ansible-roles/roles/pmg/defaults/main.yml

---

pmg_api_ports: [8006]
pmg_api_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"

pmg_smtp_ext_ports:
  - 25
  - 587
  - 465
pmg_smtp_ext_src_ip:
  - 0.0.0.0/0

pmg_smtp_int_ports:
  - 26
pmg_smtp_int_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"

pmg_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
pmg_ldap_servers: "{{ ad_auth | default(False) | ternary(['ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower],ldap_auth | default(False) | ternary([ldap_uri],['ldap://ldap.domain.tld'])) }}"
pmg_ldap_starttls: True
pmg_ldap_search_base: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_auth | ternary(ldap_base,'dc=domain,dc=tld')) }}"
pmg_ldap_filter: "{{ ad_auth | default(False) | ternary('(|(userPrincipalName=%u@' + ad_realm | default(samba_realm) | default(ansible_domain) | lower + ')(sAMAccountName=%u))','(uid=%u)') }}"
# pmg_ldap_bind_dn: 
# pmg_ldap_bind_pass:

pmg_check_dkim: True
pmg_check_dmarc: True
pmg_dmarc_reject: True
pmg_dmarc_report: True
pmg_dmarc_db_server: "{{ mysql_server | default('localhost') }}"
pmg_dmarc_db_name: opendmarc
pmg_dmarc_db_user: opendmarc
# pmg_dmarc_db_pass
pmg_dmarc_report_org: "{{ ansible_domain }}"
pmg_dkim_sign: []
# pmg_dkim_sign:
#   - domain: '*'
#     selector: default
#     priority: 999

# opendkim will resolv names itself,
# bypassing /etc/resolv.conf by default. Set here a list of DNS server
# to use if you want to use specific name servers
pmg_dkim_nameservers: []

# You can give an imap account, and PMG will fetch email and learn as spam/ham
# pmg_bayes_imap_server: imap.domain.net
# Security used. Can be none, starttls or tls
pmg_bayes_imap_security: starttls
# pmg_bayes_imap_user: pmg-sa-learn@domain.tld
# pmg_bayes_imap_pass: XXXX
pmg_bayes_imap_spam: Spam
pmg_bayes_imap_ham: Ham
# If spam/ham are just plain email, set it to false. But if they are attached
# as message/rfc822 (it's the case for example with Zimbra spam / non spam buttons)
# then set it to true. If true, the script will extract the first rfc822 attachment
# and feed it to sa-learn instead of feeding the outer email
pmg_bays_imap_attachment: False

# Should we use the openfish feeds. They should only be used for personal usage
# unless allowed by openphish. See https://openphish.com/feed.txt
pmg_use_openphish: False

pmg_sa_rules_base:
  - name: KAM_MARK
    score: 1.0
  - name: DKIM_INVALID       # Default is 0.1
    score: 1.0
  - name: USER_IN_DEF_SPF_WL # Default is -7.5 !
    score: -1.0
pmg_sa_rules_extra: []
pmg_sa_rules: "{{ pmg_sa_rules_base + pmg_sa_rules_extra }}"
Update to 2020-04-14 5 years ago			`---`

			`pmg_api_ports: [8006]`
			`pmg_api_src_ip: "{{ trusted_ip \| default(['127.0.0.1']) }}"`

			`pmg_smtp_ext_ports:`
			`- 25`
			`- 587`
			`- 465`
			`pmg_smtp_ext_src_ip:`
			`- 0.0.0.0/0`

			`pmg_smtp_int_ports:`
			`- 26`
			`pmg_smtp_int_src_ip: "{{ trusted_ip \| default(['127.0.0.1']) }}"`

			`pmg_ldap_auth: "{{ (ad_auth \| default(False) or ldap_auth \| default(False)) \| ternary(True,False) }}"`
			`pmg_ldap_servers: "{{ ad_auth \| default(False) \| ternary(['ldap://' + ad_realm \| default(samba_realm) \| default(ansible_domain) \| lower],ldap_auth \| default(False) \| ternary([ldap_uri],['ldap://ldap.domain.tld'])) }}"`
			`pmg_ldap_starttls: True`
			`pmg_ldap_search_base: "{{ ad_auth \| default(False) \| ternary((ad_ldap_user_search_base is defined) \| ternary(ad_ldap_user_search_base,'DC=' + ad_realm \| default(samba_realm) \| default(ansible_domain) \| regex_replace('\\.',',DC=')), ldap_auth \| ternary(ldap_base,'dc=domain,dc=tld')) }}"`
			`pmg_ldap_filter: "{{ ad_auth \| default(False) \| ternary('(\|(userPrincipalName=%u@' + ad_realm \| default(samba_realm) \| default(ansible_domain) \| lower + ')(sAMAccountName=%u))','(uid=%u)') }}"`
			`# pmg_ldap_bind_dn:`
			`# pmg_ldap_bind_pass:`

			`pmg_check_dkim: True`
			`pmg_check_dmarc: True`
			`pmg_dmarc_reject: True`
			`pmg_dmarc_report: True`
			`pmg_dmarc_db_server: "{{ mysql_server \| default('localhost') }}"`
			`pmg_dmarc_db_name: opendmarc`
			`pmg_dmarc_db_user: opendmarc`
			`# pmg_dmarc_db_pass`
			`pmg_dmarc_report_org: "{{ ansible_domain }}"`
			`pmg_dkim_sign: []`
			`# pmg_dkim_sign:`
			`# - domain: '*'`
			`# selector: default`
			`# priority: 999`

			`# opendkim will resolv names itself,`
			`# bypassing /etc/resolv.conf by default. Set here a list of DNS server`
			`# to use if you want to use specific name servers`
			`pmg_dkim_nameservers: []`

			`# You can give an imap account, and PMG will fetch email and learn as spam/ham`
			`# pmg_bayes_imap_server: imap.domain.net`
			`# Security used. Can be none, starttls or tls`
			`pmg_bayes_imap_security: starttls`
			`# pmg_bayes_imap_user: pmg-sa-learn@domain.tld`
			`# pmg_bayes_imap_pass: XXXX`
			`pmg_bayes_imap_spam: Spam`
			`pmg_bayes_imap_ham: Ham`
			`# If spam/ham are just plain email, set it to false. But if they are attached`
			`# as message/rfc822 (it's the case for example with Zimbra spam / non spam buttons)`
			`# then set it to true. If true, the script will extract the first rfc822 attachment`
			`# and feed it to sa-learn instead of feeding the outer email`
			`pmg_bays_imap_attachment: False`

			`# Should we use the openfish feeds. They should only be used for personal usage`
			`# unless allowed by openphish. See https://openphish.com/feed.txt`
			`pmg_use_openphish: False`

			`pmg_sa_rules_base:`
			`- name: KAM_MARK`
			`score: 1.0`
			`- name: DKIM_INVALID # Default is 0.1`
			`score: 1.0`
			`- name: USER_IN_DEF_SPF_WL # Default is -7.5 !`
			`score: -1.0`
			`pmg_sa_rules_extra: []`
			`pmg_sa_rules: "{{ pmg_sa_rules_base + pmg_sa_rules_extra }}"`