enable starttls and generate self-signed certificate
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@
|
|||||||
.*~
|
.*~
|
||||||
ENV
|
ENV
|
||||||
ENV.test
|
ENV.test
|
||||||
|
tmp/
|
||||||
|
|||||||
@ -12,7 +12,7 @@ ENV SMARTHOST_PASS=""
|
|||||||
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
|
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
|
||||||
ENV RELAYNETS="127.0.0.1/32"
|
ENV RELAYNETS="127.0.0.1/32"
|
||||||
|
|
||||||
RUN apk add --no-cache exim m4
|
RUN apk add --no-cache exim m4 openssl
|
||||||
|
|
||||||
COPY exim.conf.m4 /etc/exim
|
COPY exim.conf.m4 /etc/exim
|
||||||
COPY start.sh /etc/exim
|
COPY start.sh /etc/exim
|
||||||
|
|||||||
@ -22,7 +22,8 @@ primary_hostname = HOSTNAME
|
|||||||
|
|
||||||
acl_smtp_rcpt = acl_check_rcpt
|
acl_smtp_rcpt = acl_check_rcpt
|
||||||
|
|
||||||
tls_advertise_hosts =
|
tls_certificate = /etc/exim/tls.crt
|
||||||
|
tls_privatekey = /etc/exim/tls.key
|
||||||
|
|
||||||
begin routers
|
begin routers
|
||||||
smarthost_route:
|
smarthost_route:
|
||||||
|
|||||||
7
start.sh
7
start.sh
@ -1,4 +1,9 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v
|
openssl genpkey -algorithm RSA -out tls.key && \
|
||||||
|
openssl req -new -key tls.key -out tls.csr -subj "/C=DE/CN=$HOSTNAME" && \
|
||||||
|
openssl x509 -req -in tls.csr -signkey tls.key -out tls.crt -days 3650 && \
|
||||||
|
chown exim tls.key tls.crt && \
|
||||||
|
m4 exim.conf.m4 > exim.conf && \
|
||||||
|
exim -bd -q15m -v
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user