--- - name: Create the spamassassin user and install the Spamassassin packages on RH based systems block: - name: Create the spamassassin user user: name={{ spamassassin_user }} home={{ spamassassin_home }} comment="Spamassassin Service Account" createhome=no shell=/usr/sbin/nologin system=yes - name: spamassassin packages, RH/CentOS yum: pkg={{ spamassassin_rh_packages }} state=present - name: spamassassin perl DB* packages, RH/CentOS yum: pkg={{ spamassassin_sql_rh_packages }} state=present when: spamassassin_db_user_config | bool - name: Perl modules, from CPAN cpanm: name: '{{ item }}' installdeps: True system_lib: False with_items: '{{ spamassassin_rh_perl_packages }}' - name: Set some SELinux booleans related to spamassassin seboolean: name={{ item }} state=yes persistent=yes with_items: - 'spamassassin_can_network' - 'spamd_update_can_network' when: ansible_distribution_file_variety == "RedHat" tags: [ 'spamassassin', 'spamassassin_packages' ] - name: Disable the sought rules block: - name: Remove the soughtrules configuration and database files file: dest={{ item }} state=absent with_items: - '{{ spamassassin_conf_dir }}/channel.d/sought.conf' - '/var/lib/spamassassin/{{ spamassassin_rules_version }}/sought_rules_yerp_org.cf' - '/var/lib/spamassassin/{{ spamassassin_rules_version }}/sought_rules_yerp_org' notify: Restart spamassassin when: spamassassin_disable_soughtrules tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_sought' ] - name: Install pyzor from pip block: - name: Install the pyzor pip packages pip: name={{ spamassassin_pyzor_pip_packages }} state=present notify: Restart spamassassin - name: Create the pyzor home file: dest={{ spamassassin_conf_dir }}/pyzor state=directory owner={{ spamassassin_user }} mode=0750 - name: Install the pyzor configuration template: src=pyzor-config.j2 dest={{ spamassassin_conf_dir }}/pyzor/config owner=root group={{ spamassassin_user }} mode=0440 notify: Restart spamassassin when: spamassassin_enable_pyzor tags: [ 'spamassassin', 'pyzor', 'spamassassin_conf' ] - name: Clamav plugin from the spamassassin site block: - name: Install the Clamav plugin code template: src=clamav-plugin.pm.j2 dest={{ spamassassin_conf_dir }}/clamav.pm owner=root group=root mode='0644' notify: Restart spamassassin - name: Install the Clamav plugin configuration. Single score template: src=clamav-plugin-conf.cf.j2 dest={{ spamassassin_conf_dir }}/clamav.cf owner=root group=root mode='0644' notify: Restart spamassassin when: not spamassassin_clamav_multiple_scores - name: Install the Clamav plugin configuration. Multiple scores template: src=clamav-plugin-multiple-scores-conf.cf.j2 dest={{ spamassassin_conf_dir }}/clamav.cf owner=root group=root mode='0644' notify: Restart spamassassin when: spamassassin_clamav_multiple_scores when: - spamassassin_clamav_old_plugin - not spamassassin_clamav_github_plugin tags: [ 'spamassassin', 'clamav', 'spamassassin_conf', 'clamav_spamassassin' ] - name: Clamav plugin, from github block: - name: Get the clamav plugin code from github get_url: url={{ spamassassin_clamav_github_plugin_url }} dest={{ spamassassin_conf_dir }}/clamav.pm owner=root group=root mode='0644' notify: Restart spamassassin - name: Install the Clamav github plugin configuration template: src=clamav-github-plugin-conf.cf.j2 dest={{ spamassassin_conf_dir }}/clamav.cf owner=root group=root mode='0644' notify: Restart spamassassin when: - not spamassassin_clamav_old_plugin - spamassassin_clamav_github_plugin tags: [ 'spamassassin', 'clamav', 'spamassassin_conf', 'clamav_spamassassin' ] - name: Remove the clamav plugin block: - name: Remove the clamav plugin files file: dest={{ spamassassin_conf_dir }}/{{ item }} state=absent with_items: - 'clamav.cf' - 'clamav.pm' notify: Restart spamassassin when: - not spamassassin_clamav_old_plugin - not spamassassin_clamav_github_plugin tags: [ 'spamassassin', 'clamav', 'spamassassin_conf', 'clamav_spamassassin' ] - name: OLE2macro plugin, from github block: - name: Get the OLE2macro plugin code from github get_url: url={{ spamassassin_ole2macro_github_plugin_url }} dest={{ spamassassin_conf_dir }}/ole2macro.pm owner=root group=root mode='0644' notify: Restart spamassassin - name: Install the OLE2macro plugin configuration template: src=ole2macro.cf.j2 dest={{ spamassassin_conf_dir }}/ole2macro.cf owner=root group=root mode='0644' notify: Restart spamassassin - name: ole2 required packages, EL yum: pkg={{ spamassassin_ole2_perl_packages }} state=present when: ansible_distribution_file_variety == "RedHat" when: spamassassin_ole2macro_github_plugin tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_ole2macro' ] - name: Remove the ole2macro plugin block: - name: Remove the ole2macro plugin