add postgrey to orion

fd053069 · Phillip Smith (fukawi2) · 1b395275 · fd053069 · fd053069 · fd053069
Commit fd053069 authored Nov 04, 2019 by Phillip Smith (fukawi2)
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -15,6 +15,7 @@
    - { role: opendkim, dkim_selector: orion, tags: ['mail'] }
    - { role: dovecot, tags: ['mail', "dovecot"] }
    - { role: spampd, tags: ["mail", "spampd"] }
+    - { role: postgrey, tags: ["mail", "postgrey"] }
    - { role: unbound, tags: ["mail", "unbound"] }
    - { role: postfwd, tags: ['mail', "postfwd"] }
    - { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }

--- a/roles/postgrey/defaults/main.yml
+++ b/roles/postgrey/defaults/main.yml
+# greylist for N seconds
+postgrey_delay: 120
+
+#delete entries older than N days since the last time that they have been seen
+postgrey_max_age: 35
+
+# allow only N days for the first retrial
+# append 'h' if you want to specify it in hours
+postgrey_retry_window: 24h
--- a/roles/postgrey/handlers/main.yml
+++ b/roles/postgrey/handlers/main.yml
+- name: restart postgrey
+  systemd:
+    unit: postgrey.service
+    enabled: yes
+    state: restarted
+    daemon_reload: yes
+
--- a/roles/postgrey/tasks/main.yml
+++ b/roles/postgrey/tasks/main.yml
+- name: install packages
+  package:
+    name: "postgrey"
+    state: "present"
+
+- name: install local whitelist template
+  template:
+    src: "whitelist_clients.local.j2"
+    dest: "/etc/postfix/postgrey_whitelist_clients.local"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - restart postgrey
+
+- name: create service unit override path
+  file:
+    path: "/etc/systemd/system/postgrey.service.d/"
+    state: "directory"
+    owner: "root"
+    group: "root"
+    mode: 755
+
+- name: install service unit override file
+  template:
+    src: "service-override.j2"
+    dest: "/etc/systemd/system/postgrey.service.d/override.conf"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - restart postgrey
--- a/roles/postgrey/templates/service-override.j2
+++ b/roles/postgrey/templates/service-override.j2
+#
+# {{ansible_managed}}
+#
+
+[Service]
+ExecStart=
+ExecStart=/usr/bin/postgrey --inet=127.0.0.1:10030 \
+          --pidfile=/run/postgrey/postgrey.pid \
+          --group=postgrey --user=postgrey \
+          --daemonize \
+          --delay={{postgrey_delay}} \
+          --max-age={{postgrey_max_age}} \
+          --retry-window={{postgrey_retry_window}} \
+          --greylist-text="Greylisted for %%s seconds"
--- a/roles/postgrey/templates/whitelist_clients.local.j2
+++ b/roles/postgrey/templates/whitelist_clients.local.j2
+#
+# {{ansible_managed}}
+#