grossd: Initial version of module

2021-03-09 20:49:51 +00:00 · 2021-03-09 20:49:51 +00:00 · 68810aa8c2
commit 68810aa8c2
parent 2cbe0b93af
5 changed files with 217 additions and 0 deletions
--- a/roles/grossd/files/grossd.conf
+++ b/roles/grossd/files/grossd.conf
@ -0,0 +1,172 @@
 #
 # This is a sample configuration for grossd
 #
 # This file includes all valid configuration parameters, with their
 # default values. All the default values are commented out, so any 
 # all lines not commented out change the default settings. 
 # 
 # syntax is 
 #
 # name = value [; param]...
 # 
 # you can also add comments after a line 	# this is a comment
 # 'host' is the address the server should listen for queries
 # DEFAULT: host = localhost
 # 'port' is the port the server should listen for queries
 # DEFAULT: port = 5525
 # 'protocol' activates the server protocols grossd will support
 # Valid protocols are 'sjsms', 'postfix' and 'milter'
 #protocol = sjsms
 #protocol = postfix
 protocol = milter
 # 'stat_type' is the name of the requested statistic. There can be multiple
 # 'stat_type' options in the configuration file (Using both none and full is
 # undefined). Default is none. Valid options are currently:
 # full: grossd sends all possible statistics
 # none: no statistics at all
 # status: basic statistics set
 # since_startup: basic set since the startup 
 # delay: processing delay statistics
 # EXAMPLE: stat_type = status
 # EXAMPLE: stat_type = delay
 # 'stat_interval' is the number of seconds between status log entries
 # DEFAULT: stat_interval = 3600
 # 'filter_bits' is the size of the bloom filter. Size will be 2^filter_bits
 # lowering this value will increase the probability of false matches
 # in each individual bloom filter
 # DEFAULT: filter_bits = 24
 # 'number_buffers' is the number of filters used in the ring queue
 # raising this value will cause an entry to stay in the servers' memory longer
 # DEFAULT: number_buffers = 8
 # 'rotate_interval' is the number of seconds between filter rotation.
 # Let N := 'number_buffers' and I := 'rotate_interval'. An entry will
 # stay in the servers' memory for (N - 0.5) * I seconds in average. 
 # DEFAULT: rotate_interval = 3600
 # 'sync_listen' is the address to listen for communication with the peer
 # defaults to 'host' option
 # sync_listen = 
 # 'sync_peer' is the address of the peer used in clustered mode
 # sync_peer = 
 # 'sync_port' is the port number to listen to and connect to in 
 # communication with the peer. 
 # DEFAULT: sync_port = 5524
 # 'status_host' is the address grossd listens for status queries
 # DEFAULT: status_host = localhost
 # 'status_port' is the port number grossd listens for status queries
 # DEFAULT: status_port = 5522
 # 'statefile' is the full path of the file that the server will use to
 # store the state information. 
 statefile = /var/db/grossd/grossd.state
 # 'pidfile' is the full path of the file grossd writes its pid into.
 # You can set parameter 'check', if you want to keep grossd
 # from starting if pidfile already exists.
 # pidfile = /var/run/grossd.pid;check
 # 'log_method' is used to list all the possible logging facilities.
 # currently only syslog is implemented
 # DEFAULT: log_method = syslog
 # 'log_level' Possible log levels are 'debug', 'info', 'notice'
 # 'warning' and 'error'.
 # DEFAULT: log_level = info
 # 'syslog_facility' is the facility syslog sends log messages with.
 # DEFAULT: syslog_facility = mail
 # 'update' is the way server updates the database. Valid options are
 # 'grey' and 'always'. If 'update = grey' grossd will update the database
 # only if response is STATUS_GREY 
 # DEFAULT: update = grey
 # 'grey_mask' is the mask for grossd to use when matching client_ip
 # against the database. Default is 24, so grossd treats addresses
 # like a.b.c.d as a.b.c.0. Setting this to 32 makes grossd to 
 # require that consecutive attempts are made from the same ip address.
 # DEFAULT: grey_mask = 24
 # 'grey_delay' is the time in seconds new triplets are kept on the greylist.
 # DEFAULT: grey_delay = 10
 # 'query_timelimit' is the query timeout in milliseconds.
 # DEFAULT: query_timelimit = 5000
 # 'pool_maxthreads' is the maximum threadcount per pool. You may have
 # to raise the limit from the default if you get more than 100 
 # queries per second and/or have slow dns servers. Rule of thumb would be
 # decide how many queries you want grossd to be able to handle per second,
 # and multiply that with query_timelimit (in seconds, of course). 
 # DEFAULT: pool_maxthreads = 100
 # 'block_threshold' is the threshold after which grossd sends 
 # a permanent error to the client. Every check that considers client_ip
 # as suspicious returns a value (check weight). When sum of these
 # values gets equivalent or greater than 'block_threshold', grossd
 # sends a STATUS_BLOCK response. Default is 0, which disables
 # this functionality.
 # DEFAULT: block_threshold = 0
 # 'block_reason' is the reason given when client is too suspicious,
 # see block_threshold
 # DEFAULT: block_reason = Bad reputation
 # 'grey_threshold' is analogous to 'block_threshold', except at the 
 # threshold grossd sends a STATUS_GREY response.
 # DEFAULT: grey_threshold = 1
 # 'check' lists all the checks grossd will do to judge if client_ip is
 # suspicious or not. 
 check = dnsbl
 #check = rhsbl
 #check = dnswl
 # 'dnsbl' is a dns domain name of the dnsbl that 'dnsbl' check will query
 # There are no defaults, but below is a list of dnsbls you could be using
 # you may assign different weights for the dnsbl's, default weight is 1
 # dnsbl = rbl-plus.mail-abuse.net # this is not free
 dnsbl = all.spamrats.com
 dnsbl = bl.mailspike.net
 dnsbl = bl.spamcop.net
 dnsbl = cbl.abuseat.org
 dnsbl = dnsbl-1.uceprotect.net
 dnsbl = dnsbl-2.uceprotect.net
 dnsbl = dnsbl-3.uceprotect.net
 dnsbl = dnsbl.sorbs.net
 dnsbl = zen.spamhaus.org;2
 # 'rhsbl' is analogous to 'dnsbl'
 #rhsbl = rhsbl.sorbs.net
 # 'dnswl' is analogous to 'dnsbl'. Remember that dnswl is a *definitive*
 # check, that is grossd waits for the check to complete before deciding
 # how to respond. This may cause unwanted latency. Highly recommended if
 # you use grossd as a traditional greylister.
 #dnswl = query.bondedsender.org 
 # 'blocker_host' is the host name of the Sophos blocker server.
 # blocker_host =
 # 'blocker_port' is the tcp port of the Sophos blocker service.
 # DEFAULT: blocker_port = 4466
 # 'blocker_weight' is the weight of the blocker check. (See description of 'dnsbl')
 # DEFAULT: blocker_weight = 1
 # 'milter_listen' is the socket for milter service.
 # EXAMPLE: milter_listen = inet:5523@localhost
 milter_listen = inet:5523@localhost
--- a/roles/grossd/handlers/main.yml
+++ b/roles/grossd/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart grossd
  service:
    name: grossd
    state: restarted
--- a/roles/grossd/meta/main.yml
+++ b/roles/grossd/meta/main.yml
@ -0,0 +1,3 @@
 ---
 dependencies:
  - {role: foo.sh-repo}
--- a/roles/grossd/tasks/.main.yml.swp
+++ b/roles/grossd/tasks/.main.yml.swp
--- a/roles/grossd/tasks/main.yml
+++ b/roles/grossd/tasks/main.yml
@ -0,0 +1,37 @@
 ---
 - name: install packages
  package:
    name: gross
    state: installed
 - name: create data directory
  file:
    path: /var/db/grossd
    state: directory
    mode: 0750
    owner: gross
    group: "{{ ansible_wheel }}"
 - name: create config file
  copy:
    dest: /etc/grossd.conf
    src: grossd.conf
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart grossd
 - name: initialize database
  command:
    argv:
      - /usr/sbin/grossd
      - -C
      - -u
      - gross
    creates: /var/db/grossd/grossd.state
 - name: enable service
  service:
    name: grossd
    state: started
    enabled: true