/puppet-rspamd

Puppet module for Rspamd anti spam system

Primary LanguagePuppetOtherNOASSERTION

rspamd

Table of Contents

  1. Description
  2. Setup - The basics of getting started with rspamd
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module installs and manages the Rspamd spam filter, and provides resources and functions to configure the Rspamd system. It does, however, not configure the systems beyond the upstream defaults.

This module is intended to work with Puppet 4.10, 5 and 6, and has been tested with Rspamd versions from 1.6.3 to at least 2.5.0 on Ubuntu 16.04 and CentOS 7. Patches to support other setups are welcome.

Please note that while all versions starting from 1.6.3 should still be supported, this module is intended to be run with the latest version of Rspamd, and compatibility with older versions will not be tested for new releases.

Setup

What rspamd affects

By default, this package...

  • adds rspamd.com/apt-stable to your APT repository list
  • installs the rspamd package
  • recursively purges all custom rspamd config (e.g. local.d and override.d directories)

Beginning with rspamd

The simplest way to use this module is:

include rspamd

This will setup the rspamd service the upstream default configuration.

Usage

The rspamd::config resource can be used to specify custom configuration entries. The easiest way to use it, is to put both the file and the hierachical config key into the resource title:

class { 'rspamd': }
rspamd::config {
  'classifier-bayes:backend': value => 'redis';
  'classifier-bayes:servers': value => '127.0.0.1:6379';
  'classifier-bayes:statfile[0].symbol': value => 'BAYES_HAM';
  'classifier-bayes:statfile[0].spam':   value => false;
  'classifier-bayes:statfile[1].symbol': value => 'BAYES_SPAM';
  'classifier-bayes:statfile[1].spam':   value => true;
}

This results the following config file /etc/rspamd/local.d/classifier-bayes.conf:

# This file is managed by Puppet. DO NOT EDIT.
backend = redis;
servers = "127.0.0.1:6379";
statfile {
  spam = false;
  symbol = 'BAYES_HAM';
}
statfile {
  spam = true;
  symbol = 'BAYES_SPAM';
}

Using the rspamd $config parameter, values for multiple config files can easily be provided from hiera:

rspamd::config:
  classifier-bayes:
    backend: redis
    servers: "127.0.0.1:6379"
    statfile:
      - symbol: BAYES_HAM
        spam: false
      - symbol: BAYES_SPAM
        spam: true
  milter_headers:
    use:
      - authentication-results
      - x-spam-status
  'worker-proxy.inc':
    bind_socket: 'localhost:11332'
    upstream:
      local:
        self_scan: true
  dkim_signing:
    sign_local: true

This uses the provided rspamd::create_config_resources and rspamd::create_config_file_resources functions, which can be used in custom profiles for extended use cases:

class profile::mail::rspamd (
  Hash $config,
  Hash $override_config,
) {
  class { 'rspamd': }

  rspamd::create_config_file_resources($config)
  rspamd::create_config_file_resources($override_config, { mode => 'override' })
}

Reference

See the reference generated by puppet strings on https://oxc.github.io/puppet-rspamd/

Limitations

OS Versions tested:

  • Ubuntu 16.04
  • CentOS 7

Feel free to let me know if it correctly works on a different OS/setup, or submit patches if it doesn't.

Development

You're welcome to submit patches and issues to the issue tracker on Github.