## general
spamassassin_user: debian-spamd
spamassassin_group: debian-spamd
spamassassin_home_dir: /var/lib/spamassassin
spamassassin_log_dir: /var/log/spamassassin

# Write spamassassin config files (only install spamassassin and configure
# cronjob if set to False)
spamassassin_configure: True

## file: /etc/default/spamassassin

spamassassin_automatic_rule_update_enabled: true
spamassassin_nice_level: 0

## file: /etc/spamassassin/local.cf

# Rewrite the mail header?
spamassassin_rewrite_header_enabled: true
spamassassin_rewrite_header: "Subject *****SPAM*****"

# Allowed 0, 1, 2 - see https://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html
spamassassin_report_safe: 0

# Set the score required before a mail is considered spam
spamassassin_required_score: 5.0

# Whether to use the naive-Bayesian-style classifier built into SpamAssassin.
spamassassin_use_bayes: 1

# Whether to use rules using the naive-Bayesian-style classifier built into SpamAssassin.
spamassassin_bayes_auto_learn: 1

# What networks or hosts are 'trusted' in your setup.
spamassassin_trusted_networks: []

# Allowed: nfsafe, flock, win32
spamassassin_lock_method: flock

# If you receive mail filtered by upstream mail systems, like a spam-filtering ISP or mailing list,
# and that service adds new headers (as most of them do), these headers may provide inappropriate cues
# to the Bayesian classifier, allowing it to take a ``short cut''. To avoid this, list the headers using this setting.
spamassassin_bayes_ignore_header:
  - X-Bogosity
  - X-Spam-Flag
  - X-Spam-Status

# manual welcomelisting
# In spamassassin 4.0.0 whitelist has been renamed to welcomelist and blacklist to blocklist, see
# https://cwiki.apache.org/confluence/display/spamassassin/WelcomelistBlocklist
# the role variable spamassassin_whitelist has been renamed to spamassassin_welcomelist accordingly.
# If spamassassin_whitelist is set in host vars and non-empty, it will be merged with spamassassin_welcomelist
## file: /etc/spamassassin/whitelist.cf resp. /etc/spamassassin/welcomelist.cf
spamassassin_welcomelist: []

# Add addtional update channels, which should be updates by the daily
# sa-update cronjob. E.g.:
# spamassassin_additional_update_channels:
#   - address: spamassassin.heinlein-support.de
#     gpg: no
spamassassin_additional_update_channels: []

# Enable additional pyzor check
spamassassin_pyzor_enabled: False

spamassassin_pyzor_config_dir: /etc/spamassassin/.pyzor

# Enable additional razor chek
spamassassin_razor_enabled: True

spamassassin_razor_config_dir: /etc/spamassassin/.razor

# Enable monit monitoring
spamassassin_monit_enabled: False

# Enable spam training by users and domain
# spamassassin_spamtraining_users:
#    - domain: myfirstdomain.org
#      users:
#       - admin
#       - foo
#    - domain: myseconddomain.org
#      users:
#       - admina
#       - foobar
spamassassin_spamtraining_users: []

# Set custom spamassassin scores
# spamassassin_custom_scores:
#    - name: SPF_FAIL
#      score: "0 1.5 0 0.919"
spamassassin_custom_scores: []

# On Debian 12/Bookworm, this role will per default install 'spamd' alongside spamassassin
# On Debian 11/Bullseye, 'spamd' will not be installed per default, except:
#   1. bullseye-backports are enabled in your apt sources AND spamassassin is already installed with version >=4.0.0-1
#   2. bullseye-backports are enabled in your apt sources AND 'spamd' package is added to the 'spamassassin_packages' variable
# Note that this role does not take care of adding bullseye-backports to your apt sources!
spamassassin_packages:
  - spamassassin
  - spamc
  - libmail-spf-perl
  - libmail-dkim-perl
  - procps  # provides /bin/kill, should actually be a dependency

ansible-galaxy install systemli.spamassassin

- hosts: servers
  roles:
     - { role: systemli.spamassassin }

molecule test