improve rspamd (+sieve)

3 years ago · d240521c1a
parent 5b761c2004
commit d240521c1a
11 changed files with 83 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -20,3 +20,4 @@ mailserver_postfixadmin_default_aliases:
  webmaster: "webmaster@{{ mailserver_mail_domain }}"

 mailserver_rspamd_enabled: true
+mailserver_rspamd_dkim_selector: "2020"
--- a/files/dovecot-spam.sieve
+++ b/files/dovecot-spam.sieve
@ -0,0 +1,9 @@
+require "fileinto";
+
+if header :contains "X-Spam-Flag" "YES" {
+    fileinto "Junk";
+}
+
+if header :is "X-Spam" "Yes" {
+    fileinto "Junk";
+}
--- a/files/rspamd/learn-ham.sieve
+++ b/files/rspamd/learn-ham.sieve
@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["learn_ham"];
--- a/files/rspamd/learn-spam.sieve
+++ b/files/rspamd/learn-spam.sieve
@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["learn_spam"];
--- a/tasks/dovecot.yml
+++ b/tasks/dovecot.yml
@ -51,8 +51,22 @@
  - conf.d/90-sieve.conf
  - conf.d/91-stats.conf

+- name: dovecot - create sieve folder
+  file:
+    path: /srv/mail/sieve
+    state: directory
+    owner: vmail
+    group: vmail
+
+- name: dovecot - sieve default spam
+  copy:
+    src: dovecot-spam.sieve
+    dest: /srv/mail/sieve/spam.sieve
+    owner: vmail
+    group: vmail
+
 - name: dovecot - start and enable on boot
  systemd:
    name: dovecot
    enabled: yes
-    state: restarted
+    state: started
--- a/tasks/rspamd.yml
+++ b/tasks/rspamd.yml
@ -4,3 +4,41 @@
    state: latest
    name:
      - rspamd
+      - redis
+
+- name: rspamd - start and enable redis on boot
+  systemd:
+    name: redis
+    enabled: yes
+    state: started
+
+- name: rspamd - create config folder
+  file:
+    path: /etc/rspamd/local.d
+    state: directory
+
+- name: rspamd - config
+  template:
+    src: "rspamd/{{ item }}"
+    dest: "/etc/rspamd/local.d/{{ item }}" 
+  with_items:
+  - arc.conf
+  - classifier-bayes.conf
+  - dkim_signing.conf
+  - milter_headers.conf
+  - redis.conf
+  #- worker-controller.inc
+
+- name: rspamd - install sieve
+  copy:
+    src: "rspamd/{{ item }}"
+    dest: "/srv/mail/sieve/{{ item }}"
+  with_items:
+  - learn-ham.sieve
+  - learn-spam.sieve
+
+- name: rspamd - start and enable on boot
+  systemd:
+    name: rspamd
+    enabled: yes
+    state: started
--- a/templates/rspamd/arc.conf
+++ b/templates/rspamd/arc.conf
@ -0,0 +1,5 @@
+path = "/var/lib/rspamd/dkim/$selector.key";
+selector = "{{ mailserver_rspamd_dkim_selector }}";
+
+### Enable DKIM signing for alias sender addresses
+allow_username_mismatch = true;
--- a/templates/rspamd/classifier-bayes.conf
+++ b/templates/rspamd/classifier-bayes.conf
@ -0,0 +1,3 @@
+backend = "redis";
+new_schema = true;
+expire = 8640000;
--- a/templates/rspamd/dkim_signing.conf
+++ b/templates/rspamd/dkim_signing.conf
@ -0,0 +1,5 @@
+path = "/var/lib/rspamd/dkim/$selector.key";
+selector = "{{ mailserver_rspamd_dkim_selector }}";
+
+### Enable DKIM signing for alias sender addresses
+allow_username_mismatch = true;
--- a/templates/rspamd/milter_headers.conf
+++ b/templates/rspamd/milter_headers.conf
@ -0,0 +1,2 @@
+use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
+authenticated_headers = ["authentication-results"];
--- a/templates/rspamd/redis.conf
+++ b/templates/rspamd/redis.conf
@ -0,0 +1 @@
+servers = "127.0.0.1";