|
@@ -22,6 +22,44 @@
|
|
|
- name: Install SWAKS
|
|
|
apt: name="swaks" state=installed
|
|
|
|
|
|
- name: Set ClamAV Milter socket path
|
|
|
debconf: name=clamav-milter question=clamav-milter/MilterSocket vtype=string value=/var/spool/postfix/var/run/clamav/clamav-milter.ctl
|
|
|
|
|
|
- name: Have ClamAV Milter reject infected files
|
|
|
debconf: name=clamav-milter question=clamav-milter/OnInfected vtype=select value=Reject
|
|
|
|
|
|
- name: Have ClamAV Milter log full information about infected mails
|
|
|
debconf: name=clamav-milter question=clamav-milter/LogInfected vtype=select value=Full
|
|
|
|
|
|
- name: Set ClamAV Milter reject message
|
|
|
debconf: name=clamav-milter question=clamav-milter/RejectMsg vtype=string value="Your message has been rejected due to a possible virus (%v). Please contact the postmaster if you believe this is incorrect."
|
|
|
|
|
|
- name: Do not limit log file size for ClamAV Milter
|
|
|
debconf: name=clamav-milter question=clamav-milter/LogFileMaxSize vtype=string value=0M
|
|
|
|
|
|
- name: Allow members of Postfix group to access the ClamAV Milter socket file
|
|
|
debconf: name=clamav-milter question=clamav-milter/MilterSocketGroup vtype=string value=postfix
|
|
|
|
|
|
- name: Restrict access to ClamAV Milter socket to socket owner and group.
|
|
|
debconf: name=clamav-milter question=clamav-milter/MilterSocketMode vtype=string value=660
|
|
|
|
|
|
- name: Install milter packages
|
|
|
apt: name=clamav-milter state=installed
|
|
|
|
|
|
- name: Make sure that the ClamAV Milter socket file path is correct (workaround for Debian bug \#778445)
|
|
|
lineinfile: dest=/etc/clamav/clamav-milter.conf state=present backrefs=yes
|
|
|
line="MilterSocket /var/spool/postfix/var/run/clamav/clamav-milter.ctl"
|
|
|
regexp="^MilterSocket "
|
|
|
notify:
|
|
|
- Restart ClamAV Milter
|
|
|
|
|
|
- name: Set-up privileges for directories within Postfix chroot
|
|
|
file: dest="{{ item }}" mode=755
|
|
|
with_items:
|
|
|
- /var/spool/postfix/var
|
|
|
- /var/spool/postfix/var/run
|
|
|
- /var/spool/postfix/var/run/clamav
|
|
|
|
|
|
- name: Copy the LDAP TLS truststore into Postfix chroot
|
|
|
file: dest="/var/spool/postfix/etc/ssl/certs/truststore.pem" src="/etc/ssl/certs/truststore.pem"
|
|
|
mode=644 owner=root group=root state=file
|
|
@@ -69,6 +107,15 @@
|
|
|
notify:
|
|
|
- Restart Postfix
|
|
|
|
|
|
- name: Enable ClamAV service
|
|
|
service: name="{{ item }}" state=started
|
|
|
with_items:
|
|
|
- clamav-daemon
|
|
|
- clamav-freshclam
|
|
|
|
|
|
- name: Enable ClamAV milter service.
|
|
|
service: name=clamav-milter state=started
|
|
|
|
|
|
- name: Enable Postfix service
|
|
|
service: name=postfix enabled=yes state=started
|
|
|
|