ansible/roles/rspamd/defaults/main.yaml

79 lines
2.7 KiB
YAML
Raw Normal View History

rspamd_enabled: true
rspamd_short_name: "rspamd"
2021-01-09 17:54:42 +00:00
rspamd_default_values:
replicaCount: 1
persistence:
enabled: false
existingClaim: mailboxes
redis:
enabled: true
usePassword: false
password: ""
cluster:
enabled: false
2021-01-09 17:54:42 +00:00
rspamd:
local.d:
redis.conf: |
servers = "rspamd-redis-master";
worker-proxy.inc: |
bind_socket = "0.0.0.0:11332";
worker-normal.inc: |
bind_socket = "0.0.0.0:11333";
worker-controller.inc: |
bind_socket = "0.0.0.0:11334";
worker-fuzzy.inc: |
bind_socket = "0.0.0.0:11335";
logging.inc: |
type = "console";
spf.conf: |
spf_cache_size = 1k; # cache up to 1000 of the most recent SPF records
spf_cache_expire = 1d; # default max expire for an element in this cache
max_dns_nesting = 10; # maximum number of recursive DNS subrequests
max_dns_requests = 30; # maximum count of DNS requests per record
min_cache_ttl = 5m; # minimum TTL enforced for all elements in SPF records
dkim_signing.conf: |
enabled = true;
# If `true` get pubkey from DNS record and check if it matches private key
check_pubkey = true;
# Set to `false` if you want to skip signing if public and private keys mismatch
allow_pubkey_mismatch = true;
# Domain specific settings
domain {
# Domain name is used as key
"{{ mail_domain | default(domain) }}" {
# Private key path
path = "/var/lib/rspamd/dkim/default.key";
# Selector
selector = "default";
}
}
arc.conf: |
domain {
# Domain name is used as key
"{{ mail_domain | default(domain) }}" {
# Private key path
path = "/var/lib/rspamd/dkim/default.key";
# Selector
selector = "default";
}
}
dmarc.conf: |
# Enables storing reporting information to redis
reporting = true;
# If Redis server is not configured below, settings from redis {} will be used
#servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)
servers = "rspamd-redis-master";
# Alternatively set read_servers / write_servers to split reads and writes
# To set custom prefix for redis keys:
#key_prefix = "dmarc_";
# Actions to enforce based on DMARC disposition (empty by default)
actions = {
quarantine = "add_header";
reject = "reject";
}
# Ignore "pct" setting for some domains
# no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";
dkim-keys:
default: |
{{ dkim_private_key_base64 | b64decode }}