control:
  domain             = ( linux-magazin.com )
  access             = ( root )
  Schedule           = ( Min00_05 Min15_20 Min30_35 Min45_50 )
  actionsequence     = ( packages copy directories editfiles files tidy shellcommands )
  masterfiles        = ( /var/lib/cfengine/masterfiles/files )
  AddInstallable     = ( RELOAD_SPAMASSASSIN RELOAD_POSTFIX RESTART_SASLAUTHD )
  DefaultPkgMgr      = ( dpkg )
  DPKGInstallCommand = ( "/usr/bin/apt-get install -q -y --force-yes %s" )

groups:
  MailServers = ( mail01 mail02 aptest )

packages:
  MailServers::
  sasl2-bin        action=install
  libsasl2-modules action=install
  postfix          action=install
  spamassassin     action=install
  spamc            action=install
  cyrus-imapd-2.2  action=install

directories:
  MailServers::
  /var/spool/postfix/var/run/saslauthd mode=710 owner=root group=sasl
  /home/spamd mode=750 owner=108 group=nogroup

copy:
  MailServers::
  (masterfiles)/spamassassin/ dest=/etc/spamassassin/
                              mode=644
                              server=$(policyhost)
                              define=RELOAD_SPAMASSASSIN
                              recurse=inf
editfiles:
  MailServers::
  { /etc/postfix/main.cf
  AppendIfNoSuchLine "smtpd_sasl_auth_enable = yes"
  BeginGroupIfNoLineContaining "smtpd_recipient_restrictions"
      Append "smtpd_recipient_restrictions = permit_sasl_authenticated, reject"
  EndGroup
  DefineClasses "RELOAD_POSTFIX"
  }

{ /etc/passwd
  AppendIfNoSuchLine "spamd:x:108:65534::/home/spamd:/bin/false"
}

{ /etc/postfix/master.cf
  LocateLineMatching "^smtp.*smtpd$"
  AppendToLineIfNotContains " -o content_filter=spamassassin
                              -o myhostname=$(fqhost)
                              -o receive_override_options=no_address_mappings"
  AppendIfNoSuchLine "spamassassin unix - n n - - pipe
                      user=spamd
                      argv=/usr/bin/spamc -f
                      -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}"
}

{ /etc/postfix/sasl/smtpd.conf
  AutoCreate
  AppendIfNoSuchLine "pwcheck_method: saslauthd"
  AppendIfNoSuchLine "log_level: 3"
  AppendIfNoSuchLine "mech_list: plain login"
}

{ /etc/default/spamassassin
  LocateLineMatching "^ENABLED=0$"
  ReplaceLineWith "ENABLED=1"
}

{ /etc/default/saslauthd
  LocateLineMatching "^START=no$"
  CatchAbort
  ReplaceLineWith "START=yes"
  CommentLinesMatching '^OPTIONS="-c"'
  AppendIfNoSuchLine 'OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"'
  DefineClasses "RESTART_SASLAUTHD"
}

{ /etc/spamassassin/local.cf
  UnCommentLinesContaining "rewrite_header Subject"
}

{ /etc/group
  LocateLineMatching "^sasl.*"
  AppendToLineIfNotContains ",postfix"
}

alerts:
  MailServers.smtp_in_high_anomaly::
    "High SMTP incoming rate at $(host) value: $(value_smtp_in) average: $(average_smtp_in)"
    ShowState(incoming.smtp) ifelapsed=60

shellcommands:
  MailServers.Hr03_Q1::
    "/usr/bin/sa-update && /etc/init.d/spamassassin reload"

  MailServers.RELOAD_SPAMASSASSIN::
    "/etc/init.d/spamassassin restart" ifelapsed=10

  MailServers.RESTART_SASLAUTHD::
    "/etc/init.d/saslauthd restart"

  MailServers.RELOAD_POSTFIX::
    "/etc/init.d/postfix reload"