Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

72 lines
2.7 KiB

---
pmg_api_ports: [8006]
pmg_api_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"
pmg_smtp_ext_ports:
- 25
- 587
- 465
pmg_smtp_ext_src_ip:
- 0.0.0.0/0
pmg_smtp_int_ports:
- 26
pmg_smtp_int_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"
pmg_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
pmg_ldap_servers: "{{ ad_auth | default(False) | ternary(['ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower],ldap_auth | default(False) | ternary([ldap_uri],['ldap://ldap.domain.tld'])) }}"
pmg_ldap_starttls: True
pmg_ldap_search_base: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_auth | ternary(ldap_base,'dc=domain,dc=tld')) }}"
pmg_ldap_filter: "{{ ad_auth | default(False) | ternary('(|(userPrincipalName=%u@' + ad_realm | default(samba_realm) | default(ansible_domain) | lower + ')(sAMAccountName=%u))','(uid=%u)') }}"
# pmg_ldap_bind_dn:
# pmg_ldap_bind_pass:
pmg_check_dkim: True
pmg_check_dmarc: True
pmg_dmarc_reject: True
pmg_dmarc_report: True
pmg_dmarc_db_server: "{{ mysql_server | default('localhost') }}"
pmg_dmarc_db_name: opendmarc
pmg_dmarc_db_user: opendmarc
# pmg_dmarc_db_pass
pmg_dmarc_report_org: "{{ ansible_domain }}"
pmg_dkim_sign: []
# pmg_dkim_sign:
# - domain: '*'
# selector: default
# priority: 999
# opendkim will resolv names itself,
# bypassing /etc/resolv.conf by default. Set here a list of DNS server
# to use if you want to use specific name servers
pmg_dkim_nameservers: []
# You can give an imap account, and PMG will fetch email and learn as spam/ham
# pmg_bayes_imap_server: imap.domain.net
# Security used. Can be none, starttls or tls
pmg_bayes_imap_security: starttls
# pmg_bayes_imap_user: pmg-sa-learn@domain.tld
# pmg_bayes_imap_pass: XXXX
pmg_bayes_imap_spam: Spam
pmg_bayes_imap_ham: Ham
# If spam/ham are just plain email, set it to false. But if they are attached
# as message/rfc822 (it's the case for example with Zimbra spam / non spam buttons)
# then set it to true. If true, the script will extract the first rfc822 attachment
# and feed it to sa-learn instead of feeding the outer email
pmg_bays_imap_attachment: False
# Should we use the openfish feeds. They should only be used for personal usage
# unless allowed by openphish. See https://openphish.com/feed.txt
pmg_use_openphish: False
pmg_sa_rules_base:
- name: KAM_MARK
score: 1.0
- name: DKIM_INVALID # Default is 0.1
score: 1.0
- name: USER_IN_DEF_SPF_WL # Default is -7.5 !
score: -1.0
pmg_sa_rules_extra: []
pmg_sa_rules: "{{ pmg_sa_rules_base + pmg_sa_rules_extra }}"