From efc8ce52f943f26ec81e6370b444841af0f76b0b Mon Sep 17 00:00:00 2001 From: Tunui Franken Date: Thu, 25 Jul 2024 17:57:37 +0200 Subject: [PATCH] Create role mailserver_rspamd --- playbook_mailserver.yml | 2 ++ roles/common_handlers/handlers/main.yml | 6 ++++++ roles/mailserver_postfix/templates/main.cf.j2 | 4 ++++ roles/mailserver_rspamd/README.md | 3 +++ roles/mailserver_rspamd/tasks/main.yml | 18 ++++++++++++++++++ .../templates/actions.conf.j2 | 3 +++ 6 files changed, 36 insertions(+) create mode 100644 roles/mailserver_rspamd/README.md create mode 100644 roles/mailserver_rspamd/tasks/main.yml create mode 100644 roles/mailserver_rspamd/templates/actions.conf.j2 diff --git a/playbook_mailserver.yml b/playbook_mailserver.yml index 972dee6..18adfc3 100644 --- a/playbook_mailserver.yml +++ b/playbook_mailserver.yml @@ -18,3 +18,5 @@ tags: postfix - role: mailserver_dovecot tags: dovecot + - role: mailserver_rspamd + tags: rspamd diff --git a/roles/common_handlers/handlers/main.yml b/roles/common_handlers/handlers/main.yml index a9981f6..2439082 100644 --- a/roles/common_handlers/handlers/main.yml +++ b/roles/common_handlers/handlers/main.yml @@ -76,3 +76,9 @@ ansible.builtin.systemd: name: sshd state: restarted + +- name: Reload rspamd service + become: true + ansible.builtin.systemd: + name: rspamd + state: reloaded diff --git a/roles/mailserver_postfix/templates/main.cf.j2 b/roles/mailserver_postfix/templates/main.cf.j2 index 40f2499..f589d22 100644 --- a/roles/mailserver_postfix/templates/main.cf.j2 +++ b/roles/mailserver_postfix/templates/main.cf.j2 @@ -30,6 +30,10 @@ smtpd_recipient_restrictions=reject_unauth_destination,check_policy_service unix smtpd_sender_login_maps=pgsql:/etc/postfix/sql-email-as-alias.cf +smtpd_milters=inet:127.0.0.1:11332 +non_smtpd_milters=inet:127.0.0.1:11332 +milter_mail_macros=i {mail_addr} {client_addr} {client_name} {auth_authen} + smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes diff --git a/roles/mailserver_rspamd/README.md b/roles/mailserver_rspamd/README.md new file mode 100644 index 0000000..0087e7c --- /dev/null +++ b/roles/mailserver_rspamd/README.md @@ -0,0 +1,3 @@ +# mailserver - Rspamd + +Installs ands sets up the Rspamd part of the mail server. diff --git a/roles/mailserver_rspamd/tasks/main.yml b/roles/mailserver_rspamd/tasks/main.yml new file mode 100644 index 0000000..652cd83 --- /dev/null +++ b/roles/mailserver_rspamd/tasks/main.yml @@ -0,0 +1,18 @@ +--- + +- name: Install needed packages + become: true + ansible.builtin.apt: + name: + - rspamd + - redis-server + +- name: Copy local actions + become: true + ansible.builtin.template: + src: actions.conf.j2 + dest: /etc/rspamd/local.d/actions.conf + owner: root + group: root + mode: "644" + notify: Reload rspamd service diff --git a/roles/mailserver_rspamd/templates/actions.conf.j2 b/roles/mailserver_rspamd/templates/actions.conf.j2 new file mode 100644 index 0000000..049dc43 --- /dev/null +++ b/roles/mailserver_rspamd/templates/actions.conf.j2 @@ -0,0 +1,3 @@ +reject = 150; +add_header = 6; +greylist = 4;