You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
2.7 KiB
71 lines
2.7 KiB
---
|
|
|
|
pmg_api_ports: [8006]
|
|
pmg_api_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"
|
|
|
|
pmg_smtp_ext_ports:
|
|
- 25
|
|
- 587
|
|
- 465
|
|
pmg_smtp_ext_src_ip:
|
|
- 0.0.0.0/0
|
|
|
|
pmg_smtp_int_ports:
|
|
- 26
|
|
pmg_smtp_int_src_ip: "{{ trusted_ip | default(['127.0.0.1']) }}"
|
|
|
|
pmg_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
|
|
pmg_ldap_servers: "{{ ad_auth | default(False) | ternary(['ldap://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower],ldap_auth | default(False) | ternary([ldap_uri],['ldap://ldap.domain.tld'])) }}"
|
|
pmg_ldap_starttls: True
|
|
pmg_ldap_search_base: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_auth | ternary(ldap_base,'dc=domain,dc=tld')) }}"
|
|
pmg_ldap_filter: "{{ ad_auth | default(False) | ternary('(|(userPrincipalName=%u@' + ad_realm | default(samba_realm) | default(ansible_domain) | lower + ')(sAMAccountName=%u))','(uid=%u)') }}"
|
|
# pmg_ldap_bind_dn:
|
|
# pmg_ldap_bind_pass:
|
|
|
|
pmg_check_dkim: True
|
|
pmg_check_dmarc: True
|
|
pmg_dmarc_reject: True
|
|
pmg_dmarc_report: True
|
|
pmg_dmarc_db_server: "{{ mysql_server | default('localhost') }}"
|
|
pmg_dmarc_db_name: opendmarc
|
|
pmg_dmarc_db_user: opendmarc
|
|
# pmg_dmarc_db_pass
|
|
pmg_dmarc_report_org: "{{ ansible_domain }}"
|
|
pmg_dkim_sign: []
|
|
# pmg_dkim_sign:
|
|
# - domain: '*'
|
|
# selector: default
|
|
# priority: 999
|
|
|
|
# opendkim will resolv names itself,
|
|
# bypassing /etc/resolv.conf by default. Set here a list of DNS server
|
|
# to use if you want to use specific name servers
|
|
pmg_dkim_nameservers: []
|
|
|
|
# You can give an imap account, and PMG will fetch email and learn as spam/ham
|
|
# pmg_bayes_imap_server: imap.domain.net
|
|
# Security used. Can be none, starttls or tls
|
|
pmg_bayes_imap_security: starttls
|
|
# pmg_bayes_imap_user: pmg-sa-learn@domain.tld
|
|
# pmg_bayes_imap_pass: XXXX
|
|
pmg_bayes_imap_spam: Spam
|
|
pmg_bayes_imap_ham: Ham
|
|
# If spam/ham are just plain email, set it to false. But if they are attached
|
|
# as message/rfc822 (it's the case for example with Zimbra spam / non spam buttons)
|
|
# then set it to true. If true, the script will extract the first rfc822 attachment
|
|
# and feed it to sa-learn instead of feeding the outer email
|
|
pmg_bays_imap_attachment: False
|
|
|
|
# Should we use the openfish feeds. They should only be used for personal usage
|
|
# unless allowed by openphish. See https://openphish.com/feed.txt
|
|
pmg_use_openphish: False
|
|
|
|
pmg_sa_rules_base:
|
|
- name: KAM_MARK
|
|
score: 1.0
|
|
- name: DKIM_INVALID # Default is 0.1
|
|
score: 1.0
|
|
- name: USER_IN_DEF_SPF_WL # Default is -7.5 !
|
|
score: -1.0
|
|
pmg_sa_rules_extra: []
|
|
pmg_sa_rules: "{{ pmg_sa_rules_base + pmg_sa_rules_extra }}"
|
|
|