Changeset - 2f0d3abc3c49
Parent rev.
Child rev.
[Not reviewed]
0 1 1
Branko Majic (branko) - 9 years ago 2015-04-07 23:01:44
branko@majic.rs
MAR-4: Use static file configuration for ClamAV Milter. This is more reliable since there is no decent way to signal debconf to redeploy configuration files.
2 files changed with 38 insertions and 25 deletions:
roles/mail_server/files/clamav-milter.conf
35
roles/mail_server/tasks/main.yml
3
25
0 comments (0 inline, 0 general)
roles/mail_server/files/clamav-milter.conf
Show inline comments
 
new file 100644
 
# General daemon configuration.
 
User clamav
 
AllowSupplementaryGroups true
 
ReadTimeout 120
 
Foreground false
 
PidFile /var/run/clamav/clamav-milter.pid
 
ClamdSocket unix:/var/run/clamav/clamd.ctl
 
TemporaryDirectory /tmp
 
SupportMultipleRecipients false
 

			




	
	
	
		
 
# Socket configuration.

			




	
	
	
		
 
MilterSocket /var/spool/postfix/var/run/clamav/clamav-milter.ctl

			




	
	
	
		
 
FixStaleSocket true

			




	
	
	
		
 
MilterSocketGroup postfix

			




	
	
	
		
 
MilterSocketMode 660

			




	
	
	
		
 

			




	
	
	
		
 
# Actions.

			




	
	
	
		
 
OnClean Accept

			




	
	
	
		
 
OnInfected Reject

			




	
	
	
		
 
OnFail Defer

			




	
	
	
		
 
AddHeader Replace

			




	
	
	
		
 
RejectMsg Your message has been rejected due to a possible virus (%v). Please contact the postmaster if you believe this is incorrect.

			




	
	
	
		
 

			




	
	
	
		
 
# Logging configuration.

			




	
	
	
		
 
LogSyslog false

			




	
	
	
		
 
LogFacility LOG_LOCAL6

			




	
	
	
		
 
LogVerbose false

			




	
	
	
		
 
LogInfected Full

			




	
	
	
		
 
LogClean Off

			




	
	
	
		
 
LogRotate true

			




	
	
	
		
 
MaxFileSize 25M

			




	
	
	
		
 
LogFile /var/log/clamav/clamav-milter.log

			




	
	
	
		
 
LogTime true

			




	
	
	
		
 
LogFileUnlock false

			




	
	
	
		
 
LogFileMaxSize 0M

			




        

    


    
    

    

        

                

                    roles/mail_server/tasks/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -22,34 +22,12 @@

			




	
	
	
		
 
- name: Install SWAKS

			




	
	
	
		
 
  apt: name="swaks" state=installed

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set ClamAV Milter socket path

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocket vtype=string value=/var/spool/postfix/var/run/clamav/clamav-milter.ctl

			




	
	
	
		
 

			




	
	
	
		
 
- name: Have ClamAV Milter reject infected files

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/OnInfected vtype=select value=Reject

			




	
	
	
		
 

			




	
	
	
		
 
- name: Have ClamAV Milter log full information about infected mails

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/LogInfected vtype=select value=Full

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set ClamAV Milter reject message

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/RejectMsg vtype=string value="Your message has been rejected due to a possible virus (%v). Please contact the postmaster if you believe this is incorrect."

			




	
	
	
		
 

			




	
	
	
		
 
- name: Do not limit log file size for ClamAV Milter

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/LogFileMaxSize vtype=string value=0M

			




	
	
	
		
 

			




	
	
	
		
 
- name: Allow members of Postfix group to access the ClamAV Milter socket file

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocketGroup vtype=string value=postfix

			




	
	
	
		
 

			




	
	
	
		
 
- name: Restrict access to ClamAV Milter socket to socket owner and group.

			




	
	
	
		
 
  debconf: name=clamav-milter question=clamav-milter/MilterSocketMode vtype=string value=660

			




	
	
	
		
 

			




	
	
	
		
 
- name: Install milter packages

			




	
	
	
		
 
  apt: name=clamav-milter state=installed

			




	
	
	
		
 

			




	
	
	
		
 
- name: Make sure that the ClamAV Milter socket file path is correct (workaround for Debian bug \#778445)

			




	
	
	
		
 
  lineinfile: dest=/etc/clamav/clamav-milter.conf state=present backrefs=yes

			




	
	
	
		
 
              line="MilterSocket /var/spool/postfix/var/run/clamav/clamav-milter.ctl"

			




	
	
	
		
 
              regexp="^MilterSocket "

			




	
	
	
		
 
- name: Configure ClamAV Milter

			




	
	
	
		
 
  copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"

			




	
	
	
		
 
        mode=644 owner=root group=root

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart ClamAV Milter

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.