diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/IMAP/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/IMAP/tasks/spam.yml | 25 | ||||
| -rw-r--r-- | roles/IMAP/templates/etc/spamassassin/local.cf.j2 (renamed from roles/IMAP/files/etc/spamassassin/local.cf) | 8 |
3 files changed, 30 insertions, 9 deletions
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml index f9b25d1..b26cb10 100644 --- a/roles/IMAP/tasks/main.yml +++ b/roles/IMAP/tasks/main.yml @@ -1,16 +1,16 @@ --- - include: imap.yml tags: - imap - dovecot - include: mda.yml tags: - mda - mail - postfix -# TODO spam filter +## TODO spam filter #- include: spam.yml -# tags +# tags: # - spam +# - amavis # - spamassassin -# diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml index 06624dd..3091b85 100644 --- a/roles/IMAP/tasks/spam.yml +++ b/roles/IMAP/tasks/spam.yml @@ -8,56 +8,75 @@ - spamassassin - spamc - libdbi-perl - re2c - libc6-dev - gcc - make notify: - Compile Spamassassin rules - Restart Amavis - name: Create a 'spamassassin' database mysql_db: name=spamassassin state=present encoding=latin1 collation=latin1_general_ci notify: - Copy SQL tables for spamassassin - Create SQL tables for spamassassin - meta: flush_handlers + - name: Copy SpamAssassin's configuration copy: src=etc/{{ item }} dest=/etc/{{ item }} owner=root group=root mode=0644 with_items: - - spamassassin/local.cf - spamassassin/v310.pre - spamassassin/v320.pre + register: r1 + notify: + - Restart Amavis + +- name: Copy SpamAssassin's configuration (2) + template: src=etc/{{ item }}.j2 + dest=/etc/{{ item }} + owner=root group=root + mode=0644 + with_items: + - spamassassin/local.cf + register: r2 notify: - Restart Amavis - name: Provision /etc/default/spamassassin lineinfile: dest=/etc/default/spamassassin - regexp='^(\s*#)?\s*{{ item.var }}=' - "line={{ item.var }}={{ item.value }}" + regexp='^(\\s*#)?\\s*{{ item.var }}\\s*=' + line='{{ item.var }}={{ item.value }}' owner=root group=root mode=0644 with_items: - { var: ENABLED, value: 0 } - { var: CRON, value: 1 } - name: Create a 'amavis' SQL user # This *must* be the user we run spamd as # See https://svn.apache.org/repos/asf/spamassassin/trunk/sql/README.bayes mysql_user2: > name=amavis password= auth_plugin=auth_socket priv="spamassassin.awl: SELECT,INSERT,UPDATE,DELETE /spamassassin.bayes_seen: SELECT,INSERT, DELETE /spamassassin.bayes_token: SELECT,INSERT,UPDATE,DELETE /spamassassin.bayes_global_vars: SELECT /spamassassin.bayes_vars: SELECT,INSERT,UPDATE,DELETE /spamassassin.bayes_expire: SELECT,INSERT, DELETE" state=present + register: r3 notify: - Restart Amavis + +- name: Start Amavis + service: name=amavis state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers diff --git a/roles/IMAP/files/etc/spamassassin/local.cf b/roles/IMAP/templates/etc/spamassassin/local.cf.j2 index 8ae4a4b..edef554 100644 --- a/roles/IMAP/files/etc/spamassassin/local.cf +++ b/roles/IMAP/templates/etc/spamassassin/local.cf.j2 @@ -4,46 +4,48 @@ # tweaked. # # Only a small subset of options are listed below # ########################################################################### # Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject [*****SPAM*****] # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # report_safe 0 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # -# TODO: Unclear how to do with IPSec and dynamic IPs. clear_trusted_networks -trusted_networks 192.168.122.2 192.168.122.3 +trusted_networks 127.0.0.1/8 {{ ipsec_subnet }} {{ groups.MX | join(' ') }} +# MXes and internal relays should be listed in bouth trusted_networks +# and clear_internal_networks, cf. +# https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html clear_internal_networks -internal_networks 192.168.122.2 192.168.122.3 +internal_networks {{ groups.MX | join(' ') }} # Set file-locking method (flock is not safe over NFS, but is faster) # lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0 # Use Bayesian classifier (default: 1) # use_bayes 1 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1 |