add some more config files

2025-05-25 11:07:02 +02:00
parent c5e2ee3a3e
commit 7a391feb70
11 changed files with 92 additions and 2 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 # handlers file for rspamd
 - name: restart rspamd
-  service:
+  ansible.builtin.service:
    name: rspamd
    state: restarted
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -16,6 +16,30 @@
    state: present
    name: rspamd

+- name: configure rspamd
+  notify: restart rspamd
+  block:
+  -  ansible.builtin.template:
+       src: "{{ item }}"
+       dest: /etc/rspamd/local.d/
+     loop:
+      - multimap.conf
+      - milter_headers.conf
+      - ip_whitelist.map
+      - host_whitelist.map
+      - address_whitelist.map
+      - address_blacklist.map
+      - actions.conf
+      - worker-controller.inc
+  - ansible.builtin.lineinfile:
+      create: true
+      path: /etc/rspamd/override.d/worker-proxy.inc
+      line: bind_socket = *:11332
+  - ansible.builtin.lineinfile:
+      create: true
+      path: /etc/rspamd/override.d/logging.inc
+      line: 'level = "notice";'
+
 - name: open firewall port
  when: use_ufw
  community.general.ufw:
@@ -28,7 +52,7 @@
    - { ip: 163.172.96.97,  comment: submarine }
    - { ip: 80.67.185.27,   comment: altc01 }
    - { ip: 51.15.130.230,  comment: mutine }
-    - { ip: 51.15.99.153,   comment: celestine }
+    - { ip: 57.128.123.211,   comment: mimine }
    - { ip:  51.15.253.78,  comment: cosine }

 - name: ensure rspamd listen everywhere
--- a/templates/actions.conf
+++ b/templates/actions.conf
@@ -0,0 +1,4 @@
+reject = 200;
+#{{ ansible_managed }}
+add_header = 5 ;
+greylist = 2 ;
--- a/templates/address_blacklist.map
+++ b/templates/address_blacklist.map
@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+thomas.constans@opendoor.fr
+
--- a/templates/address_whitelist.map
+++ b/templates/address_whitelist.map
@@ -0,0 +1,5 @@
+#{{ ansible_managed }}
+zabbix@opendoor.fr
+.*macif.fu
+.*@igensia.com
+
--- a/templates/dkim_signing.conf
+++ b/templates/dkim_signing.conf
@@ -0,0 +1,2 @@
+#{{ ansible_managed }}
+enabled = false;
--- a/templates/host_whitelist.map
+++ b/templates/host_whitelist.map
@@ -0,0 +1,8 @@
+#{{ ansible_managed }}
+alpine.opendoor.fr
+collidine.opendoor.fr
+fivenine.opendoor.fr
+infra.opendoor.fr
+lists.katipo.co.nz
+localhost
+lune.sortirdunucleaire.fr
--- a/templates/ip_whitelist.map
+++ b/templates/ip_whitelist.map
@@ -0,0 +1,6 @@
+#{{ ansible_managed }}
+78.193.182.235
+127.0.0.1
+81.250.227.252
+176.149.144.109
+217.182.138.100
--- a/templates/milter_headers.conf
+++ b/templates/milter_headers.conf
@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+#extended_spam_headers = true ;
+use = [ "x-spamd-result", "x-rspamd-server", "x-rspamd-queue-id", "x-spam-status", "x-spam-level"]
--- a/templates/multimap.conf
+++ b/templates/multimap.conf
@@ -0,0 +1,32 @@
+#{{ ansible_managed }}
+  IP_BLACKLIST {
+      type = "ip";
+      prefilter = true;
+      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
+      #action = "accept";
+		score = -42 ;
+  }
+
+  HOST_WHITELIST {
+	  type = "hostname";
+	  prefilter = true ;
+	  map = "/${LOCAL_CONFDIR}/local.d/host_whitelist.map";
+	  score = -42 ;
+  }
+
+# add score to mail sent to thomas.constans@opendoor.fr
+  ADDRESS_BLACKLIST {
+	  type = "rcpt";
+	  filter = "email" ;
+	  map = "/${LOCAL_CONFDIR}/local.d/address_blacklist.map";
+	  prefilter = true ;
+	  score = 2;
+	  }
+
+  IP_WHITELIST {
+      type = "from";
+      prefilter = true;
+      map = "/${LOCAL_CONFDIR}/local.d/address_whitelist.map";
+      action = "accept";
+  }
+
--- a/templates/worker-controller.inc
+++ b/templates/worker-controller.inc
@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+password = "$2$fifkkmz8sfw7yntrtz8etmdks9rz1k16$hzdzc9xmemx5imfd6brpt9xgd3onx9h6sm4k4wswmux1yeps53qy"
+bind_socket = "*:11334";