---
spamassassin_install: True
spamassassin_spamd_enabled: True
spamassassin_sql_backend: False
spamassassin_required_hits: 5
spamassassin_report_safe: '0'
spamassassin_rewrite_subject: "[SPAM]"
spamassassin_disable_soughtrules: True
spamassassin_rules_version: '3.004000'

spamassassin_listen_ip: '127.0.0.1'
spamassassin_authorized_ip_addresses: '127.0.0.1'
spamassassin_spamd_port: 783
spamassassin_conf_dir: '{{ spamassassin_home }}'
spamassassin_sysconfig_file: '/etc/sysconfig/spamassassin'
# Only postgresql support for the time being
spamassassin_db_user_config: True
spamassassin_spamd_sql_opts: '-q -x -u {{ spamassassin_user }} -g {{ spamassassin_group }}'
spamassassin_db_name: 'spamassassin'
spamassassin_db_user: 'spamassassin_u'
# spamassassin_db_pwd: 'use a vault file'
spamassassin_db_host: 'localhost'
spamassassin_db_external_host: '{{ spamassassin_db_host }}'
spamassassin_db_port: 5432
spamassassin_db_sql_file: 'spamassassin-pg-3.4.sql'
spamassassin_db_allowed_hosts:
  - '127.0.0.1'
  - '{{ ansible_fqdn }}'

spamassassin_enable_pyzor: True
# in seconds
spamassassin_pyzor_timeout: '60'
spamassassin_use_bayes: False
spamassassin_bayes_sql_db: '{{ spamassassin_db_user_config }}'
spamassassin_use_bayes_autolearn: '0'
spamassassin_use_bayes_auto_expire: '1'
spamassassin_bayes_ignored_headers:
  - 'X-Bogosity'
  - 'X-Spam-Flag'
  - 'X-Spam-Status'
spamassassin_auto_whitelist: False
spamassassin_auto_whitelist_sql_db: '{{ spamassassin_db_user_config }}'
spamassassin_disable_rbls: False
spamassassin_disabled_rbls_list: []
#  - bldomain
#  - sorbs.net
spamassassin_normalize_charset: '0'
# The following do not appear anywhere in the spamassassin code.
# Commented in local.cf for the time being
spamassassin_text_body_scan_size: '50000'
spamassassin_body_part_scan_size: '500000'
#
spamassassin_shortcircuit_plugin: False
spamassassin_shortcircuit_rules:
  - { key: 'USER_IN_WHITELIST', value: 'on' }
  - { key: 'USER_IN_DEF_WHITELIST', value: 'on' }
  - { key: 'USER_IN_ALL_SPAM_TO', value: 'on' }
  - { key: 'SUBJECT_IN_WHITELIST', value: 'on' }
  - { key: 'USER_IN_BLACKLIST', value: 'on' }
  - { key: 'USER_IN_BLACKLIST_TO', value: 'on' }
  - { key: 'SUBJECT_IN_BLACKLIST', value: 'on' }
  - { key: 'ALL_TRUSTED', value: 'on' }

spamassassin_shortcircuit_bayes_rules:
  - { key: 'BAYES_99', value: 'spam' }
  - { key: 'BAYES_00', value: 'ham' }

