diff options
Diffstat (limited to 'roles/amavis')
| -rw-r--r-- | roles/amavis/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/amavis/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/amavis/templates/etc/amavis/conf.d/50-user.j2 | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/roles/amavis/handlers/main.yml b/roles/amavis/handlers/main.yml index 1abc299..ab974e6 100644 --- a/roles/amavis/handlers/main.yml +++ b/roles/amavis/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: Restart ClamAV service: name=clamav-daemon state=restarted - name: Publish the public key to the DNS zone - # See the output of 'sudo genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key' + # See the output of 'genkeypair.sh dkim --privkey=/path/to/key' fail: "msg={{ dkim.stdout }}" - name: Restart Amavis service: name=amavis state=restarted diff --git a/roles/amavis/tasks/main.yml b/roles/amavis/tasks/main.yml index 00e8c40..6965c07 100644 --- a/roles/amavis/tasks/main.yml +++ b/roles/amavis/tasks/main.yml @@ -20,41 +20,41 @@ - cabextract - unar - tnef notify: - Restart Amavis - name: Add 'clamav' to the group 'amavis' user: name=clamav groups=amavis append=yes register: r1 notify: - Restart ClamAV - Restart Amavis - name: Create directory /var/lib/dkim file: path=/var/lib/dkim state=directory owner=root group=root mode=0755 - name: Generate a private key for DKIM signing - command: genkeypair.sh dkim --privkey=/var/lib/dkim/outgoing.fripost.org.key --dns=outgoing -t rsa -b 2048 + command: genkeypair.sh dkim --privkey=/var/lib/dkim/20140703.fripost.org.key -t rsa -b 1024 register: dkim changed_when: dkim.rc == 0 failed_when: dkim.rc > 1 notify: - Restart Amavis - Publish the public key to the DNS zone tags: - genkey - name: Configure Amavis template: src=etc/amavis/conf.d/50-user.j2 dest=/etc/amavis/conf.d/50-user owner=root group=root mode=0644 register: r3 notify: - Restart Amavis - meta: flush_handlers diff --git a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 index adafd7f..84814ca 100644 --- a/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 +++ b/roles/amavis/templates/etc/amavis/conf.d/50-user.j2 @@ -14,41 +14,41 @@ use strict; $max_servers = 5; $recipient_delimiter = '+'; $mydomain = 'fripost.org'; $X_HEADER_LINE = "Debian $myproduct_name at $mydomain"; undef $undecipherable_subject_tag; @mynetworks_maps = (); @remove_existing_spam_headers_maps = (); @bypass_virus_checks_maps = (); # load virus checking code $enable_dkim_verification = 1; # load DKIM signing/verifying code {% if 'out' not in group_names %} undef $enable_dkim_signing; @bypass_spam_checks_maps = (); # load spam checking code {% else %} $enable_dkim_signing = 1; # Sign *all* outgoing mails with *our* key (yes, amavis complains, but this is # safe as we force our domain with the 'd' tag). -dkim_key(qr'^', 'outgoing', '/var/lib/dkim/outgoing.'.$mydomain.'.key'); +dkim_key(qr'^', '20140703', '/var/lib/dkim/20140703.'.$mydomain.'.key'); @dkim_signature_options_bysender_maps = ( { '.' => { d => $mydomain , a => 'rsa-sha256' , ttl => 21*24*3600 , c => 'relaxed/simple' } } ); # Conform to RFC 4871 and don't sign Received: headers. $signed_header_fields{received} = 0; {% endif %} # Defang viruses only %defang_maps_by_ccat = ( CC_VIRUS, 1 , CC_CATCHALL, undef ); # Never BCC / DSN; don't forget to disallow setting amavisSpamDsnCutoffLevel # and amavis*Admin, also %always_bcc_by_ccat = ( CC_CATCHALL, undef ); %dsn_bcc_by_ccat = ( CC_CATCHALL, undef ); |