✨: add postgrey, treat spamd as milter
This commit is contained in:
VC
1
mail.yml
1
mail.yml
@@ -8,5 +8,6 @@
|
|||||||
- dovecot
|
- dovecot
|
||||||
- opendkim
|
- opendkim
|
||||||
- opendmarc
|
- opendmarc
|
||||||
|
- postgrey
|
||||||
- spamassassin
|
- spamassassin
|
||||||
- mailman
|
- mailman
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
## Configuration de postfix
|
## Configuration de postfix
|
||||||
|
## 22/02/2024 mortal Ajout de postgrey
|
||||||
## 26/02/2023 mortal Ajout des futures adresses IPv4/v6 pour Free
|
## 26/02/2023 mortal Ajout des futures adresses IPv4/v6 pour Free
|
||||||
## 27/01/2022 mortal Ajout de nouveaux paramètres pour mailman3
|
## 27/01/2022 mortal Ajout de nouveaux paramètres pour mailman3
|
||||||
## 05/08/2018 mortal Suppression de mailbox_command au profit de mailbox_transport : c'est toujours dovecot qui fait la livraison mais à travers une socket plutôt qu'un programme lancé par postfix
|
## 05/08/2018 mortal Suppression de mailbox_command au profit de mailbox_transport : c'est toujours dovecot qui fait la livraison mais à travers une socket plutôt qu'un programme lancé par postfix
|
||||||
@@ -53,6 +54,10 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
|
|||||||
smtpd_tls_auth_only = yes
|
smtpd_tls_auth_only = yes
|
||||||
smtpd_tls_session_cache_timeout = 10s
|
smtpd_tls_session_cache_timeout = 10s
|
||||||
smtpd_tls_loglevel = 1
|
smtpd_tls_loglevel = 1
|
||||||
|
smtpd_recipient_restrictions = permit_sasl_authenticated,
|
||||||
|
permit_mynetworks,
|
||||||
|
reject_unauth_destination,
|
||||||
|
check_policy_service inet:127.0.0.1:10023
|
||||||
# client SMTP
|
# client SMTP
|
||||||
smtp_tls_CApath = /etc/ssl/certs
|
smtp_tls_CApath = /etc/ssl/certs
|
||||||
smtp_tls_cert_file = /etc/x509/smtp.libertus.eu/fullchain.cer
|
smtp_tls_cert_file = /etc/x509/smtp.libertus.eu/fullchain.cer
|
||||||
@@ -72,7 +77,6 @@ smtpd_sasl_path = inet:localhost:26
|
|||||||
# DKIM
|
# DKIM
|
||||||
milter_default_action = accept
|
milter_default_action = accept
|
||||||
milter_protocol = 2
|
milter_protocol = 2
|
||||||
smtpd_milters = inet:localhost:8891,inet:localhost:8892
|
smtpd_milters = inet:localhost:8891,inet:localhost:8892,unix:/var/spool/postfix/spamass/spamass.sock
|
||||||
|
|
||||||
compatibility_level = 2
|
compatibility_level = 2
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
# service type private unpriv chroot wakeup maxproc command + args
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
# (yes) (yes) (yes) (never) (100)
|
# (yes) (yes) (yes) (never) (100)
|
||||||
# ==========================================================================
|
# ==========================================================================
|
||||||
smtp inet n - - - - smtpd -o content_filter=spamassassin
|
smtp inet n - - - - smtpd
|
||||||
submission inet n - - - - smtpd
|
submission inet n - - - - smtpd
|
||||||
-o smtpd_tls_security_level=encrypt
|
-o smtpd_tls_security_level=encrypt
|
||||||
-o smtpd_sasl_auth_enable=yes
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
|||||||
12
roles/postgrey/files/postgrey
Normal file
12
roles/postgrey/files/postgrey
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
# postgrey startup options, created for Debian
|
||||||
|
|
||||||
|
# you may want to set
|
||||||
|
# --delay=N how long to greylist, seconds (default: 300)
|
||||||
|
# --max-age=N delete old entries after N days (default: 35)
|
||||||
|
# see also the postgrey(8) manpage
|
||||||
|
|
||||||
|
POSTGREY_OPTS="--inet=10023 --delay=300 --max-age=365"
|
||||||
|
|
||||||
|
# the --greylist-text commandline argument can not be easily passed through
|
||||||
|
# POSTGREY_OPTS when it contains spaces. So, insert your text here:
|
||||||
|
#POSTGREY_TEXT="Your customized rejection message here"
|
||||||
6
roles/postgrey/handlers/main.yml
Normal file
6
roles/postgrey/handlers/main.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Restart postgrey
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: postgrey
|
||||||
|
state: restarted
|
||||||
14
roles/postgrey/tasks/main.yml
Normal file
14
roles/postgrey/tasks/main.yml
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install postgrey
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: postgrey
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Put main configuration files
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/postgrey
|
||||||
|
dest: /etc/default/postgrey
|
||||||
|
mode: 0644
|
||||||
|
notify:
