diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..170408a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:3.22.2 + +LABEL Maintainer="Wolfgang Hottgenroth " +LABEL ImageName="" + +RUN apk add --no-cache exim + +COPY exim.conf /etc/exim + +WORKDIR /etc/exim + +EXPOSE 25 + +CMD [ "/usr/sbin/exim", "-bd", "-q15m", "-v" ] + + + diff --git a/exim.conf b/exim.conf new file mode 100644 index 0000000..0fce905 --- /dev/null +++ b/exim.conf @@ -0,0 +1,74 @@ +domainlist forward_domains = lsearch;/etc/exim/forward_domains + +tls_advertise_hosts = * + + +acl_smtp_connect = acl_connect +acl_smtp_helo = acl_helo +acl_smtp_rcpt = acl_rcpt +acl_smtp_data = acl_data + +begin acl + +acl_connect: + deny message = Reverse DNS required + !verify = reverse_host_lookup + accept + +acl_helo: + deny message = Invalid HELO/EHLO name + condition = ${if match{$sender_helo_name}{\N^(localhost|localhost\.localdomain|\[?[0-9]{1,3}(\.[0-9]{1,3}){3}\]?)$\N}{yes}{no}} + accept + +acl_rcpt: + require verify = recipient + + # SPF check + deny message = Access denied (1) + spf = fail + + # Greylisting + defer message = Try again later + !seen = 72h / key=${sender_address}_${local_part}@${domain} + + # Rate limit + deny message = Access denied (2) + ratelimit = 10 / 10m / strict + + accept condition = ${if match_domain{$domain}{+forward_domains}{yes}{no}} + + deny message = Access denied (x) + +acl_data: + warn dkim_status = invalid + add_header = X-DKIM-Status: invalid + warn dkim_status = pass + add_header = X-DKIM-Status: pass + + accept + + +begin routers + +forward_aliases: + driver = redirect + domains = +forward_domains + data = ${lookup{$local_part@$domain}lsearch{/etc/exim/forward_addresses}} + no_expn + allow_defer + allow_fail + +dnslookup_out: + driver = dnslookup + domains = ! +forward_domains + transport = remote_smtp + no_more + + +begin transports + +remote_smtp: + driver = smtp + hosts_require_tls = * + + diff --git a/forward_addresses b/forward_addresses new file mode 100644 index 0000000..280710d --- /dev/null +++ b/forward_addresses @@ -0,0 +1 @@ +wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com diff --git a/forward_domains b/forward_domains new file mode 100644 index 0000000..326640a --- /dev/null +++ b/forward_domains @@ -0,0 +1,2 @@ +mainscnt.eu + diff --git a/install.yml b/install.yml new file mode 100644 index 0000000..a0bcfc0 --- /dev/null +++ b/install.yml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: exim-forwarder-config +data: + domains: | + mainscnt.eu + addresses: | + wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: exim-forwarder + annotations: + configmap.reloader.stakater.com/reload: "exim-forwarder-config" +spec: + replicas: 1 + selector: + matchLabels: + app: exim-forwarder + template: + metadata: + labels: + app: exim-forwarder + spec: + containers: + - name: exim-forwarder + image: your-registry/exim-forwarder:latest + ports: + - name: smtp + containerPort: 25 + protocol: TCP + volumeMounts: + - name: exim-config + mountPath: /etc/exim + readOnly: true + volumes: + - name: exim-config + configMap: + name: exim-forwarder-config + items: + - key: domains + path: forward_domains + - key: addresses + path: forward_addresses +--- +apiVersion: v1 +kind: Service +metadata: + name: exim-forwarder +spec: + type: LoadBalancer + selector: + app: exim-forwarder + ports: + - name: smtp + port: 25 + targetPort: 25 + protocol: TCP +