# See https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
spamassassin_local_rules: []
#  - "score DKIM_VALID 0.001"
#  - "score DKIM_INVALID 2"
#  - "score PYZOR_CHECK 0 2.985 0 2.392 # n=0 n=2"
#  - "score RCVD_IN_DNSWL_HI          1.0"
#  - "score RCVD_IN_DNSWL_LOW         0.1       # default -1"
#  - "score RCVD_IN_DNSWL_MED         0.5       # default -4"
#  - "score SPF_FAIL 0 1.919 0 1.001 # n=0 n=2"
#  - "score SPF_HELO_FAIL 0 1.001 0 1.001 # n=0 n=2"
#  - "whitelist_from  foo@example.org *@example.net"
#  - "whitelist_to    foo@example.com"
#  - "blacklist_from  foo@example.org *@example.net"
#  - "blacklist_to    foo@example.com"
### Some rules are multiline
#  - "full     blacklist_bar      /bar\\@example.net/"
#  - "describe blacklist_bar      blacklist bar@example.net/"
#  - "score    blacklist_bar      6.5"
#  - "header   __f1           Return-path =~ /pop(store)?\\.(foo|bar)\\.example\\.org/"
#  - "header   __f2           From =~ /(([0-9]+)|pop(store)?)\\.(foo|bar)\\.example\\.org/"
#  - "header   __f3           Return-path =~ /([0-9]+)\\@example.org/"
#  - "header   __f4           exists:List-Id"
#  - "meta     unallow        USER_IN_WHITELIST && (__f1||__f2||__f3||__f4||cnuce||SUBJECT_FUZZY_MEDS||diplomas_future)"
#  - "describe unallow        Remove almost all whitelist advantage"
#  - "priority unallow        10"
#  - "score    unallow        98"
#  - "header   __more_bar     ToCc =~ /(?<!me)\\@example\\.net/i"
#  - "header   __more_mine       ToCc =~ /me\\@example\\.net/i"
#  - "header   __more_list_owner     List-Owner =~ /.+/"
#  - "meta     more_mine             __more_bar && !__more_min && !__more_list_owner"
#  - "describe more_mine             To someone different than me"
#  - "score    more_mine             0.5"

spamassassin_spamd_ssl_enabled: True
spamassassin_spamd_ssl_opts: '--ssl --server-key {{ spamassassin_home }}/client-key.pem --server-cert {{ spamassassin_home }}/client-cert.pem'

# https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVPlugin
# https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores
spamassassin_clamav_old_plugin: False
spamassassin_clamav_multiple_scores: False
spamassassin_clamav_plugin_score: '4'
spamassassin_clamav_ms_heuristics_score: '3.0'

# https://github.com/bigio/spamassassin-clamav
spamassassin_clamav_github_plugin: False
spamassassin_clamav_github_plugin_url: 'https://raw.githubusercontent.com/bigio/spamassassin-clamav/master/clamav.pm'

# https://github.com/bigio/spamassassin-vba-macro
spamassassin_ole2macro_github_plugin: True
spamassassin_ole2macro_github_plugin_score: '3'

# https://github.com/bigio/spamassassin-dmarc
spamassassin_dmarc_github_plugin: True
spamassassin_dmarc_github_reject_score: '0.3'
spamassassin_dmarc_github_qar_score: '0.2'
spamassassin_dmarc_github_dmarc_none_score: '0.1'
spamassassin_dmarc_github_dmarc_missing_score: '0.0'
spamassassin_dmarc_github_dmarc_pass_score: '-0.1'

psql_db_data:
  - { name: '{{ spamassassin_db_name }}', encoding: 'UTF8', user: '{{ spamassassin_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ spamassassin_db_pwd }}', managedb: True, allowed_hosts: '{{ spamassassin_db_allowed_hosts }}', extensions: [ '' ], schema_file: '/srv/spamassassin.sql' }

## Spamassassin milter settings
spamassassin_milter_install: False
spamassassin_milter_set_pref_dom_and_user: False
spamassassin_milter_pref_default_domain: 'localhost'
spamassassin_milter_pref_default_user: 'root'
spamassassin_milter_reject_code: '5.7.1'
spamassassin_milter_reject_message: 'Blocked by SpamAssassin'
spamassassin_milter_connect_to_external_spamd: False
# separate with a comma if more than one
spamassassin_milter_external_spamd_hosts: '127.0.0.1'
spamassassin_milter_external_round_robin_hosts: True
spamassassin_milter_external_spamd_port: '{{ spamassassin_spamd_port }}'
spamassassin_milter_exclude_whitelisted_networks: False
# Separate with commas
spamassassin_milter_whitelisted_networks: '127.0.0.1/8'
spamassassin_milter_reject_limit: 15
spamassassin_milter_change_headers: True
spamassassin_milter_ssl_enabled: '{{ spamassassin_spamd_ssl_enabled }}'
# In bytes
spamassassin_milter_spamc_max_msg_size: '512000'
spamassassin_milter_enable_compression: False