diff --git a/roles/mail/files/spamassassin b/roles/mail/files/spamassassin new file mode 100644 index 0000000..aff448e --- /dev/null +++ b/roles/mail/files/spamassassin @@ -0,0 +1,34 @@ +# /etc/default/spamassassin +# Duncan Findlay + +# WARNING: please read README.spamd before using. +# There may be security risks. + +# If you're using systemd (default for jessie), the ENABLED setting is +# not used. Instead, enable spamd by issuing: +# systemctl enable spamassassin.service +# Change to "1" to enable spamd on systems using sysvinit: +ENABLED=0 + +# Options +# See man spamd for possible options. The -d option is automatically added. + +# SpamAssassin uses a preforking model, so be careful! You need to +# make sure --max-children is not set to anything higher than 5, +# unless you know what you're doing. + +OPTIONS="--create-prefs --max-children 5 --helper-home-dir" + +# Pid file +# Where should spamd write its PID to file? If you use the -u or +# --username option above, this needs to be writable by that user. +# Otherwise, the init script will not be able to shut spamd down. +PIDFILE="/var/run/spamd.pid" + +# Set nice level of spamd +#NICE="--nicelevel 15" + +# Cronjob +# Set to anything but 0 to enable the cron job to automatically update +# spamassassin's rules on a nightly basis +CRON=1 diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 2e2cbd1..914ccf5 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -19,15 +19,12 @@ - pyzor - razor - spamassassin - tags: mail - name: Create vmail group group: name=vmail gid=500 state=present - tags: mail - name: Create vmail user user: name=vmail group=vmail uid=500 createhome=yes home=/var/vmail shell=/bin/false state=present - tags: mail - name: Configure amavis template: src={{ item }}.j2 dest=/etc/{{ item }} @@ -35,15 +32,12 @@ - amavis/15-content_filter_mode - amavis/50-user notify: Restart amavis - tags: mail - name: Create dovecot ssl directory file: path=/etc/dovecot/ssl state=directory mode=0750 owner=dovecot group=dovecot - tags: mail - name: Create dovecot log directory file: path=/var/log/dovecot state=directory mode=0750 owner=vmail group=vmail - tags: mail - name: Configure dovecot template: src={{ item }}.j2 dest=/etc/{{ item }} @@ -51,34 +45,28 @@ - dovecot/dovecot-ldap.conf.ext - dovecot/local.conf notify: Restart dovecot - tags: mail - name: Configure mailman template: src={{ item }}.j2 dest=/etc/{{ item }} with_items: - mailman/mm_cfg.py notify: Restart postfix - tags: mail - name: Configure mailman vhost template: src=nginx/vhost.j2 dest=/etc/nginx/sites-available/mailman notify: Restart nginx - tags: mail - name: Enable mailman vhost file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link notify: Restart nginx - tags: mail - name: Configure policyd copy: src={{ item }} dest=/etc/postfix-policyd-spf-python/{{ item }} with_items: - policyd-spf.conf - tags: mail - name: Create postfix ssl directory file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix - tags: mail - name: Configure postfix template: src={{ item }}.j2 dest=/etc/{{ item }} @@ -86,7 +74,6 @@ - postfix/main.cf - postfix/master.cf notify: Restart postfix - tags: mail - name: Configure postfix maps template: src={{ item }}.j2 dest=/etc/{{ item }} @@ -98,57 +85,49 @@ - postfix/transport - postfix/virtual-alias notify: Run postmap - tags: mail - name: Ensure postfix certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt notify: Restart postfix - tags: mail - name: Ensure correct postfix certificate permissions file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=root mode=0400 notify: Restart postfix - tags: mail - name: Ensure dovecot certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt notify: Restart dovecot - tags: mail - name: Ensure correct dovecot certificate permissions file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=root mode=0400 notify: Restart dovecot - tags: mail - name: Configure certificate manager template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf - tags: mail - name: Ensure mailman certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt notify: Restart nginx - tags: mail - name: Ensure correct mailman certificate permissions file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400 notify: Restart nginx - tags: mail - name: Configure certificate manager for mailman template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf - tags: mail - name: Create razor directory structure command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor become: yes become_user: amavis - tags: mail - name: Register razor command: razor-admin -register chdir=/var/lib/amavis creates=/var/lib/amavis/.razor/identity become: yes become_user: amavis - tags: mail + +- name: Enable spamassassin cron-job + copy: src=spamassassin dest=/etc/default/spamassassin - name: Start amavis service: name=amavis state=started enabled=yes