diff options
Diffstat (limited to 'roles/amavis')
| -rw-r--r-- | roles/amavis/tasks/main.yml | 9 | ||||
| -rw-r--r-- | roles/amavis/templates/etc/amavis/conf.d/50-user.j2 | 10 |
2 files changed, 13 insertions, 6 deletions
diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml index da1f86a..a30772d 100644 --- a/roles/amavis/tasks/main.yml +++ b/roles/amavis/tasks/main.yml @@ -1,52 +1,59 @@ - name: Install amavis and its decoders apt: pkg={{ item }} with_items: - amavisd-new + - libnet-ldap-perl # Mail::DKIM - libmail-dkim-perl - gzip - bzip2 - xz-utils - lzop - rpm2cpio - pax - binutils - p7zip-full - unrar-free - arj - nomarch - zoo - ripole - cabextract - unar - tnef notify: - Restart Amavis - name: Add 'clamav' to the group 'amavis' user: name=clamav groups=amavis append=yes - register: r1 notify: - Restart ClamAV - Restart Amavis +- name: Set AllowSupplementaryGroups=true + lineinfile: "dest=/etc/clamav/clamd.conf + regexp='^AllowSupplementaryGroups\\s' + line='AllowSupplementaryGroups true'" + notify: + - Restart ClamAV + - name: Create directory /var/lib/dkim file: path=/var/lib/dkim state=directory owner=root group=root mode=0755 when: "'out' in group_names" tags: - genkey - name: Generate a private key for DKIM signing command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024 register: dkim changed_when: dkim.rc == 0 failed_when: dkim.rc > 1 when: "'out' in group_names" notify: - Restart Amavis - Publish the public key to the DNS zone tags: - genkey diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 index ae2031b..92805b8 100644 --- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 +++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 @@ -139,50 +139,50 @@ $policy_bank{'OUTGOING'} = { smtpd_greeting_banner => '${helo-name} ${protocol} ${product} OUTGOING service ready', forward_method => $forward_method, # No black or white lists message_size_limit_maps => [], whitelist_sender_maps => [], blacklist_sender_maps => [], # Check for viruses (regardless of the recipient), but bypass all other checks bypass_virus_checks_maps => undef, bypass_banned_checks_maps => 1, bypass_header_checks_maps => 1, bypass_spam_checks_maps => 1, # If a virus is found, notify postmaster, quarantine, then discard. # Treat unchecked mails (eg, encrypted) as clean. quarantine_to_maps_by_ccat => { &CC_VIRUS => [$virus_quarantine_to], &CC_UNCHECKED => undef, &CC_CLEAN => undef }, quarantine_method_by_ccat => { &CC_VIRUS => [$virus_quarantine_method], &CC_UNCHECKED => undef, &CC_CLEAN => undef }, admin_maps_by_ccat => { &CC_VIRUS => ["postmaster\@$mydomain"], &CC_UNCHECKED => undef }, lovers_maps_by_ccat => { &CC_VIRUS => undef, &CC_UNCHECKED => 1 }, - final_destiny_by_ccat => { &CC_VIRUS => D_DISCARD, &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS }, + final_destiny_maps_by_ccat => { &CC_VIRUS => D_DISCARD, &CC_UNCHECKED => D_PASS, &CC_OVERSIZED => D_PASS }, }; $policy_bank{'INCOMING'} = { originating => 0, enable_dkim_verification => 1, smtpd_greeting_banner => '${helo-name} ${protocol} ${product} INCOMING service ready', forward_method => $forward_method, message_size_limit_maps => [], # Per-recipient Bayes Database sa_username_maps => [ new_RE ( [ qr/^(.+\@.+)$/ => '$1' ] ) , 'amavis' # catch-all ], # Never quarantine, and never notify. # (Remember to disallow setting amavisSpamQuarantineCutoffLevel and # amavisVirusQuarantine*To in the LDAP schema.) # XXX: users might want to quarantine messages and get a notification instead - quarantine_method_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) }, - admin_maps_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH ) }, + quarantine_method_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH, CC_CLEAN) }, + admin_maps_by_ccat => { map {$_ => undef} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH ) }, # Always deliver messages - final_destiny_by_ccat => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH) }, - lovers_maps_by_ccat => { map {$_ => 1 } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) }, + final_destiny_maps_by_ccat => { map {$_ => D_PASS} (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_BADH) }, + lovers_maps_by_ccat => { map {$_ => 1 } (CC_VIRUS, CC_BANNED, CC_UNCHECKED, CC_SPAM, CC_SPAMMY, CC_BADH) }, }; #------------ Do not modify anything below this line ------------- 1; # ensure a defined return # vim: set filetype=perl : |