From f209b37ac4fe5cdd94511e886a787f4aeff79e03 Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:40 +0200 Subject: [PATCH] [roles/server/mail/milter-dmarc] setup dmarc milter --- .../milter-dmarc/files/default/opendmarc.conf | 13 ++++ .../files/default/opendmarc.defaults | 29 +++++++ .../files/default/opendmarc.service | 23 ++++++ .../mail/milter-dmarc/handlers/main.yml | 13 ++++ roles/server/mail/milter-dmarc/tasks/main.yml | 75 +++++++++++++++++++ 5 files changed, 153 insertions(+) create mode 100644 roles/server/mail/milter-dmarc/files/default/opendmarc.conf create mode 100644 roles/server/mail/milter-dmarc/files/default/opendmarc.defaults create mode 100644 roles/server/mail/milter-dmarc/files/default/opendmarc.service create mode 100644 roles/server/mail/milter-dmarc/handlers/main.yml create mode 100644 roles/server/mail/milter-dmarc/tasks/main.yml diff --git a/roles/server/mail/milter-dmarc/files/default/opendmarc.conf b/roles/server/mail/milter-dmarc/files/default/opendmarc.conf new file mode 100644 index 0000000..20a7d85 --- /dev/null +++ b/roles/server/mail/milter-dmarc/files/default/opendmarc.conf @@ -0,0 +1,13 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +Syslog true +Socket local:/run/opendmarc/opendmarc.sock + +FailureReports true +FailureReportsSentBy postmaster@somenet.org diff --git a/roles/server/mail/milter-dmarc/files/default/opendmarc.defaults b/roles/server/mail/milter-dmarc/files/default/opendmarc.defaults new file mode 100644 index 0000000..8b682dd --- /dev/null +++ b/roles/server/mail/milter-dmarc/files/default/opendmarc.defaults @@ -0,0 +1,29 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# Command-line options specified here will override the contents of +# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options. +#DAEMON_OPTS="" +# Change to /var/spool/postfix/var/run/opendmarc to use a Unix socket with +# postfix in a chroot: +#RUNDIR=/var/spool/postfix/var/run/opendmarc +RUNDIR=/run/opendmarc +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendmarc.conf +# default: +SOCKET=local:$RUNDIR/opendmarc.sock +# listen on all interfaces on port 54321: +#SOCKET=inet:54321 +# listen on loopback on port 12345: +#SOCKET=inet:12345@localhost +# listen on 192.0.2.1 on port 12345: +#SOCKET=inet:12345@192.0.2.1 +USER=opendmarc +GROUP=opendmarc +#PIDFILE=$RUNDIR/$NAME.pid +EXTRAAFTER= diff --git a/roles/server/mail/milter-dmarc/files/default/opendmarc.service b/roles/server/mail/milter-dmarc/files/default/opendmarc.service new file mode 100644 index 0000000..9908ade --- /dev/null +++ b/roles/server/mail/milter-dmarc/files/default/opendmarc.service @@ -0,0 +1,23 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +[Unit] +Description=OpenDMARC Milter +Documentation=man:opendmarc(8) man:opendmarc.conf(5) +After=network.target nss-lookup.target + +[Service] +User=opendmarc +UMask=0007 +ExecStart=/usr/sbin/opendmarc -f -p local:/run/opendmarc/opendmarc.sock +ExecReload=/bin/kill -USR1 $MAINPID +Slice=system-postfix.slice +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/server/mail/milter-dmarc/handlers/main.yml b/roles/server/mail/milter-dmarc/handlers/main.yml new file mode 100644 index 0000000..ac6cad2 --- /dev/null +++ b/roles/server/mail/milter-dmarc/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: restart opendmarc.service + systemd: + name: opendmarc.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/server/mail/milter-dmarc/tasks/main.yml b/roles/server/mail/milter-dmarc/tasks/main.yml new file mode 100644 index 0000000..8912703 --- /dev/null +++ b/roles/server/mail/milter-dmarc/tasks/main.yml @@ -0,0 +1,75 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: install opendmarc prereq + apt: + pkg: + - dbconfig-no-thanks + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: install opendmarc + apt: + pkg: + - opendmarc + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: copy opendmarc defaults + copy: + src: "{{item}}" + dest: "/etc/default/opendmarc" + owner: "root" + group: "root" + mode: 0644 + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/opendmarc.defaults" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/opendmarc.defaults" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/opendmarc.defaults" + - "default/opendmarc.defaults" + notify: restart opendmarc.service + + +- name: copy opendmarc config + copy: + src: "{{item}}" + dest: "/etc/opendmarc.conf" + owner: "root" + group: "root" + mode: 0640 + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/opendmarc.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/opendmarc.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/opendmarc.conf" + - "default/opendmarc.conf" + notify: restart opendmarc.service + + +- name: copy opendmarc.service to /etc/systemd/system/ + copy: + src: "{{item}}" + dest: "/etc/systemd/system/opendmarc.service" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/opendmarc.service" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/opendmarc.service" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/opendmarc.service" + - "default/opendmarc.service" + + +- name: enable and start opendmarc.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: opendmarc.service -- 2.43.0