Changeset - 12abf97ac229
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 9 years ago 2015-04-07 23:01:33
branko@majic.rs
MAR-4: Implemented scanning of mails via ClamAV. Added a couple of comments to Postfix configuration file.
3 files changed with 57 insertions and 1 deletions:
roles/mail_server/handlers/main.yml
4
1
roles/mail_server/tasks/main.yml
47
roles/mail_server/templates/main.cf.j2
6
0 comments (0 inline, 0 general)
roles/mail_server/handlers/main.yml
Show inline comments
 
@@ -7,4 +7,7 @@
 
  service: name="postfix" state=restarted
 

			




	
	
	
		
 
- name: Restart Dovecot

			




	
	
	
		
 
  service: name="dovecot" state=restarted

			




	
	
		
 
\ No newline at end of file

			




	
	
	
		
 
  service: name="dovecot" state=restarted

			




	
	
	
		
 

			




	
	
	
		
 
- name: Restart ClamAV Milter

			




	
	
	
		
 
  service: name="clamav-milter" state=restarted

			




        

    


    
    

    

        

                

                    roles/mail_server/tasks/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -22,6 +22,44 @@

			




	
	
	
		
 
- name: Install SWAKS

			




	
	
	
		
 
  apt: name="swaks" state=installed

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set ClamAV Milter socket path

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocket vtype=string value=/var/spool/postfix/var/run/clamav/clamav-milter.ctl

			




	
	
	
		
 

			




	
	
	
		
 
- name: Have ClamAV Milter reject infected files

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/OnInfected vtype=select value=Reject

			




	
	
	
		
 

			




	
	
	
		
 
- name: Have ClamAV Milter log full information about infected mails

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/LogInfected vtype=select value=Full

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set ClamAV Milter reject message

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/RejectMsg vtype=string value="Your message has been rejected due to a possible virus (%v). Please contact the postmaster if you believe this is incorrect."

			




	
	
	
		
 

			




	
	
	
		
 
- name: Do not limit log file size for ClamAV Milter

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/LogFileMaxSize vtype=string value=0M

			




	
	
	
		
 

			




	
	
	
		
 
- name: Allow members of Postfix group to access the ClamAV Milter socket file

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocketGroup vtype=string value=postfix

			




	
	
	
		
 

			




	
	
	
		
 
- name: Restrict access to ClamAV Milter socket to socket owner and group.

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocketMode vtype=string value=660

			




	
	
	
		
 

			




	
	
	
		
 
- name: Install milter packages

			




	
	
	
		
 
  apt: name=clamav-milter state=installed

			




	
	
	
		
 

			




	
	
	
		
 
- name: Make sure that the ClamAV Milter socket file path is correct (workaround for Debian bug \#778445)

			




	
	
	
		
 
  lineinfile: dest=/etc/clamav/clamav-milter.conf state=present backrefs=yes

			




	
	
	
		
 
              line="MilterSocket /var/spool/postfix/var/run/clamav/clamav-milter.ctl"

			




	
	
	
		
 
              regexp="^MilterSocket "

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart ClamAV Milter

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set-up privileges for directories within Postfix chroot

			




	
	
	
		
 
  file: dest="{{ item }}" mode=755

			




	
	
	
		
 
  with_items:

			




	
	
	
		
 
    - /var/spool/postfix/var

			




	
	
	
		
 
    - /var/spool/postfix/var/run

			




	
	
	
		
 
    - /var/spool/postfix/var/run/clamav

			




	
	
	
		
 

			




	
	
	
		
 
- name: Copy the LDAP TLS truststore into Postfix chroot

			




	
	
	
		
 
  file: dest="/var/spool/postfix/etc/ssl/certs/truststore.pem" src="/etc/ssl/certs/truststore.pem"

			




	
	
	
		
 
        mode=644 owner=root group=root state=file

			




	
	
		
 
@@ -69,6 +107,15 @@

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart Postfix

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable ClamAV service

			




	
	
	
		
 
  service: name="{{ item }}" state=started

			




	
	
	
		
 
  with_items:

			




	
	
	
		
 
    - clamav-daemon

			




	
	
	
		
 
    - clamav-freshclam

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable ClamAV milter service.

			




	
	
	
		
 
  service: name=clamav-milter state=started

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable Postfix service

			




	
	
	
		
 
  service: name=postfix enabled=yes state=started

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    roles/mail_server/templates/main.cf.j2
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -52,13 +52,19 @@ dovecot_destination_recipient_limit = 1

			




	
	
	
		
 
smtpd_sasl_type = dovecot

			




	
	
	
		
 
smtpd_sasl_path = private/auth

			




	
	
	
		
 
smtpd_sasl_auth_enable = yes

			




	
	
	
		
 

			




	
	
	
		
 
# TLS configuration.

			




	
	
	
		
 
smtpd_tls_security_level = may

			




	
	
	
		
 
smtpd_tls_auth_only = yes

			




	
	
	
		
 
smtpd_tls_cert_file = {{ smtp_tls_certificate }}

			




	
	
	
		
 
smtpd_tls_key_file = {{ smtp_tls_key }}

			




	
	
	
		
 

			




	
	
	
		
 
# Recipients restricting.

			




	
	
	
		
 
smtpd_recipient_restrictions = permit_mynetworks

			




	
	
	
		
 
  permit_sasl_authenticated

			




	
	
	
		
 
  {% for rbl in smtp_rbl -%}

			




	
	
	
		
 
  reject_rbl {{ rbl }}

			




	
	
	
		
 
  {% endfor -%}

			




	
	
	
		
 
  reject_unauth_destination

			




	
	
	
		
 
smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl

			




	
	
	
		
 
non_smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.