|
||||||
|
- Restart postgrey
|
||||||
28
roles/spamassassin/files/spamass-milter
Normal file
28
roles/spamassassin/files/spamass-milter
Normal file
@@ -0,0 +1,28 @@
|
|||||||
|
# spamass-milt startup defaults
|
||||||
|
|
||||||
|
# OPTIONS are passed directly to spamass-milter.
|
||||||
|
# man spamass-milter for details
|
||||||
|
|
||||||
|
# Non-standard configuration notes:
|
||||||
|
# See README.Debian if you use the -x option with sendmail
|
||||||
|
# You should not pass the -d option in OPTIONS; use SOCKET for that.
|
||||||
|
|
||||||
|
# Default, use the spamass-milter user as the default user, ignore
|
||||||
|
# messages from localhost
|
||||||
|
OPTIONS="-u spamass-milter -i 127.0.0.1"
|
||||||
|
|
||||||
|
# Reject emails with spamassassin scores > 15.
|
||||||
|
OPTIONS="${OPTIONS} -r 15"
|
||||||
|
|
||||||
|
# Do not modify Subject:, Content-Type: or body.
|
||||||
|
#OPTIONS="${OPTIONS} -m"
|
||||||
|
|
||||||
|
######################################
|
||||||
|
# If /usr/sbin/postfix is executable, the following are set by
|
||||||
|
# default. You can override them by uncommenting and changing them
|
||||||
|
# here.
|
||||||
|
######################################
|
||||||
|
# SOCKET="/var/spool/postfix/spamass/spamass.sock"
|
||||||
|
# SOCKETOWNER="postfix:postfix"
|
||||||
|
# SOCKETMODE="0660"
|
||||||
|
######################################
|
||||||
@@ -4,3 +4,8 @@
|
|||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamd
|
name: spamd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart spamass-milter
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: spamass-milter
|
||||||
|
state: restarted
|
||||||
|
|||||||
@@ -6,10 +6,11 @@
|
|||||||
state: present
|
state: present
|
||||||
loop:
|
loop:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
- spamass-milter
|
||||||
- libmail-dkim-perl
|
- libmail-dkim-perl
|
||||||
- libmail-spf-perl
|
- libmail-spf-perl
|
||||||
|
|
||||||
- name: Put configuration files
|
- name: Put configuration files for spamassassin
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
@@ -17,5 +18,16 @@
|
|||||||
loop:
|
loop:
|
||||||
- {src: "./files/local.cf", dest: "/etc/spamassassin/local.cf"}
|
- {src: "./files/local.cf", dest: "/etc/spamassassin/local.cf"}
|
||||||
- {src: "./files/spamassassin", dest: "/etc/default/spamassassin"}
|
- {src: "./files/spamassassin", dest: "/etc/default/spamassassin"}
|
||||||
|
- {src: "./files/spamass-milter", dest: "/etc/default/spamass-milter"}
|
||||||
notify:
|
notify:
|
||||||
- Restart spamassassin
|
- Restart spamassassin
|
||||||
|
- Restart spamass-milter
|
||||||
|
|
||||||
|
- name: Ensure that spam services are up
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
loop:
|
||||||
|
- spamass-milter
|
||||||
|
- spamd
|
||||||
|
|||||||
Reference in New Issue
Block a user