Merge pull request #51 from systemli/dmarc

Drop Debian 11 support; modernize DMARC

.github/workflows/main.yml

@@ -14,3 +14,5 @@ jobs:
   integration:
     name: Integration
     uses: systemli/github-ansible-workflow/.github/workflows/[email protected]
+    with:
+      distros: '[ "debian12" ]'

README.md

@@ -57,11 +57,6 @@ Defaults:
       - X-Spam-Status
 
     # manual welcomelisting
-    # In spamassassin 4.0.0 whitelist has been renamed to welcomelist and blacklist to blocklist, see
-    # https://cwiki.apache.org/confluence/display/spamassassin/WelcomelistBlocklist
-    # the role variable spamassassin_whitelist has been renamed to spamassassin_welcomelist accordingly.
-    # If spamassassin_whitelist is set in host vars and non-empty, it will be merged with spamassassin_welcomelist
-    ## file: /etc/spamassassin/whitelist.cf resp. /etc/spamassassin/welcomelist.cf
     spamassassin_welcomelist: []
 
     # Add addtional update channels, which should be updates by the daily
@@ -102,17 +97,11 @@ Defaults:
     #      score: "0 1.5 0 0.919"
     spamassassin_custom_scores: []
 
-    # On Debian 12/Bookworm, this role will per default install 'spamd' alongside spamassassin
-    # On Debian 11/Bullseye, 'spamd' will not be installed per default, except:
-    #   1. bullseye-backports are enabled in your apt sources AND spamassassin is already installed with version >=4.0.0-1
-    #   2. bullseye-backports are enabled in your apt sources AND 'spamd' package is added to the 'spamassassin_packages' variable
-    # Note that this role does not take care of adding bullseye-backports to your apt sources!
     spamassassin_packages:
       - spamassassin
       - spamc
       - libmail-spf-perl
       - libmail-dkim-perl
-      - procps  # provides /bin/kill, should actually be a dependency
 
 
 

defaults/main.yml

@@ -60,11 +60,6 @@ spamassassin_bayes_ignore_header:
   - X-Spam-Status
 
 # manual welcomelisting
-# In spamassassin 4.0.0 whitelist has been renamed to welcomelist and blacklist to blocklist, see
-# https://cwiki.apache.org/confluence/display/spamassassin/WelcomelistBlocklist
-# the role variable spamassassin_whitelist has been renamed to spamassassin_welcomelist accordingly.
-# If spamassassin_whitelist is set in host vars and non-empty, it will be merged with spamassassin_welcomelist
-## file: /etc/spamassassin/whitelist.cf resp. /etc/spamassassin/welcomelist.cf
 spamassassin_welcomelist: []
 
 # Add addtional update channels, which should be updates by the daily
@@ -105,42 +100,10 @@ spamassassin_spamtraining_users: []
 #      score: "0 1.5 0 0.919"
 spamassassin_custom_scores: []
 
-# On Debian 12/Bookworm, this role will per default install 'spamd' alongside spamassassin
-# On Debian 11/Bullseye, 'spamd' will not be installed per default, except:
-#   1. bullseye-backports are enabled in your apt sources AND spamassassin is already installed with version >=4.0.0-1
-#   2. bullseye-backports are enabled in your apt sources AND 'spamd' package is added to the 'spamassassin_packages' variable
-# Note that this role does not take care of adding bullseye-backports to your apt sources!
 spamassassin_packages:
   - spamassassin
   - spamc
+  - spamd
+  - libmail-dmarc-perl
   - libmail-spf-perl
   - libmail-dkim-perl
-  - procps  # provides /bin/kill, should actually be a dependency
-
-
-# enable DMARC checks
-# requires SPF and DKIM checks, which are enabled by default
-spamassassin_dmarc_enabled: true
-spamassassin_dmarc_dependencies:
-  - libconfig-tiny-perl
-  - libdbd-sqlite3-perl
-  - libdbix-simple-perl
-  - libemail-address-perl
-  - libemail-mime-perl
-  - libemail-sender-perl
-  - libemail-simple-perl
-  - libfile-sharedir-install-perl
-  - libfile-sharedir-perl
-  - libio-compress-lzma-perl
-  - libnet-dns-perl
-  - libnet-idn-encode-perl
-  - libregexp-common-perl
-  - libtest-file-sharedir-perl
-  - libxml-libxml-perl
-
-spamassassin_dmarc_dependencies_build:
-  - cpanminus
-  - gcc
-  - libc6-dev
-  - libextutils-cbuilder-perl
-  - make

handlers/main.yml

@@ -23,8 +23,3 @@
   service:
     name: monit
     state: restarted
-
-- name: Remove build dependencies
-  apt:
-    name: "{{ spamassassin_dmarc_dependencies_build }}"
-    state: absent

molecule/default/molecule.yml

@@ -4,10 +4,6 @@ driver:
   provider:
     name: virtualbox
 platforms:
-  - name: spamassassin-bullseye64
-    box: debian/bullseye64
-  - name: spamassassin-bullseye64-backports
-    box: debian/bullseye64
   - name: spamassassin-bookworm64
     box: debian/bookworm64
 

molecule/default/prepare.yml

@@ -1,20 +1,4 @@
 ---
-- name: Prepare backports for Bullseye
-  hosts: spamassassin-bullseye64-backports
-  become: True
-  tasks:
-    - name: Add backports repository
-      ansible.builtin.apt_repository:
-        repo: deb http://deb.debian.org/debian bullseye-backports main
-        state: present
-    - name: Pin spamassassin package
-      copy:
-        dest: /etc/apt/preferences.d/99bullseye-backports
-        content: |
-               Package: spamassassin
-               Pin: release a=bullseye-backports
-               Pin-Priority: 900
-
 - name: Prepare
   hosts: all
   become: True

