ansible/roles/rspamd/defaults/main.yaml

rspamd_enabled: true
rspamd_short_name: "rspamd"
rspamd_default_values:
  replicaCount: 1
  persistence:
    enabled: false
    existingClaim: mailboxes
  redis:
    enabled: true
    architecture: standalone
  rspamd:
    local.d:
      redis.conf: |
        servers = "rspamd-redis-master";
      worker-proxy.inc: |
        bind_socket = "0.0.0.0:11332";
      worker-normal.inc: |
        bind_socket = "0.0.0.0:11333";
      worker-controller.inc: |
        bind_socket = "0.0.0.0:11334";
      worker-fuzzy.inc: |
        bind_socket = "0.0.0.0:11335";
      logging.inc: |
        type = "console";
      spf.conf: |
        spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records
        spf_cache_expire = 1d; # default max expire for an element in this cache
        max_dns_nesting = 10; # maximum number of recursive DNS subrequests
        max_dns_requests = 30; # maximum count of DNS requests per record
        min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records
      dkim_signing.conf: |
        enabled = true;
        # If `true` get pubkey from DNS record and check if it matches private key
        check_pubkey = true;
        # Set to `false` if you want to skip signing if public and private keys mismatch
        allow_pubkey_mismatch = true;
        # Domain specific settings
        domain {
          # Domain name is used as key
          "{{ mail_domain | default(domain) }}" {
            # Private key path
            path = "/var/lib/rspamd/dkim/default.key";
            # Selector
            selector = "default";
          }
        }
      arc.conf: |
        domain {
          # Domain name is used as key
          "{{ mail_domain | default(domain) }}" {
            # Private key path
            path = "/var/lib/rspamd/dkim/default.key";
            # Selector
            selector = "default";
          }
        }
      dmarc.conf: |
        # Enables storing reporting information to redis
        reporting = true;
        # If Redis server is not configured below, settings from redis {} will be used
        #servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)
        servers = "rspamd-redis-master";
        # Alternatively set read_servers / write_servers to split reads and writes
        # To set custom prefix for redis keys:
        #key_prefix = "dmarc_";
        # Actions to enforce based on DMARC disposition (empty by default)
        actions = {
          quarantine = "add_header";
          reject = "reject";
        }
        # Ignore "pct" setting for some domains
        # no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";
    dkim-keys:
      default: |
        {{ dkim_private_key_base64 | b64decode }}
update mail - migrate from opendkim and opendmarc to rspamd 2021-01-17 00:18:43 +00:00			`rspamd_enabled: true`
add short names add publish conditions for services use official gitea helm chart 2021-01-25 18:04:57 +00:00			`rspamd_short_name: "rspamd"`
GHP publish 2021-01-09 17:54:42 +00:00			`rspamd_default_values:`
			`replicaCount: 1`
			`persistence:`
			`enabled: false`
			`existingClaim: mailboxes`
update mail - migrate from opendkim and opendmarc to rspamd 2021-01-17 00:18:43 +00:00			`redis:`
			`enabled: true`
update mail services 2022-12-24 21:46:42 +00:00			`architecture: standalone`
GHP publish 2021-01-09 17:54:42 +00:00			`rspamd:`
update mail - migrate from opendkim and opendmarc to rspamd 2021-01-17 00:18:43 +00:00			`local.d:`
			`redis.conf: \|`
			`servers = "rspamd-redis-master";`
			`worker-proxy.inc: \|`
			`bind_socket = "0.0.0.0:11332";`
			`worker-normal.inc: \|`
			`bind_socket = "0.0.0.0:11333";`
			`worker-controller.inc: \|`
			`bind_socket = "0.0.0.0:11334";`
			`worker-fuzzy.inc: \|`
			`bind_socket = "0.0.0.0:11335";`
			`logging.inc: \|`
			`type = "console";`
			`spf.conf: \|`
			`spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records`
			`spf_cache_expire = 1d; # default max expire for an element in this cache`
			`max_dns_nesting = 10; # maximum number of recursive DNS subrequests`
			`max_dns_requests = 30; # maximum count of DNS requests per record`
			`min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records`
			`dkim_signing.conf: \|`
			`enabled = true;`
			# If `true` get pubkey from DNS record and check if it matches private key
			`check_pubkey = true;`
			# Set to `false` if you want to skip signing if public and private keys mismatch
			`allow_pubkey_mismatch = true;`
			`# Domain specific settings`
			`domain {`
			`# Domain name is used as key`
			`"{{ mail_domain \| default(domain) }}" {`
			`# Private key path`
			`path = "/var/lib/rspamd/dkim/default.key";`
			`# Selector`
			`selector = "default";`
			`}`
			`}`
			`arc.conf: \|`
			`domain {`
			`# Domain name is used as key`
			`"{{ mail_domain \| default(domain) }}" {`
			`# Private key path`
			`path = "/var/lib/rspamd/dkim/default.key";`
			`# Selector`
			`selector = "default";`
			`}`
			`}`
			`dmarc.conf: \|`
			`# Enables storing reporting information to redis`
			`reporting = true;`
			`# If Redis server is not configured below, settings from redis {} will be used`
			`#servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)`
			`servers = "rspamd-redis-master";`
			`# Alternatively set read_servers / write_servers to split reads and writes`
			`# To set custom prefix for redis keys:`
			`#key_prefix = "dmarc_";`
			`# Actions to enforce based on DMARC disposition (empty by default)`
			`actions = {`
			`quarantine = "add_header";`
			`reject = "reject";`
			`}`
			`# Ignore "pct" setting for some domains`
			`# no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";`
			`dkim-keys:`
			`default: \|`
			`{{ dkim_private_key_base64 \| b64decode }}`