Introduce pflogsumm.

2021-12-04 18:20:15 +01:00 · 2021-12-04 18:20:15 +01:00 · a4865cd41e
parent 0aae2ebe17
commit a4865cd41e
6 changed files with 104 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,10 +7,12 @@ postfix_relay_rh_pkgs:
  - cyrus-sasl-lib
  - cyrus-sasl-plain
  - cyrus-sasl-md5
+  - postfix-perl-scripts

 postfix_relay_deb_pkgs:
  - postfix
  - libsasl2-2
+  - pflogsumm

 #############################################################################
 # Set them to true when you want configure your machine to send email to a relay
@ -202,6 +204,13 @@ postfix_default_destination_concurrency_limit: 5
 postfix_behind_haproxy: False
 postfix_postscreen_port: 1024

+postfix_pflogsumm_reports: False
+postfix_pflogsumm_mail_report: False
+postfix_pflogsumm_mail_report_address: 'postmaster'
+postfix_pflogsumm_dir: /var/log/smtp_reports
+postfix_pflogsumm_logfile: '{{ postfix_pflogsumm_dir }}/pflogsumm.log'
+postfix_pflogsumm_options: '-d yesterday --problems_first --rej_add_from --verbose_msg_detail -q'
+postfix_pflogsumm_reports_days: 10
 #
 # Nagios monitoring
 #
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,6 +1,7 @@
 ---
 - import_tasks: smtp-common-packages.yml
 - import_tasks: smtp-configuration.yml
+- import_tasks: postfix_pflogsumm.yml
 - import_tasks: postfix_firewalld.yml
  when: ansible_distribution_file_variety == "RedHat"
 - import_tasks: smtp-sasl-auth.yml
--- a/tasks/postfix_firewalld.yml
+++ b/tasks/postfix_firewalld.yml
@ -5,4 +5,5 @@
      firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
      with_items: '{{ postfix_firewalld_services }}'

+  when: firewalld_enabled
  tags: [ 'postfix', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ]
--- a/tasks/postfix_pflogsumm.yml
+++ b/tasks/postfix_pflogsumm.yml
@ -0,0 +1,74 @@
+---
+- name: Configure pflogsumm
+  block:
+  - name: Set the postfix logfile path in EL distributions
+    set_fact:
+      postfix_logfile: /var/log/maillog
+    when: ansible_distribution_file_variety == "RedHat"
+
+  - name: Set the postfix logfile path in deb distributions
+    set_fact:
+      postfix_logfile: /var/log/mail.log
+    when: ansible_distribution_file_variety == "Debian"
+
+  - name: Install the pflogsumm script
+    ansible.builtin.template:
+      src: pflogsumm_report.sh.j2
+      dest: /usr/local/sbin/pflogsumm_report
+      owner: root
+      group: root
+      mode: 0750
+
+  - name: Install the pflogsumm cron job
+    ansible.builtin.cron:
+      name: pflogsumm report
+      user: root
+      job: /usr/local/sbin/pflogsumm_report
+      special_time: daily
+      cron_file: pflogsumm_report
+      state: present
+
+  - name: Create the pflogsumm report directory
+    ansible.builtin.file:
+      dest: '{{ postfix_pflogsumm_dir }}'
+      state: directory
+      owner: root
+      group: root
+      mode: 0750
+    when: not postfix_pflogsumm_mail_report
+
+  - name: Install the logrotate configuration for pflogsumm
+    ansible.builtin.template:
+      src: pflogsumm_logrotate.j2
+      dest: /etc/logrotate.d/pflogsumm
+      owner: root
+      group: root
+      mode: 0644
+    when: not postfix_pflogsumm_mail_report
+
+  when: postfix_pflogsumm_reports
+  tags: [ 'postfix', 'postfix_pflogsumm' ]
+
+- name: Remove the pflogsum configuration
+  block:
+  - name: Remove the pflogsum cron job
+    ansible.builtin.cron:
+      name: pflogsumm report
+      user: root
+      job: /usr/local/sbin/pflogsumm_report
+      special_time: daily
+      cron_file: pflogsumm_report
+      state: present
+
+  - name: Create the pflogsumm report directory
+    ansible.builtin.file:
+      dest: '{{ postfix_pflogsumm_dir }}'
+      state: absent
+  
+  - name: Install the logrotate configuration for pflogsumm
+    ansible.builtin.file:
+      dest: /etc/logrotate.d/pflogsumm
+      state: absent
+
+  when: not postfix_pflogsumm_reports
+  tags: [ 'postfix', 'postfix_pflogsumm' ]
--- a/templates/pflogsumm_logrotate.j2
+++ b/templates/pflogsumm_logrotate.j2
@ -0,0 +1,8 @@
+{{ postfix_pflogsumm_logfile }} {
+  copytruncate
+  daily
+  rotate {{ postfix_pflogsumm_reports_days }}
+  nocompress
+  missingok
+  create 640 root root
+}
--- a/templates/pflogsumm_report.sh.j2
+++ b/templates/pflogsumm_report.sh.j2
@ -0,0 +1,11 @@
+#!/bin/bash
+{% if postfix_pflogsumm_mail_report %}
+MAILTO={{ postfix_pflogsumm_mail_report_address }}
+{% else %}
+MAILTO=
+{% endif %}
+
+pflogsumm {{ postfix_pflogsumm_options }} {{ postfix_logfile }}{% if not postfix_pflogsumm_mail_report %} >> {{ postfix_pflogsumm_logfile }}{% endif %}
+
+exit $?
+