tasks/main.yml

@@ -5,36 +5,6 @@
     state: present
     cache_valid_time: 600
 
-- name: Gather list of installed packages
-  ansible.builtin.package_facts:
-    manager: apt
-
-- name: Gather if spamassassin >= 4.0.0-1 is installed
-  ansible.builtin.set_fact:
-    spamassassin_v4: "{{ True if ansible_facts.packages.spamassassin[0].version is version('4.0.0-1', '>=') else False }}"
-
-- name: Ensure spamd is installed
-  apt:
-    pkg: spamd
-    state: present
-  when: spamassassin_v4
-
-- name: Set variables depending von spamassassin version
-  ansible.builtin.set_fact:
-    spamassassin_daemon: "{{ 'spamd' if spamassassin_v4 else 'spamassassin' }}"
-    welcomelist: "{{ 'welcomelist' if spamassassin_v4 else 'whitelist' }}"
-    blocklist: "{{ 'blocklist' if spamassassin_v4 else 'blacklist' }}"
-
-- name: Check if legacy var spamassassin_whitelist is set and non empty
-  when: (spamassassin_whitelist is defined) and (spamassassin_whitelist|length > 0)
-  block:
-    - name: Merge spamassassin_whitelist and spamassassin_welcomelist
-      ansible.builtin.set_fact:
-        spamassassin_welcomelist: "{{ spamassassin_whitelist +  spamassassin_welcomelist }}"
-    - name: Print info
-      ansible.builtin.debug:
-        msg: "INFO: Variables 'spamassassin_whitelist' and 'spamassassin_wecomelist' are both set and 'spamassassin_whitelist' is non-empty.\nMerging variable contents.\nSee README.md for further information."
-
 - name: Basic configuration
   when: spamassassin_configure
   block:
@@ -68,7 +38,7 @@
         owner: root
         group: root
         mode: 0644
-      notify: Restart {{ spamassassin_daemon }}
+      notify: Restart spamd
 
     - name: Ensure spamassassin default rules file is latest
       template:
@@ -77,16 +47,16 @@
         owner: root
         group: root
         mode: 0644
-      notify: Restart {{ spamassassin_daemon }}
+      notify: Restart spamd
 
-    - name: Ensure spamassassin whitelist/welcomelist is latest
+    - name: Ensure spamassassin welcomelist is latest
       template:
         src: spamassassin/welcomelist.cf.j2
-        dest: "/etc/spamassassin/{{ welcomelist }}.cf"
+        dest: "/etc/spamassassin/welcomelist.cf"
         owner: root
         group: root
         mode: 0644
-      notify: Reload {{ spamassassin_daemon }}
+      notify: Reload spamd
 
     - name: Ensure spamassassin logrotate is latest
       template:
@@ -96,26 +66,14 @@
         group: root
         mode: 0644
 
-- name: Ensure spamassassin ruleupdate cronjob is latest
-  when: not spamassassin_v4
-  template:
-    src: cron.daily/spamassassin_v3.j2
-    dest: /etc/cron.daily/spamassassin
-    owner: root
-    group: root
-    mode: 0755
-  notify: Restart spamassassin
-
 - name: Ensure spamassassin ruleupdate maintenance script is latest
-  when: spamassassin_v4
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: root
     group: root
     mode: 0755
   loop:
-    - { src: 'cron.daily/spamassassin_v4', dest: '/etc/cron.daily/spamassassin' }
     - { src: 'spamassassin/spamassassin-maint.j2', dest: '/usr/sbin/spamassassin-maint'}
 
 - name: Ensure cronjob for spamtraining is present
@@ -129,12 +87,9 @@
     - "{{ spamassassin_spamtraining_users }}"
     - users
 
-- name: Import DMARC tasks
-  import_tasks: dmarc.yml
-
 - name: Ensure spamassassin daemon is enabled and started
   service:
-    name: "{{ spamassassin_daemon }}"
+    name: spamd
     enabled: True
     state: started
 
@@ -143,7 +98,6 @@
     name: spamassassin-maintenance.timer
     enabled: True
     state: started
-  when: spamassassin_v4
 
 - name: Import pyzor tasks
   import_tasks: pyzor.yml

tasks/pyzor.yml

@@ -14,4 +14,4 @@
   args:
     creates: "{{ spamassassin_pyzor_config_dir }}/servers"
   when: not pyzor_installed.stat.exists
-  notify: Restart {{ spamassassin_daemon }}
+  notify: Restart spamd

tasks/razor.yml

@@ -12,14 +12,14 @@
   with_items:
     - "razor-admin -home={{ spamassassin_razor_config_dir }} -create"
   when: razor_installed.changed
-  notify: Restart {{ spamassassin_daemon }}
+  notify: Restart spamd
 
 - name: Ensure razor registers identity after install  # noqa no-changed-when no-handler
   command: "razor-admin -home={{ spamassassin_razor_config_dir }} -register"
   when: razor_installed.changed
-  notify: Restart {{ spamassassin_daemon }}
+  notify: Restart spamd
 
 - name: Ensure razor discovers home after install  # noqa no-changed-when no-handler
   command: "razor-admin -home={{ spamassassin_razor_config_dir }} -discover"
   when: razor_installed.changed
-  notify: Restart {{ spamassassin_daemon }}
+  notify: Restart spamd