8 files changed, 105 insertions, 4 deletions

diff --git a/ansible/roles/dovecot/files/spamc-learn-ham.sh b/ansible/roles/dovecot/files/spamc-learn-ham.sh
new file mode 100644
index 0000000..4fe598f
--- /dev/null
+++ b/ansible/roles/dovecot/files/spamc-learn-ham.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+# Ansible managed
+
+exec /usr/bin/spamc --learntype=ham
diff --git a/ansible/roles/dovecot/files/spamc-learn-spam.sh b/ansible/roles/dovecot/files/spamc-learn-spam.sh
new file mode 100644
index 0000000..6eb90a7
--- /dev/null
+++ b/ansible/roles/dovecot/files/spamc-learn-spam.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+# Ansible managed
+
+exec /usr/bin/spamc --learntype=spam
diff --git a/ansible/roles/dovecot/handlers/main.yml b/ansible/roles/dovecot/handlers/main.yml
index 7169fa5..7880742 100644
--- a/ansible/roles/dovecot/handlers/main.yml
+++ b/ansible/roles/dovecot/handlers/main.yml
@@ -12,3 +12,11 @@
 - name: Recompile spam-to-folder sieve script
   command: /usr/bin/sievec /etc/dovecot/sieve-after/spam-to-folder.sieve
   changed_when: true
+
+- name: Recompile learn-spam sieve script
+  command: /usr/bin/sievec /etc/dovecot/sieve/learn-spam.sieve
+  changed_when: true
+
+- name: Recompile learn-ham sieve script
+  command: /usr/bin/sievec /etc/dovecot/sieve/learn-ham.sieve
+  changed_when: true
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
index 5f57991..6dc5c77 100644
--- a/ansible/roles/dovecot/tasks/main.yml
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -51,13 +51,16 @@
   notify:
     - Reload Dovecot
 
-- name: Create sieve-after directory
+- name: Create sieve directories
   file:
     state: directory
-    path: /etc/dovecot/sieve-after
+    path: "/etc/dovecot/{{ item }}"
     owner: vmail
     group: vmail
     mode: "0755"
+  loop:
+    - sieve
+    - sieve-after
   tags:
     - role::dovecot
 
@@ -67,7 +70,7 @@
     dest: /etc/dovecot/sieve-after/spam-to-folder.sieve
     owner: vmail
     group: vmail
-    mode: 0444
+    mode: "0444"
   notify:
     - Recompile spam-to-folder sieve script
   tags:
@@ -84,6 +87,72 @@
   tags:
     - role::dovecot
 
+- name: Create dovecot spam & ham sieve scripts
+  template:
+    src: "{{ item }}.j2"
+    dest: /etc/dovecot/sieve/{{ item }}
+    owner: vmail
+    group: vmail
+    mode: "0444"
+  with_items:
+    - learn-spam.sieve
+    - learn-ham.sieve
+  notify:
+    - Restart Dovecot
+    - Recompile dovecot learn-spam sieve script
+    - Recompile dovecot learn-ham sieve script
+  tags:
+    - role::dovecot
+
+- name: Create dovecot sieve pipe bin dir
+  file:
+    path: "{{ dovecot_sieve_pipe_bin_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0555"
+  tags:
+    - role::dovecot
+
+- name: Create dovecot spam & ham shell scripts
+  copy:
+    src: "{{ item }}"
+    dest: "{{ dovecot_sieve_pipe_bin_dir }}/{{ item }}"
+    owner: vmail
+    group: vmail
+    mode: "0500"
+  with_items:
+    - spamc-learn-ham.sh
+    - spamc-learn-spam.sh
+  tags:
+    - role::dovecot
+
+- name: Enable dovecot spamc learning integration
+  blockinfile:
+    path: /etc/dovecot/conf.d/90-sieve.conf
+    insertbefore: "^}$"
+    content: |2
+        # From elsewhere to Junk folder
+        imapsieve_mailbox1_name = Junk
+        imapsieve_mailbox1_causes = COPY
+        imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
+
+        # From Junk folder to elsewhere
+        imapsieve_mailbox2_name = *
+        imapsieve_mailbox2_from = Junk
+        imapsieve_mailbox2_causes = COPY
+        imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
+
+        sieve_pipe_bin_dir = {{ dovecot_sieve_pipe_bin_dir }}
+        sieve_global_extensions = +vnd.dovecot.pipe
+        sieve_plugins = sieve_imapsieve sieve_extprograms
+    marker: "  # {mark} spam & ham autolearning (ansible managed)"
+    state: present
+  notify:
+    - Reload Dovecot
+  tags:
+    - role::dovecot
+
 - name: Template Dovecot LDAP config
   template:
     src: dovecot-ldap.conf.ext.j2
diff --git a/ansible/roles/dovecot/templates/learn-ham.sieve.j2 b/ansible/roles/dovecot/templates/learn-ham.sieve.j2
new file mode 100644
index 0000000..6c1714e
--- /dev/null
+++ b/ansible/roles/dovecot/templates/learn-ham.sieve.j2
@@ -0,0 +1,10 @@
+# Ansible managed
+
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "variables"];
+
+# Ignore e-mails being moved into Trash for Ham learning
+if string "${mailbox}" "Trash" {
+  stop;
+}
+
+pipe :copy "spamc-learn-ham.sh";
diff --git a/ansible/roles/dovecot/templates/learn-spam.sieve.j2 b/ansible/roles/dovecot/templates/learn-spam.sieve.j2
new file mode 100644
index 0000000..318fc49
--- /dev/null
+++ b/ansible/roles/dovecot/templates/learn-spam.sieve.j2
@@ -0,0 +1,5 @@
+# Ansible managed
+
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+
+pipe :copy "spamc-learn-spam.sh";
diff --git a/ansible/roles/dovecot/vars/main/main.yml b/ansible/roles/dovecot/vars/main/main.yml
index ef5e580..66acba9 100644
--- a/ansible/roles/dovecot/vars/main/main.yml
+++ b/ansible/roles/dovecot/vars/main/main.yml
@@ -4,3 +4,4 @@ dovecot_ldap_user: "uid=dovecot,cn=users,cn=accounts,dc=box,dc=pydis,dc=wtf"
 dovecot_ldap_password: "{{ vault_dovecot_ldap_password }}"
 dovecot_ldap_tls_ca: "/etc/ipa/ca.crt"
 dovecot_vmail_uid: "5000"
+dovecot_sieve_pipe_bin_dir: /usr/lib/dovecot/sieve
diff --git a/ansible/roles/spamassassin/tasks/main.yml b/ansible/roles/spamassassin/tasks/main.yml
index 837e32a..a18c891 100644
--- a/ansible/roles/spamassassin/tasks/main.yml
+++ b/ansible/roles/spamassassin/tasks/main.yml
@@ -30,7 +30,7 @@
     - key: AHOME
       value: "/var/log/spamassassin/"
     - key: OPTIONS
-      value: "--create-prefs --max-children 5 --username spamd --helper-home-dir /var/spamd/ -s /var/spamd/spamd.log"
+      value: "--create-prefs --max-children 5 --username spamd --helper-home-dir /var/spamd/ -s /var/spamd/spamd.log --allow-tell"
     - key: CRON
       value: "1"
   tags: