From a4865cd41eb1822217f4e090c9b8039ac8ffc3ef Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Sat, 4 Dec 2021 18:20:15 +0100
Subject: [PATCH] Introduce pflogsumm.

---
 defaults/main.yml                |  9 ++++
 tasks/main.yml                   |  1 +
 tasks/postfix_firewalld.yml      |  1 +
 tasks/postfix_pflogsumm.yml      | 74 ++++++++++++++++++++++++++++++++
 templates/pflogsumm_logrotate.j2 |  8 ++++
 templates/pflogsumm_report.sh.j2 | 11 +++++
 6 files changed, 104 insertions(+)
 create mode 100644 tasks/postfix_pflogsumm.yml
 create mode 100644 templates/pflogsumm_logrotate.j2
 create mode 100644 templates/pflogsumm_report.sh.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 72e1339..69ec146 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,10 +7,12 @@ postfix_relay_rh_pkgs:
   - cyrus-sasl-lib
   - cyrus-sasl-plain
   - cyrus-sasl-md5
+  - postfix-perl-scripts
 
 postfix_relay_deb_pkgs:
   - postfix
   - libsasl2-2
+  - pflogsumm
 
 #############################################################################
 # Set them to true when you want configure your machine to send email to a relay
@@ -202,6 +204,13 @@ postfix_default_destination_concurrency_limit: 5
 postfix_behind_haproxy: False
 postfix_postscreen_port: 1024
 
+postfix_pflogsumm_reports: False
+postfix_pflogsumm_mail_report: False
+postfix_pflogsumm_mail_report_address: 'postmaster'
+postfix_pflogsumm_dir: /var/log/smtp_reports
+postfix_pflogsumm_logfile: '{{ postfix_pflogsumm_dir }}/pflogsumm.log'
+postfix_pflogsumm_options: '-d yesterday --problems_first --rej_add_from --verbose_msg_detail -q'
+postfix_pflogsumm_reports_days: 10
 #
 # Nagios monitoring
 #
diff --git a/tasks/main.yml b/tasks/main.yml
index 4bb6b7d..52033f9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 - import_tasks: smtp-common-packages.yml
 - import_tasks: smtp-configuration.yml
+- import_tasks: postfix_pflogsumm.yml
 - import_tasks: postfix_firewalld.yml
   when: ansible_distribution_file_variety == "RedHat"
 - import_tasks: smtp-sasl-auth.yml
diff --git a/tasks/postfix_firewalld.yml b/tasks/postfix_firewalld.yml
index 84d923d..1991c92 100644
--- a/tasks/postfix_firewalld.yml
+++ b/tasks/postfix_firewalld.yml
@@ -5,4 +5,5 @@
       firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
       with_items: '{{ postfix_firewalld_services }}'
 
+  when: firewalld_enabled
   tags: [ 'postfix', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ]
\ No newline at end of file
diff --git a/tasks/postfix_pflogsumm.yml b/tasks/postfix_pflogsumm.yml
new file mode 100644
index 0000000..3d0cd56
--- /dev/null
+++ b/tasks/postfix_pflogsumm.yml
@@ -0,0 +1,74 @@
+---
+- name: Configure pflogsumm
+  block:
+  - name: Set the postfix logfile path in EL distributions
+    set_fact:
+      postfix_logfile: /var/log/maillog
+    when: ansible_distribution_file_variety == "RedHat"
+
+  - name: Set the postfix logfile path in deb distributions
+    set_fact:
+      postfix_logfile: /var/log/mail.log
+    when: ansible_distribution_file_variety == "Debian"
+
+  - name: Install the pflogsumm script
+    ansible.builtin.template:
+      src: pflogsumm_report.sh.j2
+      dest: /usr/local/sbin/pflogsumm_report
+      owner: root
+      group: root
+      mode: 0750
+
+  - name: Install the pflogsumm cron job
+    ansible.builtin.cron:
+      name: pflogsumm report
+      user: root
+      job: /usr/local/sbin/pflogsumm_report
+      special_time: daily
+      cron_file: pflogsumm_report
+      state: present
+
+  - name: Create the pflogsumm report directory
+    ansible.builtin.file:
+      dest: '{{ postfix_pflogsumm_dir }}'
+      state: directory
+      owner: root
+      group: root
+      mode: 0750
+    when: not postfix_pflogsumm_mail_report
+
+  - name: Install the logrotate configuration for pflogsumm
+    ansible.builtin.template:
+      src: pflogsumm_logrotate.j2
+      dest: /etc/logrotate.d/pflogsumm
+      owner: root
+      group: root
+      mode: 0644
+    when: not postfix_pflogsumm_mail_report
+
+  when: postfix_pflogsumm_reports
+  tags: [ 'postfix', 'postfix_pflogsumm' ]
+
+- name: Remove the pflogsum configuration
+  block:
+  - name: Remove the pflogsum cron job
+    ansible.builtin.cron:
+      name: pflogsumm report
+      user: root
+      job: /usr/local/sbin/pflogsumm_report
+      special_time: daily
+      cron_file: pflogsumm_report
+      state: present
+
+  - name: Create the pflogsumm report directory
+    ansible.builtin.file:
+      dest: '{{ postfix_pflogsumm_dir }}'
+      state: absent
+  
+  - name: Install the logrotate configuration for pflogsumm
+    ansible.builtin.file:
+      dest: /etc/logrotate.d/pflogsumm
+      state: absent
+
+  when: not postfix_pflogsumm_reports
+  tags: [ 'postfix', 'postfix_pflogsumm' ]
diff --git a/templates/pflogsumm_logrotate.j2 b/templates/pflogsumm_logrotate.j2
new file mode 100644
index 0000000..57c0c0a
--- /dev/null
+++ b/templates/pflogsumm_logrotate.j2
@@ -0,0 +1,8 @@
+{{ postfix_pflogsumm_logfile }} {
+  copytruncate
+  daily
+  rotate {{ postfix_pflogsumm_reports_days }}
+  nocompress
+  missingok
+  create 640 root root
+}
diff --git a/templates/pflogsumm_report.sh.j2 b/templates/pflogsumm_report.sh.j2
new file mode 100644
index 0000000..73b46da
--- /dev/null
+++ b/templates/pflogsumm_report.sh.j2
@@ -0,0 +1,11 @@
+#!/bin/bash
+{% if postfix_pflogsumm_mail_report %}
+MAILTO={{ postfix_pflogsumm_mail_report_address }}
+{% else %}
+MAILTO=
+{% endif %}
+
+pflogsumm {{ postfix_pflogsumm_options }} {{ postfix_logfile }}{% if not postfix_pflogsumm_mail_report %} >> {{ postfix_pflogsumm_logfile }}{% endif %}
+
+exit $?
+