Add role for spamassassin

4 files changed, 177 insertions, 0 deletions

diff --git a/ansible/roles/spamassassin/handlers/main.yml b/ansible/roles/spamassassin/handlers/main.yml
new file mode 100644
index 0000000..761230e
--- /dev/null
+++ b/ansible/roles/spamassassin/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Restart spamd
+  service:
+    name: spamd
+    state: restarted
+
+- name: Reload spamd
+  service:
+    name: spamd
+    state: reloaded
diff --git a/ansible/roles/spamassassin/tasks/main.yml b/ansible/roles/spamassassin/tasks/main.yml
new file mode 100644
index 0000000..837e32a
--- /dev/null
+++ b/ansible/roles/spamassassin/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+- name: Install spamassassin packages
+  package:
+    state: present
+    name:
+      - spamassassin
+      - spamc
+  tags:
+    - role::spamassassin
+
+- name: Create spamd user
+  user:
+    name: spamd
+    home: /var/spamd
+    comment: "SpamAssassin user"
+  tags:
+    - role::spamassassin
+
+- name: Update spamd defaults
+  lineinfile:
+    path: /etc/default/spamd
+    regexp: '^{{ item[''key''] }}="'
+    line: '{{ item["key"] }}="{{ item["value"] }}"'
+    mode: "0644"
+    owner: root
+    group: root
+  loop:
+    - key: ENABLED
+      value: "1"
+    - key: AHOME
+      value: "/var/log/spamassassin/"
+    - key: OPTIONS
+      value: "--create-prefs --max-children 5 --username spamd --helper-home-dir /var/spamd/ -s /var/spamd/spamd.log"
+    - key: CRON
+      value: "1"
+  tags:
+    - role::spamassassin
+  notify:
+    - Restart spamd
+
+- name: Template local.cf spamassassin configuation file
+  template:
+    src: local.cf.j2
+    dest: /etc/spamassassin/local.cf
+    group: root
+    owner: root
+    mode: "0644"
+  tags:
+    - role::spamassassin
+  notify:
+    - Reload spamd
diff --git a/ansible/roles/spamassassin/templates/local.cf.j2 b/ansible/roles/spamassassin/templates/local.cf.j2
new file mode 100644
index 0000000..f59e9bc
--- /dev/null
+++ b/ansible/roles/spamassassin/templates/local.cf.j2
@@ -0,0 +1,114 @@
+# Managed by Ansible
+
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+report_contact {{ spamassassin_contact_email }}
+
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+# report_safe 1
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+# required_score 5.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+bayes_auto_learn 1
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+#   Some shortcircuiting, if the plugin is enabled
+#
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-welcomelisted mails are *really* welcomelisted now, if
+#   the shortcircuiting plugin is active, causing early exit to save CPU
+#   load.  Uncomment to turn this on
+#
+#   SpamAssassin tries hard not to launch DNS queries before priority -100.
+#   If you want to shortcircuit without launching unneeded queries, make
+#   sure such rule priority is below -100. These examples are already:
+#
+# shortcircuit USER_IN_WELCOMELIST       on
+# shortcircuit USER_IN_DEF_WELCOMELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+
+#   the opposite; blocklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLOCKLIST       on
+# shortcircuit USER_IN_BLOCKLIST_TO    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
diff --git a/ansible/roles/spamassassin/vars/main.yml b/ansible/roles/spamassassin/vars/main.yml
new file mode 100644
index 0000000..ba0ec41
--- /dev/null
+++ b/ansible/roles/spamassassin/vars/main.yml
@@ -0,0 +1,2 @@
+---
+spamassassin_contact_email: "[email protected]"