Add support for rules inside `local.cf`.

2020-07-23 12:55:32 +02:00 · 2020-07-23 12:55:32 +02:00 · 9e90b603c3
parent 1bb9945598
commit 9e90b603c3
3 changed files with 64 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -1,14 +1,38 @@
-# ansible-role-spamassassin
+Role Name
+=========
+
+ansible-role-spamassassin

 Installs and configures spamassassin, <https://spamassassin.apache.org>

-* We actually support PostgreSQL as remote backend
-* The sql present in the `files` directory is valid on spamassassin 3.4
+* Currently supports PostgreSQL as remote backend
+* The sql present in the `files` directory is valid for spamassassin 3.4

-## TODO
+TODO
+----

 * Clean the txrep stale data regulary, running the following query (PostgreSQL)

 ``` sql
 DELETE FROM txrep WHERE last_hit <= (now() - INTERVAL '120 day');
 ```
+
+Role Variables
+--------------
+
+There are a lot of them, see the `defaults/main.yml` file
+
+Dependencies
+------------
+
+None
+
+License
+-------
+
+EUPL-1.2
+
+Author Information
+------------------
+
+Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -79,6 +79,38 @@ spamassassin_shortcircuit_bayes_rules:
  - { key: 'BAYES_99', value: 'spam' }
  - { key: 'BAYES_00', value: 'ham' }

+spamassassin_local_rules: []
+#  - "score DKIM_VALID 0"
+#  - "score DKIM_INVALID 2"
+#  - "score PYZOR_CHECK 0 2.985 0 2.392 # n=0 n=2"
+#  - "score RCVD_IN_DNSWL_HI          1.0"
+#  - "score RCVD_IN_DNSWL_LOW         0       # default -1"
+#  - "score RCVD_IN_DNSWL_MED         0       # default -4"
+#  - "score SPF_FAIL 0 1.919 0 1.001 # n=0 n=2"
+#  - "score SPF_HELO_FAIL 0 1.001 0 1.001 # n=0 n=2"
+#  - "whitelist_from  foo@example.org *@example.net"
+#  - "whitelist_to    foo@example.com"
+#  - "blacklist_from  foo@example.org *@example.net"
+#  - "blacklist_to    foo@example.com"
+### Some rules are multiline
+#  - "full     blacklist_bar      /bar\@example.net/"
+#  - "describe blacklist_bar      blacklist bar@example.net/"
+#  - "score    blacklist_bar      6.5"
+#  - "header   __f1           Return-path =~ /pop(store)?\.(foo|bar)\.example\.org/"
+#  - "header   __f2           From =~ /(([0-9]+)|pop(store)?)\.(foo|bar)\.example\.org/"
+#  - "header   __f3           Return-path =~ /([0-9]+)\@example.org/"
+#  - "header   __f4           exists:List-Id"
+#  - "meta     unallow        USER_IN_WHITELIST && (__f1||__f2||__f3||__f4||cnuce||SUBJECT_FUZZY_MEDS||diplomas_future)"
+#  - "describe unallow        Remove almost all whitelist advantage"
+#  - "priority unallow        10"
+#  - "score    unallow        98"
+#  - "header   __more_bar     ToCc =~ /(?<!me)\@example\.net/i"
+#  - "header   __more_mine       ToCc =~ /me\@example\.net/i"
+#  - "header   __more_list_owner     List-Owner =~ /.+/"
+#  - "meta     more_mine             __more_bar && !__more_min && !__more_list_owner"
+#  - "describe more_mine             To someone different than me"
+#  - "score    more_mine             0.5"
+
 spamassassin_spamd_ssl_enabled: True
 spamassassin_spamd_ssl_opts: '--ssl --server-key {{ spamassassin_home }}/client-key.pem --server-cert {{ spamassassin_home }}/client-cert.pem'

--- a/templates/spamassassin-local.cf.j2
+++ b/templates/spamassassin-local.cf.j2
@ -60,3 +60,7 @@ shortcircuit {{ rule.key }}     {{ rule.value }}
 {% endfor %}
 {% endif %}
 {% endif %}
+
+{% for rule in spamassassin_local_rules %}
+{{ rule }}
+{% endfor %}