postfix: first impletentation of spam and virus filter

Author: cimbalo

roles/dovecot/tasks/main.yaml

@@ -6,11 +6,6 @@
       - dovecot-ldap
       - dovecot-imapd
       - rsyslog
-#      - dovecot-lmtpd
-#      - amavisd-new
-#      - postgrey #TODO
-#      - spamassassin
-#      - clamav-daemon
 
 - lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present
   notify: restart postfix
@@ -88,34 +83,3 @@
 
 - template: src=dovecot-ldap.conf.ext.j2 dest=/etc/dovecot/dovecot-ldap.conf.ext
   notify: restart dovecot
-
-#- lineinfile: dest=/etc/postfix/main.cf line="content_filter=smtp-amavis:[127.0.0.1]:10024" state=present
-#  notify: restart_postfix
-
-#- blockinfile: |
-#    dest=/etc/postfix/master.cf
-#    content=" smtp-amavis unix    -       -       n       -       2     smtp
-#    -o smtp_data_done_timeout=1200
-#    -o smtp_send_xforward_command=yes
-#    -o disable_dns_lookups=yes
-#    -o max_use=20
-#
-#     127.0.0.1:10025 inet n    -       n       -       -     smtpd
-#    -o content_filter=
-#    -o smtpd_delay_reject=no
-#    -o smtpd_client_restrictions=permit_mynetworks,reject
-#    -o smtpd_helo_restrictions=
-#    -o smtpd_sender_restrictions=
-#    -o smtpd_recipient_restrictions=permit_mynetworks,reject
-#    -o smtpd_data_restrictions=reject_unauth_pipelining
-#    -o smtpd_end_of_data_restrictions=
-#    -o smtpd_restriction_classes=
-#    -o mynetworks=127.0.0.0/8
-#    -o smtpd_error_sleep_time=0
-#    -o smtpd_soft_error_limit=1001
-#    -o smtpd_hard_error_limit=1000
-#    -o smtpd_client_connection_count_limit=0
-#    -o smtpd_client_connection_rate_limit=0
-#    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-#    -o local_header_rewrite_clients="
-#  notify: restart_postfix

roles/postfix/handlers/main.yml

@@ -2,3 +2,12 @@
 - include: service.yaml
   vars:
     service_name: postfix
+
+
+- include: service.yaml
+  vars:
+    service_name: clamav-daemon
+
+- include: service.yaml
+  vars:
+    service_name: amavisd-milter

roles/postfix/tasks/antispam.yaml

@@ -0,0 +1,54 @@
+- include: service.yaml
+  vars:
+    service_name: clamav-daemon
+    service_packages:
+           - clamav-daemon
+    install_recommends: yes
+
+- include: service.yaml
+  vars:
+    service_name: amavisd-milter
+    service_packages:
+           - amavisd-milter
+           - spamassassin
+    install_recommends: yes
+
+- name: disable spamassassin at boot
+  service: name="spamassassin" enabled=no
+
+# TODO spam, discard spam instead of bouncing it
+# /etc/amavis/conf.d/
+# $final_spam_destiny       = D_DISCARD;
+
+- name: configure amavisd-milter socket
+  blockinfile:
+    dest: '/etc/default/amavisd-milter'
+    block: |
+      MILTERSOCKET=inet:60001@127.0.0.1
+  notify: restart amavisd-milter
+
+- name: add amavis milter for smtp to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'smtpd_milters=inet:127.0.0.1:60001'
+    regexp: '^smtpd_milters='
+  notify: restart postfix
+
+- name: add amavis milter for non smtp to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'non_smtpd_milters=inet:127.0.0.1:60001'
+    regexp: '^non_smtpd_milters='
+  notify: restart postfix
+
+- include: service.yaml
+  vars:
+    service_name: postgrey
+    service_packages:
+           - postgrey
+
+- name: add postgrey to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023'
+  notify: restart postfix

roles/postfix/tasks/main.yaml

@@ -71,3 +71,6 @@
 - name: add lists.lilik.it relay
   lineinfile: dest=/etc/postfix/main.cf line="relay_domains = lists.lilik.it" regexp='relay_domains =' state=present
   notify: restart postfix
+
+- name: install antivirus and anti spam services
+  include: antispam.yaml