improve rspamd (+sieve)

defaults/main.yml

@@ -20,3 +20,4 @@ mailserver_postfixadmin_default_aliases:
   webmaster: "webmaster@{{ mailserver_mail_domain }}"
 
 mailserver_rspamd_enabled: true
+mailserver_rspamd_dkim_selector: "2020"

files/dovecot-spam.sieve

@@ -0,0 +1,9 @@
+require "fileinto";
+
+if header :contains "X-Spam-Flag" "YES" {
+    fileinto "Junk";
+}
+
+if header :is "X-Spam" "Yes" {
+    fileinto "Junk";
+}

files/rspamd/learn-ham.sieve

@@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["learn_ham"];

files/rspamd/learn-spam.sieve

@@ -0,0 +1,2 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["learn_spam"];

tasks/dovecot.yml

@@ -51,8 +51,22 @@
   - conf.d/90-sieve.conf
   - conf.d/91-stats.conf
 
+- name: dovecot - create sieve folder
+  file:
+    path: /srv/mail/sieve
+    state: directory
+    owner: vmail
+    group: vmail
+
+- name: dovecot - sieve default spam
+  copy:
+    src: dovecot-spam.sieve
+    dest: /srv/mail/sieve/spam.sieve
+    owner: vmail
+    group: vmail
+
 - name: dovecot - start and enable on boot
   systemd:
     name: dovecot
     enabled: yes
-    state: restarted
+    state: started

tasks/rspamd.yml

@@ -4,3 +4,41 @@
     state: latest
     name:
       - rspamd
+      - redis
+
+- name: rspamd - start and enable redis on boot
+  systemd:
+    name: redis
+    enabled: yes
+    state: started
+
+- name: rspamd - create config folder
+  file:
+    path: /etc/rspamd/local.d
+    state: directory
+
+- name: rspamd - config
+  template:
+    src: "rspamd/{{ item }}"
+    dest: "/etc/rspamd/local.d/{{ item }}" 
+  with_items:
+  - arc.conf
+  - classifier-bayes.conf
+  - dkim_signing.conf
+  - milter_headers.conf
+  - redis.conf
+  #- worker-controller.inc
+
+- name: rspamd - install sieve
+  copy:
+    src: "rspamd/{{ item }}"
+    dest: "/srv/mail/sieve/{{ item }}"
+  with_items:
+  - learn-ham.sieve
+  - learn-spam.sieve
+
+- name: rspamd - start and enable on boot
+  systemd:
+    name: rspamd
+    enabled: yes
+    state: started

templates/rspamd/arc.conf

@@ -0,0 +1,5 @@
+path = "/var/lib/rspamd/dkim/$selector.key";
+selector = "{{ mailserver_rspamd_dkim_selector }}";
+
+### Enable DKIM signing for alias sender addresses
+allow_username_mismatch = true;

templates/rspamd/classifier-bayes.conf

@@ -0,0 +1,3 @@
+backend = "redis";
+new_schema = true;
+expire = 8640000;

templates/rspamd/dkim_signing.conf

@@ -0,0 +1,5 @@
+path = "/var/lib/rspamd/dkim/$selector.key";
+selector = "{{ mailserver_rspamd_dkim_selector }}";
+
+### Enable DKIM signing for alias sender addresses
+allow_username_mismatch = true;

templates/rspamd/milter_headers.conf

@@ -0,0 +1,2 @@
+use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
+authenticated_headers = ["authentication-results"];

templates/rspamd/redis.conf

@@ -0,0 +1 @@
+servers = "127.0.0.1";