From 9e90b603c3ed4893672eeb85076cca5a19b76dd2 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 23 Jul 2020 12:55:32 +0200
Subject: [PATCH] Add support for rules inside `local.cf`.
---
README.md | 32 ++++++++++++++++++++++++++----
defaults/main.yml | 32 ++++++++++++++++++++++++++++++
templates/spamassassin-local.cf.j2 | 4 ++++
3 files changed, 64 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index f05d3a9..569e504 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,38 @@
-# ansible-role-spamassassin
+Role Name
+=========
+
+ansible-role-spamassassin
Installs and configures spamassassin, <https://spamassassin.apache.org>
-* We actually support PostgreSQL as remote backend
-* The sql present in the `files` directory is valid on spamassassin 3.4
+* Currently supports PostgreSQL as remote backend
+* The sql present in the `files` directory is valid for spamassassin 3.4
-## TODO
+TODO
+----
* Clean the txrep stale data regulary, running the following query (PostgreSQL)
``` sql
DELETE FROM txrep WHERE last_hit <= (now() - INTERVAL '120 day');
```
+
+Role Variables
+--------------
+
+There are a lot of them, see the `defaults/main.yml` file
+
+Dependencies
+------------
+
+None
+
+License
+-------
+
+EUPL-1.2
+
+Author Information
+------------------
+
+Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
index 50e968b..e2c271c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -79,6 +79,38 @@ spamassassin_shortcircuit_bayes_rules:
- { key: 'BAYES_99', value: 'spam' }
- { key: 'BAYES_00', value: 'ham' }
+spamassassin_local_rules: []
+# - "score DKIM_VALID 0"
+# - "score DKIM_INVALID 2"
+# - "score PYZOR_CHECK 0 2.985 0 2.392 # n=0 n=2"
+# - "score RCVD_IN_DNSWL_HI 1.0"
+# - "score RCVD_IN_DNSWL_LOW 0 # default -1"
+# - "score RCVD_IN_DNSWL_MED 0 # default -4"
+# - "score SPF_FAIL 0 1.919 0 1.001 # n=0 n=2"
+# - "score SPF_HELO_FAIL 0 1.001 0 1.001 # n=0 n=2"
+# - "whitelist_from foo@example.org *@example.net"
+# - "whitelist_to foo@example.com"
+# - "blacklist_from foo@example.org *@example.net"
+# - "blacklist_to foo@example.com"
+### Some rules are multiline
+# - "full blacklist_bar /bar\@example.net/"
+# - "describe blacklist_bar blacklist bar@example.net/"
+# - "score blacklist_bar 6.5"
+# - "header __f1 Return-path =~ /pop(store)?\.(foo|bar)\.example\.org/"
+# - "header __f2 From =~ /(([0-9]+)|pop(store)?)\.(foo|bar)\.example\.org/"
+# - "header __f3 Return-path =~ /([0-9]+)\@example.org/"
+# - "header __f4 exists:List-Id"
+# - "meta unallow USER_IN_WHITELIST && (__f1||__f2||__f3||__f4||cnuce||SUBJECT_FUZZY_MEDS||diplomas_future)"
+# - "describe unallow Remove almost all whitelist advantage"
+# - "priority unallow 10"
+# - "score unallow 98"
+# - "header __more_bar ToCc =~ /(?<!me)\@example\.net/i"
+# - "header __more_mine ToCc =~ /me\@example\.net/i"
+# - "header __more_list_owner List-Owner =~ /.+/"
+# - "meta more_mine __more_bar && !__more_min && !__more_list_owner"
+# - "describe more_mine To someone different than me"
+# - "score more_mine 0.5"
+
spamassassin_spamd_ssl_enabled: True
spamassassin_spamd_ssl_opts: '--ssl --server-key {{ spamassassin_home }}/client-key.pem --server-cert {{ spamassassin_home }}/client-cert.pem'
diff --git a/templates/spamassassin-local.cf.j2 b/templates/spamassassin-local.cf.j2
index 8fd6934..388c72b 100644
--- a/templates/spamassassin-local.cf.j2
+++ b/templates/spamassassin-local.cf.j2
@@ -60,3 +60,7 @@ shortcircuit {{ rule.key }} {{ rule.value }}
{% endfor %}
{% endif %}
{% endif %}
+
+{% for rule in spamassassin_local_rules %}
+{{ rule }}
+{% endfor %}
\ No newline at end of file