Upgrade amavis config to Jessie.

author: Guilhem Moulin <guilhem@fripost.org> 2015-05-14 23:26:10 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:53:33 +0200
commit: d87fefa9d38e6b8c99eafa16ea75dc8c879c41df (patch)
tree: 381285e5a22776de2c3683f6776f1be814760ca1 /roles/amavis
parent: b5894c224ea973e8d80f249b4f82e9c381fbac6b (diff)
2 files changed, 13 insertions, 6 deletions
diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml
index da1f86a..a30772d 100644
--- a/roles/amavis/tasks/main.yml
+++ b/roles/amavis/tasks/main.yml
@@ -1,52 +1,59 @@
 - name: Install amavis and its decoders
   apt: pkg={{ item }}
   with_items:
     - amavisd-new
+    - libnet-ldap-perl
     # Mail::DKIM
     - libmail-dkim-perl
     - gzip
     - bzip2
     - xz-utils
     - lzop
     - rpm2cpio
     - pax
     - binutils
     - p7zip-full
     - unrar-free
     - arj
     - nomarch
     - zoo
     - ripole
     - cabextract
     - unar
     - tnef
   notify:
     - Restart Amavis
 
 - name: Add 'clamav' to the group 'amavis'
   user: name=clamav groups=amavis append=yes
-  register: r1
   notify:
     - Restart ClamAV
     - Restart Amavis
 
+- name: Set AllowSupplementaryGroups=true
+  lineinfile: "dest=/etc/clamav/clamd.conf
+               regexp='^AllowSupplementaryGroups\\s'
+               line='AllowSupplementaryGroups true'"
+  notify:
+    - Restart ClamAV
+
 - name: Create directory /var/lib/dkim
   file: path=/var/lib/dkim
         state=directory
         owner=root group=root
         mode=0755
   when: "'out' in group_names"
   tags:
     - genkey
 
 - name: Generate a private key for DKIM signing
   command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024
   register: dkim
   changed_when: dkim.rc == 0
   failed_when: dkim.rc > 1
   when: "'out' in group_names"
   notify:
     - Restart Amavis
     - Publish the public key to the DNS zone
   tags:
     - genkey
diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
index ae2031b..92805b8 100644
--- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
+++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2
@@ -139,50 +139,50 @@ $policy_bank{'OUTGOING'} = {
   smtpd_greeting_banner    => '${helo-name} ${protocol} ${product} OUTGOING service ready',
   forward_method           => $forward_method,
 
   # No black or white lists
   message_size_limit_maps => [],
   whitelist_sender_maps   => [],
   blacklist_sender_maps   => [],
 
   # Check for viruses (regardless of the recipient), but bypass all other checks
   bypass_virus_checks_maps  => undef,
   bypass_banned_checks_maps => 1,
   bypass_header_checks_maps => 1,
   bypass_spam_checks_maps   => 1,
 
   # If a virus is found, notify postmaster, quarantine, then discard.
   # Treat unchecked mails (eg, encrypted) as clean.
   quarantine_to_maps_by_ccat => { &CC_VIRUS => [$virus_quarantine_to],     &CC_UNCHECKED => undef, &CC_CLEAN => undef       },
   quarantine_method_by_ccat  => { &CC_VIRUS => [$virus_quarantine_method], &CC_UNCHECKED => undef, &CC_CLEAN => undef       },
   admin_maps_by_ccat         => { &CC_VIRUS => ["postmaster\@$mydomain"],  &CC_UNCHECKED => undef                           },
   lovers_maps_by_ccat        => { &CC_VIRUS => undef,                      &CC_UNCHECKED => 1                               },
-  final_destiny_by_ccat      => { &CC_VIRUS => D_DISCARD,                  &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS },
+  final_destiny_maps_by_ccat => { &CC_VIRUS => D_DISCARD,                  &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS },
 };
 
 $policy_bank{'INCOMING'} = {
   originating              => 0,
   enable_dkim_verification => 1,
   smtpd_greeting_banner    => '${helo-name} ${protocol} ${product} INCOMING service ready',
   forward_method           => $forward_method,
   message_size_limit_maps  => [],
 
   # Per-recipient Bayes Database
   sa_username_maps => [ new_RE ( [ qr/^(.+\@.+)$/ => '$1' ] )
                       , 'amavis' # catch-all
                       ],
 
   # Never quarantine, and never notify.
   # (Remember to disallow setting amavisSpamQuarantineCutoffLevel and
   # amavisVirusQuarantine*To in the LDAP schema.)
   # XXX: users might want to quarantine messages and get a notification instead
-  quarantine_method_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) },
-  admin_maps_by_ccat        => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH          ) },
+  quarantine_method_by_ccat  => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) },
+  admin_maps_by_ccat         => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH          ) },
 
   # Always deliver messages
-  final_destiny_by_ccat  => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM,            CC_BADH) },
-  lovers_maps_by_ccat    => { map {$_ => 1     } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) },
+  final_destiny_maps_by_ccat => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM,            CC_BADH) },
+  lovers_maps_by_ccat        => { map {$_ => 1     } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) },
 };
 
 #------------ Do not modify anything below this line -------------
 1;  # ensure a defined return
 # vim: set filetype=perl :
author	Guilhem Moulin <guilhem@fripost.org>	2015-05-14 23:26:10 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:53:33 +0200
commit	d87fefa9d38e6b8c99eafa16ea75dc8c879c41df (patch)
tree	381285e5a22776de2c3683f6776f1be814760ca1 /roles/amavis
parent	b5894c224ea973e8d80f249b4f82e9c381fbac6b (diff)