summaryrefslogtreecommitdiffstats
path: root/roles/amavis/tasks/main.yml
blob: 7fc44c73204209f0d0609895e8fda7daa86ffe61 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
- name: Install amavis and its decoders
  apt: pkg={{ packages }}
  vars:
    packages:
    - amavisd-new
    - libnet-ldap-perl
    # Mail::DKIM
    - libmail-dkim-perl
    - gzip
    - bzip2
    - xz-utils
    - lzop
    - rpm2cpio
    - pax
    - binutils
    - p7zip-full
    - unrar-free
    - arj
    - nomarch
    - cabextract
    - unar
    - tnef
  notify:
    - Restart Amavis

- name: Add 'clamav' to the group 'amavis'
  user: name=clamav groups=amavis append=yes
  notify:
    - Restart ClamAV
    - Restart Amavis

- name: Add an 'amavis' alias
  lineinfile: dest=/etc/aliases create=yes
              regexp="^amavis{{':'}} "
              line="amavis{{':'}} root"

- name: Compile the static local Postfix database
  postmap: cmd=postalias src=/etc/aliases db=lmdb
           owner=root group=root
           mode=0644

- name: Create directory /etc/amavis/dkim
  file: path=/etc/amavis/dkim
        state=directory
        owner=root group=root
        mode=0755
  when: "'out' in group_names"
  tags:
    - genkey
    - dkim

- name: Generate a private key for DKIM signing
  command: genkeypair.sh dkim --owner=amavis --group=root --privkey="/etc/amavis/dkim/{{ item.s }}:{{ item.d }}.pem" -t rsa -b 2048
  with_items: "{{ (dkim_keys[inventory_hostname_short] | default({})).values() | list }}"
  register: dkim
  changed_when: dkim.rc == 0
  failed_when: dkim.rc > 1
  when: "'out' in group_names"
  tags:
    - genkey
    - dkim

- name: Fetch DKIM keys
  fetch_cmd: cmd="openssl pkey -pubout -outform PEM"
             stdin="/etc/amavis/dkim/{{ item.s }}:{{ item.d }}.pem"
             dest="certs/dkim/{{ item.s }}:{{ item.d }}.pub"
  with_items: "{{ (dkim_keys[inventory_hostname_short] | default({})).values() | list }}"
  tags:
    - genkey
    - dkim

- name: Configure Amavis
  template: src=etc/amavis/conf.d/50-user.j2
            dest=/etc/amavis/conf.d/50-user
            owner=root group=root
            mode=0644
  register: r3
  notify:
    - Restart Amavis

- meta: flush_handlers

- name: Start Amavis
  service: name=amavis state=started


- name: Install 'amavis' Munin plugin
  file: src=/usr/share/munin/plugins/amavis
        dest=/etc/munin/plugins/amavis
        owner=root group=root
        state=link force=yes
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node