deployment yml

Dockerfile

@@ -0,0 +1,17 @@
+FROM alpine:3.22.2
+
+LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
+LABEL ImageName=""
+
+RUN apk add --no-cache exim
+
+COPY exim.conf /etc/exim
+
+WORKDIR /etc/exim
+
+EXPOSE 25
+
+CMD [ "/usr/sbin/exim", "-bd", "-q15m", "-v" ]
+
+ 
+

exim.conf

@@ -0,0 +1,74 @@
+domainlist forward_domains = lsearch;/etc/exim/forward_domains
+
+tls_advertise_hosts = *
+
+
+acl_smtp_connect = acl_connect
+acl_smtp_helo = acl_helo
+acl_smtp_rcpt = acl_rcpt
+acl_smtp_data = acl_data
+
+begin acl
+
+acl_connect:
+  deny message = Reverse DNS required
+       !verify = reverse_host_lookup
+  accept
+
+acl_helo:
+  deny message = Invalid HELO/EHLO name
+       condition = ${if match{$sender_helo_name}{\N^(localhost|localhost\.localdomain|\[?[0-9]{1,3}(\.[0-9]{1,3}){3}\]?)$\N}{yes}{no}}
+   accept
+
+acl_rcpt:
+  require verify = recipient
+
+  # SPF check
+  deny  message = Access denied (1)
+        spf = fail
+
+  # Greylisting
+  defer message = Try again later
+        !seen = 72h / key=${sender_address}_${local_part}@${domain}
+
+  # Rate limit
+  deny  message = Access denied (2)
+        ratelimit = 10 / 10m / strict
+
+  accept condition = ${if match_domain{$domain}{+forward_domains}{yes}{no}}
+
+  deny  message = Access denied (x)
+
+acl_data:
+  warn  dkim_status = invalid
+        add_header = X-DKIM-Status: invalid
+  warn  dkim_status = pass
+        add_header = X-DKIM-Status: pass
+
+  accept
+
+
+begin routers
+
+forward_aliases:
+  driver  = redirect
+  domains = +forward_domains
+  data    = ${lookup{$local_part@$domain}lsearch{/etc/exim/forward_addresses}}
+  no_expn
+  allow_defer
+  allow_fail
+
+dnslookup_out:
+  driver    = dnslookup
+  domains   = ! +forward_domains
+  transport = remote_smtp
+  no_more
+
+
+begin transports
+
+remote_smtp:
+  driver = smtp
+  hosts_require_tls = *
+
+

forward_addresses

@@ -0,0 +1 @@
+wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com

forward_domains

@@ -0,0 +1,2 @@
+mainscnt.eu
+

install.yml

@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: exim-forwarder-config
+data:
+  domains: |
+    mainscnt.eu
+  addresses: |
+    wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: exim-forwarder
+  annotations:
+    configmap.reloader.stakater.com/reload: "exim-forwarder-config"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: exim-forwarder
+  template:
+    metadata:
+      labels:
+        app: exim-forwarder
+    spec:
+      containers:
+        - name: exim-forwarder
+          image: your-registry/exim-forwarder:latest
+          ports:
+            - name: smtp
+              containerPort: 25
+              protocol: TCP
+          volumeMounts:
+            - name: exim-config
+              mountPath: /etc/exim
+              readOnly: true
+      volumes:
+        - name: exim-config
+          configMap:
+            name: exim-forwarder-config
+            items:
+              - key: domains
+                path: forward_domains
+              - key: addresses
+                path: forward_addresses
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: exim-forwarder
+spec:
+  type: LoadBalancer
+  selector:
+    app: exim-forwarder
+  ports:
+    - name: smtp
+      port: 25
+      targetPort: 25
+      protocol: TCP
+