summaryrefslogtreecommitdiffstats
path: root/roles/IMAP
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-22 17:57:38 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-22 17:59:01 +0200
commitb536632f32d81dceb11f2b7ebf2ec1a284498901 (patch)
treec4a8cbbd68c7985d91ec6b501586049028d2f666 /roles/IMAP
parentdeb4777fb64a8427fa029bcd932a0c58adf203d6 (diff)
spamassassin: list our IPSec subnet in trusted_networks.
Diffstat (limited to 'roles/IMAP')
-rw-r--r--roles/IMAP/tasks/main.yml6
-rw-r--r--roles/IMAP/tasks/spam.yml25
-rw-r--r--roles/IMAP/templates/etc/spamassassin/local.cf.j2 (renamed from roles/IMAP/files/etc/spamassassin/local.cf)8
3 files changed, 30 insertions, 9 deletions
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index f9b25d1..b26cb10 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -8,9 +8,9 @@
- mda
- mail
- postfix
-# TODO spam filter
+## TODO spam filter
#- include: spam.yml
-# tags
+# tags:
# - spam
+# - amavis
# - spamassassin
-#
diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml
index 06624dd..3091b85 100644
--- a/roles/IMAP/tasks/spam.yml
+++ b/roles/IMAP/tasks/spam.yml
@@ -25,22 +25,34 @@
- meta: flush_handlers
+
- name: Copy SpamAssassin's configuration
copy: src=etc/{{ item }}
dest=/etc/{{ item }}
owner=root group=root
mode=0644
with_items:
- - spamassassin/local.cf
- spamassassin/v310.pre
- spamassassin/v320.pre
+ register: r1
+ notify:
+ - Restart Amavis
+
+- name: Copy SpamAssassin's configuration (2)
+ template: src=etc/{{ item }}.j2
+ dest=/etc/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ - spamassassin/local.cf
+ register: r2
notify:
- Restart Amavis
- name: Provision /etc/default/spamassassin
lineinfile: dest=/etc/default/spamassassin
- regexp='^(\s*#)?\s*{{ item.var }}='
- "line={{ item.var }}={{ item.value }}"
+ regexp='^(\\s*#)?\\s*{{ item.var }}\\s*='
+ line='{{ item.var }}={{ item.value }}'
owner=root group=root
mode=0644
with_items:
@@ -59,5 +71,12 @@
/spamassassin.bayes_vars: SELECT,INSERT,UPDATE,DELETE
/spamassassin.bayes_expire: SELECT,INSERT, DELETE"
state=present
+ register: r3
notify:
- Restart Amavis
+
+- name: Start Amavis
+ service: name=amavis state=started
+ when: not (r1.changed or r2.changed or r3.changed)
+
+- meta: flush_handlers
diff --git a/roles/IMAP/files/etc/spamassassin/local.cf b/roles/IMAP/templates/etc/spamassassin/local.cf.j2
index 8ae4a4b..edef554 100644
--- a/roles/IMAP/files/etc/spamassassin/local.cf
+++ b/roles/IMAP/templates/etc/spamassassin/local.cf.j2
@@ -21,12 +21,14 @@ report_safe 0
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
-# TODO: Unclear how to do with IPSec and dynamic IPs.
clear_trusted_networks
-trusted_networks 192.168.122.2 192.168.122.3
+trusted_networks 127.0.0.1/8 {{ ipsec_subnet }} {{ groups.MX | join(' ') }}
+# MXes and internal relays should be listed in bouth trusted_networks
+# and clear_internal_networks, cf.
+# https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html
clear_internal_networks
-internal_networks 192.168.122.2 192.168.122.3
+internal_networks {{ groups.MX | join(' ') }}
# Set file-locking method (flock is not safe over NFS, but is faster)