From 7c089f71667a1a14cc508772ca289d4d1d2edd27 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 9 Dec 2013 08:11:16 +0100 Subject: Configure the content filter. Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new. Each user has his/her amavis preferences, and own Bayes filter (to maximize privacy). One question remains, though: how to set spamassassin's trusted_networks / internal_networks / msa_networks? It seems not obivious to get it write with IPSec and dynamic IPs. (Cf. https://wiki.apache.org/spamassassin/AwlWrongWay) --- roles/IMAP/tasks/amavis.yml | 56 +++++++++++++++++++++++++++++++++++++++++++++ roles/IMAP/tasks/main.yml | 2 ++ roles/IMAP/tasks/spam.yml | 51 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 roles/IMAP/tasks/amavis.yml create mode 100644 roles/IMAP/tasks/spam.yml (limited to 'roles/IMAP/tasks') diff --git a/roles/IMAP/tasks/amavis.yml b/roles/IMAP/tasks/amavis.yml new file mode 100644 index 0000000..6f47328 --- /dev/null +++ b/roles/IMAP/tasks/amavis.yml @@ -0,0 +1,56 @@ +- name: Install amavis and its decoders + apt: pkg={{ item }} + with_items: + - amavisd-new + - libnet-ldap-perl + - libauthen-sasl-perl + - gzip + - bzip2 + - xz-utils + - lzop + - rpm2cpio + - pax + - binutils + - p7zip-full + - unrar-free + - arj + - nomarch + - zoo + - ripole + - cabextract + - unar + - tnef + notify: + - Restart Amavis + +- name: Add 'clamav' to the group 'amavis' + user: name=clamav groups=amavis append=yes + register: r1 + notify: + - Restart ClamAV + - Restart Amavis + +- name: Configure Amavis (1) + copy: src=etc/amavis/conf.d/05-domain_id + dest=/etc/amavis/conf.d/05-domain_id + owner=root group=root + mode=0644 + register: r2 + notify: + - Restart Amavis + +- name: Configure Amavis (2) + template: src=etc/amavis/conf.d/{{ item }}.j2 + dest=/etc/amavis/conf.d/{{ item }} + owner=root group=root + mode=0644 + register: r3 + with_items: + - 15-content_filter_mode + - 50-user + notify: + - Restart Amavis + +- name: Start Amavis + service: name=amavis state=started + when: not (r1.changed or r2.changed or r3.changed) diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml index df21dd2..b43f9fb 100644 --- a/roles/IMAP/tasks/main.yml +++ b/roles/IMAP/tasks/main.yml @@ -1,3 +1,5 @@ --- - include: imap.yml tags=imap,dovecot - include: mda.yml tags=mda,mail,postfix +- include: amavis.yml tags=amavis +- include: spam.yml tags=spam,spamassassin diff --git a/roles/IMAP/tasks/spam.yml b/roles/IMAP/tasks/spam.yml new file mode 100644 index 0000000..d326656 --- /dev/null +++ b/roles/IMAP/tasks/spam.yml @@ -0,0 +1,51 @@ +- name: Install spamassassin + apt: pkg={{ item }} + with_items: + - razor + - spamassassin + - spamc + - libdbi-perl + notify: + - Restart Amavis + +- name: Create a 'spamassassin' database + mysql_db: name=spamassassin state=present + encoding=latin1 collation=latin1_general_ci + notify: + - Copy SQL tables for spamassassin + - Create SQL tables for spamassassin + +- meta: flush_handlers + +- name: Copy SpamAssassin's configuration + copy: src=etc/{{ item }} + dest=/etc/{{ item }} + owner=root group=root + mode=0644 + with_items: + - spamassassin/local.cf + - spamassassin/v310.pre + notify: + - Restart Amavis + +- name: Ensure SpamAssassin is not auto-started at boot time + lineinfile: dest=/etc/default/spamassassin + regexp='^(\s*#)?\s*ENABLED=' + line='ENABLED=0' + owner=root group=root + mode=0644 + +- name: Create a 'amavis' SQL user + # This *must* be the user we run spamd as + # See https://svn.apache.org/repos/asf/spamassassin/trunk/sql/README.bayes + mysql_user: > + name=amavis auth_plugin=auth_socket + priv="spamassassin.awl: SELECT,INSERT,UPDATE,DELETE + /spamassassin.bayes_seen: SELECT,INSERT, DELETE + /spamassassin.bayes_token: SELECT,INSERT,UPDATE,DELETE + /spamassassin.bayes_global_vars: SELECT + /spamassassin.bayes_vars: SELECT,INSERT,UPDATE,DELETE + /spamassassin.bayes_expire: SELECT,INSERT, DELETE" + state=present + notify: + - Restart Amavis -- cgit v1.2.3