chkpnt · Apr 21, 2024
diff --git a/‎.github/workflows/run-tests.yml
+1-1 b/‎.github/workflows/run-tests.yml
+1-1
diff --git a/‎README.md
+5-4 b/‎README.md
+5-4
diff --git a/‎files/etc/rspamd/local.d/antivirus.conf
+1-1 b/‎files/etc/rspamd/local.d/antivirus.conf
+1-1
diff --git a/‎meta/main.yml
+2-2 b/‎meta/main.yml
+2-2
diff --git a/‎tasks/install.yml
+3-3 b/‎tasks/install.yml
+3-3
diff --git a/‎tasks/setup-rspamd.yml
+19-8 b/‎tasks/setup-rspamd.yml
+19-8
diff --git a/‎templates/etc/amavisd.conf.j2
-388 b/‎templates/etc/amavisd.conf.j2
-388
diff --git a/‎tests/Vagrantfile
+2-2 b/‎tests/Vagrantfile
+2-2
diff --git a/‎tests/manual/Vagrantfile
+3-4 b/‎tests/manual/Vagrantfile
+3-4
diff --git a/‎tests/testfixtures/roles/common/tasks/main.yml
+1 b/‎tests/testfixtures/roles/common/tasks/main.yml
+1
diff --git a/‎tests/tests/configuration/RspamdTest.yml
+1-1 b/‎tests/tests/configuration/RspamdTest.yml
+1-1
diff --git a/‎tests/tests/incoming/SieveCanDeliverToFolderTest.yml
-1 b/‎tests/tests/incoming/SieveCanDeliverToFolderTest.yml
-1
@@ -1,5 +1,5 @@
 ---
-name: Run tests against latest openSUSE Leap 15.4
+name: Run tests against latest openSUSE Leap 15.5
 
 on:
   push:
 
@@ -1,11 +1,11 @@
-# Ansible role for an all-in-one mail server based on opensSUSE Leap 15.4
+# Ansible role for an all-in-one mail server based on openSUSE Leap 15.5
 
-[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/chkpnt/chkpnt-mailserver/Run%20tests%20against%20latest%20openSUSE%20Leap%2015.4?label=Tests%20against%20latest%20openSUSE%20Leap%2015.4)](https://github.com/chkpnt/chkpnt-mailserver/actions/workflows/run-tests.yml)
+[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/chkpnt/chkpnt-mailserver/Run%20tests%20against%20latest%20openSUSE%20Leap%2015.5?label=Tests%20against%20latest%20openSUSE%20Leap%2015.5)](https://github.com/chkpnt/chkpnt-mailserver/actions/workflows/run-tests.yml)
 [![Ansible Role](https://img.shields.io/ansible/role/d/39777?label=Ansible%20Galaxy%20downloads&style=flat-square)](https://galaxy.ansible.com/chkpnt/mailserver)
 
 The purpose of this Ansible role is to fulfill my demands on my own mail server:
 
-- [x] Supports openSUSE Leap 15.4
+- [x] Supports openSUSE Leap 15.5
 - [x] Orchestration of Postfix (MTA), Dovecot (MDA) and Rspamd
 - [x] Postfix uses Dovecot for authentication (SMTP AUTH through Dovecot SASL)
 - [x] No databases for configuration, just plain files
@@ -27,7 +27,8 @@ The purpose of this Ansible role is to fulfill my demands on my own mail server:
   - [x] Ham can be learnt by applying the NonJunk flag, which is used by Thunderbird
   - [x] Ham can be learnt by marking the mail with a green flag in the iOS Mail App
 - Antivirus
-  - [x] Integration of ClamAV
+  - [x] Integration of [ClamAV](https://www.clamav.net/)
+  - [x] Integration of [Fangfrisch](https://rseichter.github.io/fangfrisch/)
   - [ ] Integration of VirusTotal.com
   - [x] Infected mails are rejected
 - [x] Nice reports (rspamd WebUI is sufficient for me)
 
@@ -1,5 +1,5 @@
 # Ansible managed
 clamav {
     action = "reject";
-    servers = "/var/run/clamav/clamd-socket";
+    servers = "/var/run/clamav/clamd.sock";
 }
@@ -2,14 +2,14 @@
 galaxy_info:
   role_name: mailserver
   namespace: chkpnt
-  description: Ansible role for an all-in-one mail server based on openSUSE Leap 15.4
+  description: Ansible role for an all-in-one mail server based on openSUSE Leap 15.5
   author: Gregor Dschung
   license: Apache
   min_ansible_version: "9.0"
   platforms:
     - name: opensuse
       versions:
-        - "15.4"
+        - "15.5"
   galaxy_tags:
     - mailserver
     - mail
 
