blob: 2a6bb0e82926f2f890e880e7db2707c22e4729de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
Rspamd
======
Description
-----------
The `rspamd` role installs and configures [Rspamd](https://rspamd.com/), which
is used by [Postfix](../postfix_server/) for spam filtering and DKIM message
signing.
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
------------------------------|---------------------------------|------------
`rspamd_milter_port` | 11332 | Listening port for milter service
`rspamd_milter_process_count` | `{{ ansible_processor_vcpus }}` | Number of milter processes to run
`rspamd_controller_port` | 11334 | Listening port for controller / web GUI
`rspamd_redis_port` | 6379 | Local Redis port
`rspamd_redis_bayes_port` | 6380 | Local Redis port for Bayes classifier data
`rspamd_redis_max_memory` | `512mb` | Maximum memory usage for each Redis instance
`rspamd_admin_group` | `role-rspamd-admin` | FreeIPA group for users allowed to access web interface (will be created)
`rspamd_dkim_keys` | `{}` | Dictionary mapping domain names to DKIM signing keys
`rspamd_dkim_selector` | `dkim` | Name of DKIM selector in DNS
`rspamd_domain_whitelist` | `[]` | List of sender domains to _never_ mark as spam
This role **exports** the following variables:
Variable | Description
-----------------------|------------
`rspamd_archive_shell` | Shell command to generate backup tarball of redis databases
`rspamd_apache_config` | Apache config block for reverse proxy
Usage
-----
Example playbook:
````yaml
- name: configure rspamd
hosts: rspamd_servers
roles:
- role: rspamd
vars:
rspamd_domain_whitelist:
- badly-configured-domain.com
- never-mark-me-as-spam.com
rspamd_dkim_keys:
example.com: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAchangeme
-----END RSA PRIVATE KEY-----
example.net: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAchangeme
-----END RSA PRIVATE KEY-----
- role: apache_vhost
vars:
apache_default_vhost: yes
apache_config: '{{ rspamd_apache_config }}'
````
|