diff --git a/roles/mail/files/etc-amavis-conf.d-15-content_filter_mode b/roles/mail/files/etc-amavis-conf.d-15-content_filter_mode new file mode 100644 index 0000000..6fd8f21 --- /dev/null +++ b/roles/mail/files/etc-amavis-conf.d-15-content_filter_mode @@ -0,0 +1,27 @@ +use strict; + +# You can modify this file to re-enable SPAM checking through spamassassin +# and to re-enable antivirus checking. + +# +# Default antivirus checking mode +# Please note, that anti-virus checking is DISABLED by +# default. +# If You wish to enable it, please uncomment the following lines: + + +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); + + +# +# Default SPAM checking mode +# Please note, that anti-spam checking is DISABLED by +# default. +# If You wish to enable it, please uncomment the following lines: + + +@bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + +1; # ensure a defined return diff --git a/roles/mail/files/etc-amavis-conf.d-50-user b/roles/mail/files/etc-amavis-conf.d-50-user new file mode 100644 index 0000000..ae0eb78 --- /dev/null +++ b/roles/mail/files/etc-amavis-conf.d-50-user @@ -0,0 +1,20 @@ +use strict; + +# +# Place your configuration directives here. They will override those in +# earlier files. +# +# See /usr/share/doc/amavisd-new/ for documentation and examples of +# the directives you can use in this file +# + +$QUARANTINEDIR = '/var/spool/virusmails'; # Quarantine Directory +$spam_quarantine_method = 'local:spam-%b-%i-%n'; # Filename in $QUARANTINEDIR +$spam_quarantine_to = 'spam-quarantine'; # Put Spam in Quarantine Directory +# $spam_quarantine_to = "admin\@$mydomain"; # Send Spam to Adminstrator +# $spam_quarantine_to = undef; # Do nothing with Spam +$final_spam_destiny = D_DISCARD; +$spam_admin = "admin\@$mydomain"; # Where to send Notification + +#------------ Do not modify anything below this line ------------- +1; # ensure a defined return diff --git a/roles/mail/files/etc-default-spamassassin b/roles/mail/files/etc-default-spamassassin new file mode 100644 index 0000000..856b494 --- /dev/null +++ b/roles/mail/files/etc-default-spamassassin @@ -0,0 +1,31 @@ +# Duncan Findlay + +# WARNING: please read README.spamd before using. +# There may be security risks. + +# Change to one to enable spamd +ENABLED=1 + +# Options +# See man spamd for possible options. The -d option is automatically added. + +# SpamAssassin uses a preforking model, so be careful! You need to +# make sure --max-children is not set to anything higher than 5, +# unless you know what you're doing. + +OPTIONS="--create-prefs --max-children 5 --helper-home-dir" + +# Pid file +# Where should spamd write its PID to file? If you use the -u or +# --username option above, this needs to be writable by that user. +# Otherwise, the init script will not be able to shut spamd down. +PIDFILE="/var/run/spamd.pid" + +# Set nice level of spamd +#NICE="--nicelevel 15" + +# Cronjob +# Set to anything but 0 to enable the cron job to automatically update +# spamassassin's rules on a nightly basis +CRON=1 + diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml index a166119..410c6a3 100644 --- a/roles/mail/handlers/main.yml +++ b/roles/mail/handlers/main.yml @@ -4,4 +4,16 @@ - name: restart mysql service: name=mysql state=restarted + +- name: restart dovecot + service: name=dovecot state=restarted + +- name: restart postfix + service: name=postfix state=restarted + +- name: restart spamassassin + service: name=spamassassin state=restarted + +- name: restart postgrey + service: name=postgrey state=restarted # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 6027fcf..f1f0616 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -44,9 +44,11 @@ - name: Copying file to directory previously created copy: src=etc-postfix-sasl-smtpd.conf dest=/etc/postfix/sasl/smtpd.conf + notify: restart postfix - name: adduser postfix sasl shell: adduser postfix sasl + notify: restart dovecot - name: Copy dovecot config files template: src=dovecot.conf.j2 dest=/etc/dovecot/ owner=root mode=655 @@ -93,4 +95,31 @@ - name: Copy postfix config files template: src=root-postfix.sql.j2 dest=/etc/postfix/ owner=root mode=655 +- name: Create database for postfix + shell: mysql < /etc/postfix/postfix.sql + +- name: Config amavis + copy: src=etc-amavis-conf.d-15-content_filter_mode dest=/etc/amavis/conf.d/15-content_filter_mode + +- name: Config amavis + copy: src=etc-amavis-conf.d-50-user dest=/etc/amavis/conf.d/50-user + +- name: Virus repository + shell: mkdir /var/spool/virusmails + +- name: chown + shell: chown amavis:amavis /var/spool/virusmails + +- name: update SA + shell: sa-update -D + +- name: Config SA + copy: src=etc-default-spamassassin dest=/etc/default/spamassassin + notify: restart spamassassin + +- name: Config Postgrey + template: src=etc-default-postgrey dest=/etc/default/postgrey + notify: restart postgrey + + # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/templates/etc-default-postgrey.j2 b/roles/mail/templates/etc-default-postgrey.j2 new file mode 100644 index 0000000..65dddaf --- /dev/null +++ b/roles/mail/templates/etc-default-postgrey.j2 @@ -0,0 +1,13 @@ +# postgrey startup options, created for Debian + +# you may want to set +# --delay=N how long to greylist, seconds (default: 300) +# --max-age=N delete old entries after N days (default: 35) +# see also the postgrey(8) manpage + +#POSTGREY_OPTS="--inet=10023" +POSTGREY_OPTS="--inet=10023 --delay=300 --hostname=mail.{{ domain }} --auto-whitelist-clients" + +# the --greylist-text commandline argument can not be easily passed through +# POSTGREY_OPTS when it contains spaces. So, insert your text here: +#POSTGREY_TEXT="Your customized rejection message here" diff --git a/roles/mail/vars/main.yml b/roles/mail/vars/main.yml index df36c07..2ef7fc3 100644 --- a/roles/mail/vars/main.yml +++ b/roles/mail/vars/main.yml @@ -15,6 +15,7 @@ packages: - dovecot-core - dovecot-dbg - dovecot-gssapi + - postgrey - dovecot-imapd - dovecot-ldap - dovecot-lmtpd