roles/rspamd/README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

Rspamd
======

Description
-----------

The `rspamd` role installs and configures [Rspamd](https://rspamd.com/), which
is used by [Postfix](../postfix_server/) for spam filtering and DKIM message
signing.

Variables
---------

This role **accepts** the following variables:

Variable                      | Default                         | Description
------------------------------|---------------------------------|------------
`rspamd_milter_port`          | 11332                           | Listening port for milter service
`rspamd_milter_process_count` | `{{ ansible_processor_vcpus }}` | Number of milter processes to run
`rspamd_controller_port`      | 11334                           | Listening port for controller / web GUI
`rspamd_redis_port`           | 6379                            | Local Redis port
`rspamd_redis_bayes_port`     | 6380                            | Local Redis port for Bayes classifier data
`rspamd_redis_max_memory`     | `512mb`                         | Maximum memory usage for each Redis instance
`rspamd_admin_group`          | `role-rspamd-admin`             | FreeIPA group for users allowed to access web interface (will be created)
`rspamd_dkim_keys`            | `{}`                            | Dictionary mapping domain names to DKIM signing keys
`rspamd_dkim_selector`        | `dkim`                          | Name of DKIM selector in DNS
`rspamd_domain_whitelist`     | `[]`                            | List of sender domains to _never_ mark as spam


This role **exports** the following variables:

Variable               | Description
-----------------------|------------
`rspamd_archive_shell` | Shell command to generate backup tarball of redis databases
`rspamd_apache_config` | Apache config block for reverse proxy

Usage
-----

Example playbook:

````yaml
- name: configure rspamd
  hosts: rspamd_servers
  roles:
    - role: rspamd
      vars:
        rspamd_domain_whitelist:
          - badly-configured-domain.com
          - never-mark-me-as-spam.com
        rspamd_dkim_keys:
          example.com: |
            -----BEGIN RSA PRIVATE KEY-----
            AAAAAAAAAAAAAAAAchangeme
            -----END RSA PRIVATE KEY-----
          example.net: |
            -----BEGIN RSA PRIVATE KEY-----
            AAAAAAAAAAAAAAAAchangeme
            -----END RSA PRIVATE KEY-----

    - role: apache_vhost
      vars:
        apache_default_vhost: yes
        apache_config: '{{ rspamd_apache_config }}'
````