files file: dest={{ spamassassin_conf_dir }}/{{ item }} state=absent with_items: - 'ole2macro.cf' - 'ole2macro.pm' notify: Restart spamassassin when: not spamassassin_ole2macro_github_plugin tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_ole2macro' ] - name: dmarc plugin, from github block: - name: dmarc required packages, EL yum: pkg={{ spamassassin_dmarc_perl_requirements }} state=present when: ansible_distribution_file_variety == "RedHat" - name: dmarc perl module, from CPAN cpanm: name: '{{ item }}' installdeps: True system_lib: False with_items: '{{ spamassassin_dmarc_perl_packages }}' - name: Get the dmarc plugin code from github get_url: url={{ spamassassin_dmarc_github_plugin_url }} dest={{ spamassassin_conf_dir }}/dmarc.pm owner=root group=root mode='0644' notify: Restart spamassassin - name: Install the dmarc plugin configuration template: src=dmarc.cf.j2 dest={{ spamassassin_conf_dir }}/dmarc.cf owner=root group=root mode='0644' notify: Restart spamassassin when: spamassassin_dmarc_github_plugin tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_dmarc' ] - name: Remove the ole2macro plugin block: - name: Remove the clamav plugin files file: dest={{ spamassassin_conf_dir }}/{{ item }} state=absent with_items: - 'dmarc.cf' - 'dmarc.pm' notify: Restart spamassassin when: not spamassassin_dmarc_github_plugin tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_dmarc' ] - name: Manage the letsencrypt configuration block: - name: Check if the letsencrypt certificates are in place stat: path={{ letsencrypt_acme_certs_dir }}/privkey register: letsencrypt_keyfile - name: Copy the letsencrypt certificate key into the right place copy: src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ spamassassin_home }}/client-key.pem owner={{ spamassassin_user }} group={{ spamassassin_group }} mode=0400 remote_src=yes force=yes when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool notify: Restart spamassassin - name: Copy the letsencrypt public certificate into the right place copy: src={{ letsencrypt_acme_certs_dir }}/fullchain dest={{ spamassassin_home }}/client-cert.pem owner={{ spamassassin_user }} group={{ spamassassin_group }} mode=0444 remote_src=yes force=yes when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool notify: Restart spamassassin - name: Create the acme hooks directory if it does not yet exist file: dest={{ letsencrypt_acme_sh_services_scripts_dir }} state=directory owner=root group=root - name: Install a script that fix the letsencrypt certificate for mysql and then reload the service template: src=letsencrypt-spamassassin-hook.sh.j2 dest={{ letsencrypt_acme_sh_services_scripts_dir }}/spamassassin owner=root group=root mode=4555 when: - letsencrypt_acme_install is defined and letsencrypt_acme_install - spamassassin_spamd_ssl_enabled | bool tags: [ 'spamassassin', 'letsencrypt', 'spamassassin_letsencrypt' ] - name: Install the Spamassassin base configuration block: - name: spamassassin local config template: src=spamassassin-local.cf.j2 dest={{ spamassassin_conf_dir }}/local.cf owner=root group={{ spamassassin_group }} mode=0440 notify: Reload spamassassin - name: spamassassin spamd defaults template: src=spamassassin_sysconfig.j2 dest=/etc/sysconfig/spamassassin owner=root group=root mode=0444 notify: Reload spamassassin tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_local_conf' ] - name: Install the Spamassassin DB configuration block: - name: spamassassin db config template: src=spamassassin-db.cf.j2 dest={{ spamassassin_conf_dir }}/db.cf owner=root group={{ spamassassin_group }} mode=0440 notify: Reload spamassassin when: spamassassin_db_user_config | bool tags: [ 'spamassassin', 'spamassassin_conf' ] - name: Install the Spamassassin DB configuration block: - name: Copy the spamassassin postgresql sql schema files copy: src={{ spamassassin_db_sql_file }} dest={{ item.schema_file }} force=no with_items: '{{ psql_db_data }}' register: pdns_schema when: item.schema_file is defined - name: Install the spamassassin schema file postgresql_db: name={{ item.name }} login_host='localhost' login_user={{ item.user }} login_password={{ item.pwd }} state=restore target={{ item.schema_file }} port={{ psql_db_port }} with_items: '{{ psql_db_data }}' when: - pdns_schema is changed - item.schema_file is defined delegate_to: '{{ spamassassin_db_external_host }}' run_once: True when: spamassassin_db_user_config | bool tags: [ 'spamassassin', 'spamassassin_conf' ] - name: Manage the spamassassin service block: - name: Ensure that the spamassassin service is started and enabled service: name=spamassassin state=started enabled=yes when: spamassassin_install | bool tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_service' ]