add some more config files

handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 # handlers file for rspamd
 - name: restart rspamd
-  service:
+  ansible.builtin.service:
     name: rspamd
     state: restarted

tasks/main.yml

@@ -16,6 +16,30 @@
     state: present
     name: rspamd
 
+- name: configure rspamd
+  notify: restart rspamd
+  block:
+  -  ansible.builtin.template:
+       src: "{{ item }}"
+       dest: /etc/rspamd/local.d/
+     loop:
+      - multimap.conf
+      - milter_headers.conf
+      - ip_whitelist.map
+      - host_whitelist.map
+      - address_whitelist.map
+      - address_blacklist.map
+      - actions.conf
+      - worker-controller.inc
+  - ansible.builtin.lineinfile:
+      create: true
+      path: /etc/rspamd/override.d/worker-proxy.inc
+      line: bind_socket = *:11332
+  - ansible.builtin.lineinfile:
+      create: true
+      path: /etc/rspamd/override.d/logging.inc
+      line: 'level = "notice";'
+
 - name: open firewall port
   when: use_ufw
   community.general.ufw:
@@ -28,7 +52,7 @@
     - { ip: 163.172.96.97,  comment: submarine }
     - { ip: 80.67.185.27,   comment: altc01 }
     - { ip: 51.15.130.230,  comment: mutine }
-    - { ip: 51.15.99.153,   comment: celestine }
+    - { ip: 57.128.123.211,   comment: mimine }
     - { ip:  51.15.253.78,  comment: cosine }
 
 - name: ensure rspamd listen everywhere

templates/actions.conf

@@ -0,0 +1,4 @@
+reject = 200;
+#{{ ansible_managed }}
+add_header = 5 ;
+greylist = 2 ;

templates/address_blacklist.map

@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+thomas.constans@opendoor.fr
+

templates/address_whitelist.map

@@ -0,0 +1,5 @@
+#{{ ansible_managed }}
+zabbix@opendoor.fr
+.*macif.fu
+.*@igensia.com
+

templates/dkim_signing.conf

@@ -0,0 +1,2 @@
+#{{ ansible_managed }}
+enabled = false;

templates/host_whitelist.map

@@ -0,0 +1,8 @@
+#{{ ansible_managed }}
+alpine.opendoor.fr
+collidine.opendoor.fr
+fivenine.opendoor.fr
+infra.opendoor.fr
+lists.katipo.co.nz
+localhost
+lune.sortirdunucleaire.fr

templates/ip_whitelist.map

@@ -0,0 +1,6 @@
+#{{ ansible_managed }}
+78.193.182.235
+127.0.0.1
+81.250.227.252
+176.149.144.109
+217.182.138.100

templates/milter_headers.conf

@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+#extended_spam_headers = true ;
+use = [ "x-spamd-result", "x-rspamd-server", "x-rspamd-queue-id", "x-spam-status", "x-spam-level"]

templates/multimap.conf

@@ -0,0 +1,32 @@
+#{{ ansible_managed }}
+  IP_BLACKLIST {
+      type = "ip";
+      prefilter = true;
+      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
+      #action = "accept";
+		score = -42 ;
+  }
+
+  HOST_WHITELIST {
+	  type = "hostname";
+	  prefilter = true ;
+	  map = "/${LOCAL_CONFDIR}/local.d/host_whitelist.map";
+	  score = -42 ;
+  }
+
+# add score to mail sent to thomas.constans@opendoor.fr
+  ADDRESS_BLACKLIST {
+	  type = "rcpt";
+	  filter = "email" ;
+	  map = "/${LOCAL_CONFDIR}/local.d/address_blacklist.map";
+	  prefilter = true ;
+	  score = 2;
+	  }
+
+  IP_WHITELIST {
+      type = "from";
+      prefilter = true;
+      map = "/${LOCAL_CONFDIR}/local.d/address_whitelist.map";
+      action = "accept";
+  }
+

templates/worker-controller.inc

@@ -0,0 +1,3 @@
+#{{ ansible_managed }}
+password = "$2$fifkkmz8sfw7yntrtz8etmdks9rz1k16$hzdzc9xmemx5imfd6brpt9xgd3onx9h6sm4k4wswmux1yeps53qy"
+bind_socket = "*:11334";