diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2013-12-09 08:11:16 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:17 +0200 |
| commit | 7c089f71667a1a14cc508772ca289d4d1d2edd27 (patch) | |
| tree | 2858164a1015603ebb8f2478b920e84a7dd62dd6 /roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | |
| parent | 185cf14065554038820c696e7d35f47017b43783 (diff) | |
Configure the content filter.
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new.
Each user has his/her amavis preferences, and own Bayes filter (to
maximize privacy).
One question remains, though: how to set spamassassin's trusted_networks
/ internal_networks / msa_networks? It seems not obivious to get it
write with IPSec and dynamic IPs.
(Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
Diffstat (limited to 'roles/common-LDAP/templates/etc/ldap/database.ldif.j2')
| -rw-r--r-- | roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index cf12f10..f76eb78 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -73,7 +73,13 @@ olcDbIndex: entryCSN,entryUUID eq # - http://www.openldap.org/doc/admin24/replication.html#Syncrepl # - http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-rap # -{% if 'LDAP-provider' not in group_names %} +{% if 'LDAP-provider' in group_names %} +olcLimits: dn.exact="cn=MX-replicate,ou=services,o=mailHosting,dc=fripost,dc=org" + time.soft=unlimited + time.hard=unlimited + size.soft=unlimited + size.hard=unlimited +{% elif 'MX' in group_names %} olcSyncrepl: rid=000 provider=ldap://{{ LDAP_provider }} type=refreshAndPersist @@ -129,6 +135,20 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=org" by dn.exact="username=postfix,cn=peercred,cn=external,cn=auth" =rsd by users =0 break # +# The following is required for the content filter +{% if 'MDA' in group_names %} +olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=org$" + attrs=entry + filter=(&(objectClass=FripostVirtualDomain)(fripostIsStatusActive=TRUE)) + by dn.exact="username=amavis,cn=peercred,cn=external,cn=auth" =s + by users =0 break +olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=org$" + attrs=entry,objectClass,fvl,@AmavisAccount + filter=(&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)(fripostIsStatusActive=TRUE)) + by dn.exact="username=amavis,cn=peercred,cn=external,cn=auth" =rsd + by users =0 break +{% endif %} +# # Anonymous can authenticate into the services. (But not read or write the password.) olcAccess: to dn.one="ou=services,o=mailHosting,dc=fripost,dc=org" attrs=userPassword |