diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 17:57:38 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 17:59:01 +0200 |
| commit | b536632f32d81dceb11f2b7ebf2ec1a284498901 (patch) | |
| tree | c4a8cbbd68c7985d91ec6b501586049028d2f666 /roles | |
| parent | deb4777fb64a8427fa029bcd932a0c58adf203d6 (diff) | |
spamassassin: list our IPSec subnet in trusted_networks.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/IMAP/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/IMAP/tasks/spam.yml | 25 | ||||
| -rw-r--r-- | roles/IMAP/templates/etc/spamassassin/local.cf.j2 (renamed from roles/IMAP/files/etc/spamassassin/local.cf) | 8 |
3 files changed, 30 insertions, 9 deletions
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml index f9b25d1..b26cb10 100644 --- a/roles/IMAP/tasks/main.yml +++ b/roles/IMAP/tasks/main.yml @@ -8,9 +8,9 @@ - mda - mail - postfix -# TODO spam filter +## TODO spam filter #- include: spam.yml -# tags +# tags: # - spam +# - amavis # - spamassassin -# diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml index 06624dd..3091b85 100644 --- a/roles/IMAP/tasks/spam.yml +++ b/roles/IMAP/tasks/spam.yml @@ -25,22 +25,34 @@ - meta: flush_handlers + - name: Copy SpamAssassin's configuration copy: src=etc/{{ item }} dest=/etc/{{ item }} owner=root group=root mode=0644 with_items: - - spamassassin/local.cf - spamassassin/v310.pre - spamassassin/v320.pre + register: r1 + notify: + - Restart Amavis + +- name: Copy SpamAssassin's configuration (2) + template: src=etc/{{ item }}.j2 + dest=/etc/{{ item }} + owner=root group=root + mode=0644 + with_items: + - spamassassin/local.cf + register: r2 notify: - Restart Amavis - name: Provision /etc/default/spamassassin lineinfile: dest=/etc/default/spamassassin - regexp='^(\s*#)?\s*{{ item.var }}=' - "line={{ item.var }}={{ item.value }}" + regexp='^(\\s*#)?\\s*{{ item.var }}\\s*=' + line='{{ item.var }}={{ item.value }}' owner=root group=root mode=0644 with_items: @@ -59,5 +71,12 @@ /spamassassin.bayes_vars: SELECT,INSERT,UPDATE,DELETE /spamassassin.bayes_expire: SELECT,INSERT, DELETE" state=present + register: r3 notify: - Restart Amavis + +- name: Start Amavis + service: name=amavis state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers diff --git a/roles/IMAP/files/etc/spamassassin/local.cf b/roles/IMAP/templates/etc/spamassassin/local.cf.j2 index 8ae4a4b..edef554 100644 --- a/roles/IMAP/files/etc/spamassassin/local.cf +++ b/roles/IMAP/templates/etc/spamassassin/local.cf.j2 @@ -21,12 +21,14 @@ report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # -# TODO: Unclear how to do with IPSec and dynamic IPs. clear_trusted_networks -trusted_networks 192.168.122.2 192.168.122.3 +trusted_networks 127.0.0.1/8 {{ ipsec_subnet }} {{ groups.MX | join(' ') }} +# MXes and internal relays should be listed in bouth trusted_networks +# and clear_internal_networks, cf. +# https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html clear_internal_networks -internal_networks 192.168.122.2 192.168.122.3 +internal_networks {{ groups.MX | join(' ') }} # Set file-locking method (flock is not safe over NFS, but is faster) |