From d344ec1e38f108de5428661bdcb51eb79fb2cf4a Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <mail@hinrikus-wolf.de>
Date: Wed, 16 May 2018 16:31:09 +0200
Subject: [PATCH] add spamassassin role and corresponding variables that plug
 in to the interface in postfix/dovecot

---
 spamassassin/files/defaults         | 34 +++++++++++
 spamassassin/files/local.cf         | 89 +++++++++++++++++++++++++++++
 spamassassin/files/sa-learn-ham.sh  |  3 +
 spamassassin/files/sa-learn-spam.sh |  3 +
 spamassassin/tasks/main.yml         | 43 ++++++++++++++
 5 files changed, 172 insertions(+)
 create mode 100644 spamassassin/files/defaults
 create mode 100644 spamassassin/files/local.cf
 create mode 100644 spamassassin/files/sa-learn-ham.sh
 create mode 100644 spamassassin/files/sa-learn-spam.sh
 create mode 100644 spamassassin/tasks/main.yml

diff --git a/spamassassin/files/defaults b/spamassassin/files/defaults
new file mode 100644
index 0000000..b79daf1
--- /dev/null
+++ b/spamassassin/files/defaults
@@ -0,0 +1,34 @@
+# /etc/default/spamassassin
+# Duncan Findlay
+
+# WARNING: please read README.spamd before using.
+# There may be security risks.
+
+# If you're using systemd (default for jessie), the ENABLED setting is
+# not used. Instead, enable spamd by issuing:
+# systemctl enable spamassassin.service
+# Change to "1" to enable spamd on systems using sysvinit:
+ENABLED=1
+
+# Options
+# See man spamd for possible options. The -d option is automatically added.
+
+# SpamAssassin uses a preforking model, so be careful! You need to
+# make sure --max-children is not set to anything higher than 5,
+# unless you know what you're doing.
+
+OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+
+# Pid file
+# Where should spamd write its PID to file? If you use the -u or
+# --username option above, this needs to be writable by that user.
+# Otherwise, the init script will not be able to shut spamd down.
+PIDFILE="/var/run/spamd.pid"
+
+# Set nice level of spamd
+#NICE="--nicelevel 15"
+
+# Cronjob
+# Set to anything but 0 to enable the cron job to automatically update
+# spamassassin's rules on a nightly basis
+CRON=1
diff --git a/spamassassin/files/local.cf b/spamassassin/files/local.cf
new file mode 100644
index 0000000..9089e22
--- /dev/null
+++ b/spamassassin/files/local.cf
@@ -0,0 +1,89 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+report_safe 0
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+required_score 3.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+# use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+# bayes_auto_learn 1
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Some shortcircuiting, if the plugin is enabled
+# 
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-whitelisted mails are *really* whitelisted now, if the
+#   shortcircuiting plugin is active, causing early exit to save CPU load.
+#   Uncomment to turn this on
+#
+# shortcircuit USER_IN_WHITELIST       on
+# shortcircuit USER_IN_DEF_WHITELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+# shortcircuit SUBJECT_IN_WHITELIST    on
+
+#   the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST       on
+# shortcircuit USER_IN_BLACKLIST_TO    on
+# shortcircuit SUBJECT_IN_BLACKLIST    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
diff --git a/spamassassin/files/sa-learn-ham.sh b/spamassassin/files/sa-learn-ham.sh
new file mode 100644
index 0000000..222a9eb
--- /dev/null
+++ b/spamassassin/files/sa-learn-ham.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec /usr/bin/sa-learn -u ${1} --ham
+
diff --git a/spamassassin/files/sa-learn-spam.sh b/spamassassin/files/sa-learn-spam.sh
new file mode 100644
index 0000000..b169fe6
--- /dev/null
+++ b/spamassassin/files/sa-learn-spam.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec /usr/bin/sa-learn -u ${1} --spam
+
diff --git a/spamassassin/tasks/main.yml b/spamassassin/tasks/main.yml
new file mode 100644
index 0000000..091028c
--- /dev/null
+++ b/spamassassin/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+
+- name: ensure spamassassin is installed
+  apt: name={{ item }} state=present
+  with_items:
+    - spamassassin
+    - spamc
+  tags:
+    - mail
+    - spamassassin
+
+- name: ensure spamassassin is configured
+  copy: src=files/local.cf dest=/etc/spamassassin/local.cf mode=0644 owner=root group=root
+
+  tags:
+    - mail
+    - spamassassin
+
+- name: ensure spamassassin is enabled -- the nasty debian way 
+  copy: src=files/defaults dest=/etc/default/spamassassin mode=0644 owner=root group=root
+  tags:
+    - mail
+    - spamassassin
+
+- name: ensure spamassasin is started and enanbled -- the usual way
+  service: name=spamassassin state=started enabled=yes
+  tags:
+    - mail
+    - spamassassin
+
+#- name: ensure there is sync cronjob for the learned filters
+
+- name: ensure scripts for learning spam are present.
+  copy: src="files/{{ item }}" dest=/var/lib/dovecot/sieve.d/{{ item }} mode=0750 owner=dovecot group=vmail
+  with_items:
+    - sa-learn-ham.sh
+    - sa-learn-spam.sh
+  tags:
+    - mail
+    - spamassassin
+
+
+
-- 
GitLab