf2ec1a284498901 (patch)
tree	c4a8cbbd68c7985d91ec6b501586049028d2f666 /roles/IMAP
parent	deb4777fb64a8427fa029bcd932a0c58adf203d6 (diff)