@@ -1,9 +1,9 @@
 ---
-# provides rspamd and clamav-unofficial-sigs
+# provides rspamd and fangfrisch
 - name: Install repository home:chkpnt:mailserver
   community.general.zypper_repository:
     name: home_chkpnt_mailserver
-    repo: https://download.opensuse.org/repositories/home:/chkpnt:/mailserver/15.4/
+    repo: https://download.opensuse.org/repositories/home:/chkpnt:/mailserver/15.5/
     state: present
     auto_import_keys: true
 
@@ -20,6 +20,6 @@
       - redis
       - unbound # using a local resolver is highly recommended for RBLs
       - clamav
-      - clamav-unofficial-sigs
+      - python311-fangfrisch
       - acl
     state: present
@@ -140,17 +140,18 @@
     enabled: true
     state: started
 
-- name: Enable clamav-unofficial-sigs
-  ansible.builtin.lineinfile:
-    path: /etc/clamav-unofficial-sigs/user.conf
-    regexp: "#user_configuration_complete="
-    line: user_configuration_complete="yes"
-
 # clamd won't start if /var/lib/clamav doesn't contain the daily and main databases,
 # therefore freshclam needs to be executed once.
-- name: Execute freshclam
+- name: Enable freshclam.timer and make sure it is executed once.
+  ansible.builtin.systemd:
+    name: freshclam.timer
+    enabled: true
+    state: started
+
+- name: Enable fangfrisch.timer (unofficial signatures) and make sure it is executed once.
   ansible.builtin.systemd:
-    name: freshclam
+    name: fangfrisch.timer
+    enabled: true
     state: started
 
 - name: Adding a whiteliste database for clamd
@@ -162,6 +163,16 @@
     group: vscan
     mode: "0644"
 
+- name: Wait for /var/lib/clamav/daily.cvd to be available
+  ansible.builtin.wait_for:
+    path: /var/lib/clamav/daily.cvd
+    state: present
+
+- name: Wait for /var/lib/clamav/main.cvd to be available
+  ansible.builtin.wait_for:
+    path: /var/lib/clamav/main.cvd
+    state: present
+
 - name: Enable clamd and make sure it is running
   ansible.builtin.systemd:
     name: clamd
 
@@ -6,8 +6,8 @@ Vagrant.require_version ">= 2.2.6"
 
 Vagrant.configure("2") do |config|    
 
-    config.vm.box = "Leap-15.4.x86_64"
-    config.vm.box_url = "https://download.opensuse.org/repositories/Virtualization:/Appliances:/Images:/openSUSE-Leap-15.4/images/boxes/Leap-15.4.x86_64.json"
+    config.vm.box = "Leap-15.5.x86_64"
+    config.vm.box_url = "https://download.opensuse.org/repositories/Virtualization:/Appliances:/Images:/openSUSE-Leap-15.5/images/boxes/Leap-15.5.x86_64.json"
 
     config.vm.synced_folder '.', '/vagrant', disabled: true
     config.vm.boot_timeout = 600
 
@@ -3,12 +3,11 @@
 
 Vagrant.configure("2") do |config|
 
-    hostname = "leap15"
+    hostname = "leap-15.5"
 
     # Box
-    #config.vm.box = "bento/opensuse-leap-42.3"
-    #config.vm.box = "opensuse/openSUSE-42.3-x86_64"
-    config.vm.box = "opensuse/openSUSE-15.0-x86_64"
+    config.vm.box = "Leap-15.5.x86_64"
+    config.vm.box_url = "https://download.opensuse.org/repositories/Virtualization:/Appliances:/Images:/openSUSE-Leap-15.5/images/boxes/Leap-15.5.x86_64.json"
 
     config.vm.provision :ansible do |ansible|
         ansible.force_remote_user = true
 
@@ -9,4 +9,5 @@
       - man
       - telnet
     refresh: true
+    extra_args_precommand: --gpg-auto-import-keys
     state: present
@@ -92,7 +92,7 @@
           {
             "clamav": {
               "action": "reject",
-              "servers": "/var/run/clamav/clamd-socket"
+              "servers": "/var/run/clamav/clamd.sock"
             }
           }
 
 
@@ -33,7 +33,6 @@
     - name: Get path of mail in maildir
       become: true
       become_user: vmail
-
       block:
         - ansible.builtin.wait_for:
             path: /srv/mail/jane/Maildir/.Spam/new/
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`# Ansible managed`
`2`	`2`	`clamav {`
`3`	`3`	`action = "reject";`
`4`		`- servers = "/var/run/clamav/clamd-socket";`
	`4`	`+ servers = "/var/run/clamav/clamd.sock";`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@`
`92`	`92`	`{`
`93`	`93`	`"clamav": {`
`94`	`94`	`"action": "reject",`
`95`		`- "servers": "/var/run/clamav/clamd-socket"`
	`95`	`+ "servers": "/var/run/clamav/clamd.sock"`
`96`	`96`	`}`
`97`	`97`	`}`
`98`	`98`