From 5e0d9248144499b64f487e788b0775977e433c57 Mon Sep 17 00:00:00 2001
From: Andrea Cimbalo <cimbalo@gmail.com>
Date: Wed, 17 Aug 2016 03:29:24 +0200
Subject: [PATCH] postfix: first impletentation of spam and virus filter

---
 roles/dovecot/tasks/main.yaml     | 36 ---------------------
 roles/postfix/handlers/main.yml   |  9 ++++++
 roles/postfix/tasks/antispam.yaml | 54 +++++++++++++++++++++++++++++++
 roles/postfix/tasks/main.yaml     |  3 ++
 4 files changed, 66 insertions(+), 36 deletions(-)
 create mode 100644 roles/postfix/tasks/antispam.yaml

diff --git a/roles/dovecot/tasks/main.yaml b/roles/dovecot/tasks/main.yaml
index 14af182..d93c860 100644
--- a/roles/dovecot/tasks/main.yaml
+++ b/roles/dovecot/tasks/main.yaml
@@ -6,11 +6,6 @@
       - dovecot-ldap
       - dovecot-imapd
       - rsyslog
-#      - dovecot-lmtpd
-#      - amavisd-new
-#      - postgrey #TODO
-#      - spamassassin
-#      - clamav-daemon
 
 - lineinfile: dest=/etc/postfix/main.cf line="virtual_transport = dovecot" state=present
   notify: restart postfix
@@ -88,34 +83,3 @@
 
 - template: src=dovecot-ldap.conf.ext.j2 dest=/etc/dovecot/dovecot-ldap.conf.ext
   notify: restart dovecot
-
-#- lineinfile: dest=/etc/postfix/main.cf line="content_filter=smtp-amavis:[127.0.0.1]:10024" state=present
-#  notify: restart_postfix
-
-#- blockinfile: |
-#    dest=/etc/postfix/master.cf
-#    content=" smtp-amavis unix    -       -       n       -       2     smtp
-#    -o smtp_data_done_timeout=1200
-#    -o smtp_send_xforward_command=yes
-#    -o disable_dns_lookups=yes
-#    -o max_use=20
-#
-#     127.0.0.1:10025 inet n    -       n       -       -     smtpd
-#    -o content_filter=
-#    -o smtpd_delay_reject=no
-#    -o smtpd_client_restrictions=permit_mynetworks,reject
-#    -o smtpd_helo_restrictions=
-#    -o smtpd_sender_restrictions=
-#    -o smtpd_recipient_restrictions=permit_mynetworks,reject
-#    -o smtpd_data_restrictions=reject_unauth_pipelining
-#    -o smtpd_end_of_data_restrictions=
-#    -o smtpd_restriction_classes=
-#    -o mynetworks=127.0.0.0/8
-#    -o smtpd_error_sleep_time=0
-#    -o smtpd_soft_error_limit=1001
-#    -o smtpd_hard_error_limit=1000
-#    -o smtpd_client_connection_count_limit=0
-#    -o smtpd_client_connection_rate_limit=0
-#    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-#    -o local_header_rewrite_clients="
-#  notify: restart_postfix
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index a3d0219..a1128ef 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -2,3 +2,12 @@
 - include: service.yaml
   vars:
     service_name: postfix
+
+
+- include: service.yaml
+  vars:
+    service_name: clamav-daemon
+
+- include: service.yaml
+  vars:
+    service_name: amavisd-milter
diff --git a/roles/postfix/tasks/antispam.yaml b/roles/postfix/tasks/antispam.yaml
new file mode 100644
index 0000000..a378dff
--- /dev/null
+++ b/roles/postfix/tasks/antispam.yaml
@@ -0,0 +1,54 @@
+- include: service.yaml
+  vars:
+    service_name: clamav-daemon
+    service_packages:
+           - clamav-daemon
+    install_recommends: yes
+
+- include: service.yaml
+  vars:
+    service_name: amavisd-milter
+    service_packages:
+           - amavisd-milter
+           - spamassassin
+    install_recommends: yes
+
+- name: disable spamassassin at boot
+  service: name="spamassassin" enabled=no
+
+# TODO spam, discard spam instead of bouncing it
+# /etc/amavis/conf.d/
+# $final_spam_destiny       = D_DISCARD;
+
+- name: configure amavisd-milter socket
+  blockinfile:
+    dest: '/etc/default/amavisd-milter'
+    block: |
+      MILTERSOCKET=inet:60001@127.0.0.1
+  notify: restart amavisd-milter
+
+- name: add amavis milter for smtp to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'smtpd_milters=inet:127.0.0.1:60001'
+    regexp: '^smtpd_milters='
+  notify: restart postfix
+
+- name: add amavis milter for non smtp to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'non_smtpd_milters=inet:127.0.0.1:60001'
+    regexp: '^non_smtpd_milters='
+  notify: restart postfix
+
+- include: service.yaml
+  vars:
+    service_name: postgrey
+    service_packages:
+           - postgrey
+
+- name: add postgrey to postfix
+  lineinfile:
+    dest: '/etc/postfix/main.cf'
+    line: 'smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023'
+  notify: restart postfix
diff --git a/roles/postfix/tasks/main.yaml b/roles/postfix/tasks/main.yaml
index 4c63066..fb432d3 100644
--- a/roles/postfix/tasks/main.yaml
+++ b/roles/postfix/tasks/main.yaml
@@ -71,3 +71,6 @@
 - name: add lists.lilik.it relay
   lineinfile: dest=/etc/postfix/main.cf line="relay_domains = lists.lilik.it" regexp='relay_domains =' state=present
   notify: restart postfix
+
+- name: install antivirus and anti spam services
+  include: antispam.yaml