-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.yml
92 lines (81 loc) · 3.27 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
# Variables used for various applications
mail_domain: example.com
mail_hostname: server1.example.com
# This domain name is used for MX and IMAP
mail_mailname: mail.example.com
mail_mailbox_domains:
- example.com
- example.org
- example.net
mail_ssl:
certificate: /etc/ssl/servercerts/example.com.pem
private_key: /etc/ssl/private/example.com.key
generate_certificate_for_test: true
generate_safe_primes_for_dh: true # https://www.openssl.org/news/secadv/20160128.txt
# Used for ARC-signing as well
mail_dkim_keys:
- { domain: example.com, selector: key1, private_key: /var/lib/rspamd/dkim/example.com.key1.key }
- { domain: example.org, selector: key1, private_key: /var/lib/rspamd/dkim/example.org.key1.key }
- { domain: example.net, selector: key1, private_key: /var/lib/rspamd/dkim/example.net.key1.key }
# Hash can be computated with doveadm.
# I recommend using Blowfish as the hashing schema, the ideal number of rounds depends on your system.
# > doveadm pw -s BLF-CRYPT -r 10
mail_accounts:
- { user: john.doe@example.com, password: "{BLF-CRYPT}$2y$10$6W9VYuRklwLg8y2UoP6YHuK5Q8g7g.LOJdSa7K4CgoVMmARNYMVMK" } # Password: changeme
- { user: jane.doe@example.com, password: "{BLF-CRYPT}$2y$10$wZtIn5uHAsbsMgMmOdBdU.qbRgrQxfeej65G63aUxMaDNEHfb8P2e" } # Password: changeme
- { user: demo, password: "{PLAIN}demo" }
mail_mailboxes:
- { name: john.doe@example.com, path: /srv/mail/john }
- { name: john.doe@example.org, path: /srv/mail/john }
- { name: john.doe@example.net, path: /srv/mail/john }
mail_aliases:
# a self-referencing alias is needed if the mail_transports is used
- { for: gmail@example.com, destination: gmail@example.com }
# normal aliases
- { for: wedding@example.com, destination: family@example.com }
- for: family@example.com
destination:
- john.doe@example.com
- jane.doe@example.com
# Catch-Alls:
- { for: "@example.com", destination: john.doe@example.com }
- { for: "@example.org", destination: john.doe@example.org }
- { for: "@example.net", destination: john.doe@example.net }
mail_recipient_restrictions:
- for: reject@example.com
action: REJECT This address is not supposed to receive mails!
mail_transports:
- for: gmail@example.com
nexthop: smtp:gmail.com
mail_spam:
greylisting_delay: 5min
thresholds: # Requirement: greylist < add_header < reject
greylist: 4
add_header: 6
reject: 15
controller:
# Controller worker is used to manage rspamd stats, to learn rspamd and to serve WebUI.
# https://rspamd.com/doc/workers/controller.html
# If you access the WebUI from localhost, you won't be asked for the password as localhost is a "secure_ip"
# > rspamadm pw
password: $2$c75qgo1b8brudgq7wokg8wxr5qiby84p$ye6ss3ymc4h4u4swk3fhx3ph7jesahqrzw8kkxwhyfb14g4rkfhb # Password: changeme
bind_socket: localhost:11334
allowlist_domain: []
allowlist_email: []
# Used for http://www.postfix.org/postconf.5.html#smtp_bind_address
# If specified, the mail will be send using this IP addresses.
# The PTR-RRs should match mail_mailname.
mail_send_via:
IPv4:
IPv6:
mail_internal_networks:
- 127.0.0.0/8
- "[::1]/128"
# Variables used for postfix
postfix_inet_interfaces: [all]
postfix_inet_protocols: [all]
postfix_mydestination:
- $myhostname
- localhost
- localhost.$mydomain