--- pmg_api_ports: [8006] pmg_api_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}" pmg_smtp_ext_ports: - 25 - 587 - 465 pmg_smtp_ext_src_ip: - 0.0.0.0/0 pmg_smtp_int_ports: - 26 pmg_smtp_int_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}" pmg_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}" pmg_ldap_servers: "{{ ad_auth | default(False) | ternary(['ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower],ldap_auth | default(False) | ternary([ldap_uri],['ldap://ldap.domain.tld'])) }}" pmg_ldap_starttls: True pmg_ldap_search_base: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_auth | ternary(ldap_base,'dc=domain,dc=tld')) }}" pmg_ldap_filter: "{{ ad_auth | default(False) | ternary('(|(userPrincipalName=%u@' + ad_realm | default(samba_realm) | default(ansible_domain) | lower + ')(sAMAccountName=%u))','(uid=%u)') }}" # pmg_ldap_bind_dn: # pmg_ldap_bind_pass: pmg_check_dkim: True pmg_check_dmarc: True pmg_dmarc_reject: True pmg_dmarc_report: True pmg_dmarc_db_server: "{{ mysql_server | default('localhost') }}" pmg_dmarc_db_name: opendmarc pmg_dmarc_db_user: opendmarc # pmg_dmarc_db_pass pmg_dmarc_report_org: "{{ ansible_domain }}" pmg_dkim_sign: [] # pmg_dkim_sign: # - domain: '*' # selector: default # priority: 999 # opendkim will resolv names itself, # bypassing /etc/resolv.conf by default. Set here a list of DNS server # to use if you want to use specific name servers pmg_dkim_nameservers: [] # You can give an imap account, and PMG will fetch email and learn as spam/ham # pmg_bayes_imap_server: imap.domain.net # Security used. Can be none, starttls or tls pmg_bayes_imap_security: starttls # pmg_bayes_imap_user: pmg-sa-learn@domain.tld # pmg_bayes_imap_pass: XXXX pmg_bayes_imap_spam: Spam pmg_bayes_imap_ham: Ham # If spam/ham are just plain email, set it to false. But if they are attached # as message/rfc822 (it's the case for example with Zimbra spam / non spam buttons) # then set it to true. If true, the script will extract the first rfc822 attachment # and feed it to sa-learn instead of feeding the outer email pmg_bays_imap_attachment: False # Should we use the openfish feeds. They should only be used for personal usage # unless allowed by openphish. See https://openphish.com/feed.txt pmg_use_openphish: False pmg_sa_rules_base: - name: KAM_MARK score: 1.0 - name: DKIM_INVALID # Default is 0.1 score: 1.0 - name: USER_IN_DEF_SPF_WL # Default is -7.5 ! score: -1.0 pmg_sa_rules_extra: [] pmg_sa_rules: "{{ pmg_sa_rules_base + pmg_sa_rules_extra }}"