Compare commits
35 Commits
Author | SHA1 | Date | |
---|---|---|---|
f08937111e | |||
dbb79dd567 | |||
e1d0f95a72
|
|||
a2b000a05b | |||
8fbca20ffe | |||
0fc12e5f3c | |||
8502fbd9a1 | |||
7adb4c1fde
|
|||
419b775dcb
|
|||
20c12df5ba
|
|||
0225fc26a6 | |||
e949df8a83 | |||
5ae80b4d9b | |||
ee5ec605c6 | |||
3c855b055d | |||
d7ed6afe41 | |||
b57cc949d3 | |||
013c0c0859 | |||
8464bf1f41 | |||
0bf33c582f | |||
04ad6017e6
|
|||
f205858c30 | |||
9f65b7690e
|
|||
724e94afb6
|
|||
fd5d006c33
|
|||
e8f66cd354
|
|||
93801d7577
|
|||
62a301cc58 | |||
ae2a789c3c | |||
1b6adce9dc | |||
4db1560da2 | |||
2d71d0d42c | |||
ab7eb0a3f0 | |||
e9f0a2a898 | |||
2b26bbf327 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1,5 @@
|
||||
*~
|
||||
.*~
|
||||
ENV
|
||||
ENV.test
|
||||
tmp/
|
||||
|
@ -13,16 +13,61 @@ steps:
|
||||
dockerfile: Dockerfile
|
||||
when:
|
||||
- event: [push, tag]
|
||||
public_build:
|
||||
|
||||
scan_image:
|
||||
image: aquasec/trivy
|
||||
commands:
|
||||
- trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
|
||||
when:
|
||||
- event: [push, tag]
|
||||
|
||||
generate_sbom:
|
||||
image: quay.io/wollud1969/woodpecker-helper:0.5.1
|
||||
environment:
|
||||
TRIVY_TOKEN:
|
||||
from_secret: trivy_token
|
||||
TRIVY_URL:
|
||||
from_secret: trivy_url
|
||||
DTRACK_API_KEY:
|
||||
from_secret: dtrack_api_key
|
||||
DTRACK_API_URL:
|
||||
from_secret: dtrack_api_url
|
||||
commands:
|
||||
- HOME=/home/`id -nu`
|
||||
- TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
|
||||
- |
|
||||
trivy image \
|
||||
--server $TRIVY_URL \
|
||||
--token $TRIVY_TOKEN \
|
||||
--format cyclonedx \
|
||||
--scanners license \
|
||||
--output /tmp/sbom.xml \
|
||||
$FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA
|
||||
- cat /tmp/sbom.xml
|
||||
- |
|
||||
curl -X "POST" \
|
||||
-H "Content-Type: multipart/form-data" \
|
||||
-H "X-Api-Key: $DTRACK_API_KEY" \
|
||||
-F "autoCreate=true" \
|
||||
-F "projectName=$CI_REPO" \
|
||||
-F "projectVersion=$TAG" \
|
||||
-F "bom=@/tmp/sbom.xml"\
|
||||
"$DTRACK_API_URL/api/v1/bom"
|
||||
when:
|
||||
- event: [push, tag]
|
||||
|
||||
build:
|
||||
image: plugins/kaniko
|
||||
settings:
|
||||
repo: wollud1969/exim-docker
|
||||
registry: docker.io
|
||||
tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
|
||||
repo: quay.io/wollud1969/exim-docker
|
||||
registry: quay.io
|
||||
tags:
|
||||
- latest
|
||||
- ${CI_COMMIT_TAG}
|
||||
username:
|
||||
from_secret: docker_hub_username
|
||||
from_secret: quay_username
|
||||
password:
|
||||
from_secret: docker_hub_password
|
||||
from_secret: quay_password
|
||||
dockerfile: Dockerfile
|
||||
when:
|
||||
- event: [tag]
|
||||
|
28
Dockerfile
28
Dockerfile
@ -1,33 +1,31 @@
|
||||
FROM debian:bookworm
|
||||
FROM alpine:3.21.3
|
||||
|
||||
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
|
||||
LABEL ImageName=""
|
||||
LABEL ImageName="quay.io/wollud1969/exim-docker"
|
||||
|
||||
# domain to be used in sender address of sent mails
|
||||
ENV LOCALMAILNAME=""
|
||||
# smarthost to send mail to
|
||||
ENV SMARTHOST=""
|
||||
# recipient addresses for root aliases, separate multiple addresses by space
|
||||
ENV ROOT=""
|
||||
ENV SMARTHOST_USER=""
|
||||
ENV SMARTHOST_PASS=""
|
||||
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
|
||||
ENV RELAYNETS=""
|
||||
ENV RELAYNETS="127.0.0.1/32"
|
||||
# whitelist of recipient domains, colon-separated, if empty all no restrictions
|
||||
ENV WHITELISTED_RECIPIENTS=""
|
||||
|
||||
RUN \
|
||||
apt update && \
|
||||
apt upgrade -y --autoremove && \
|
||||
apt install -y exim4-daemon-light ca-certificates curl && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY update-exim4.conf.tmpl /etc/exim4/
|
||||
COPY aliases.tmpl /etc/exim4/
|
||||
COPY adjust-config.sh /etc/exim4/
|
||||
COPY start.sh /etc/exim4/
|
||||
RUN apk add --no-cache exim m4
|
||||
|
||||
WORKDIR /etc/exim4
|
||||
COPY exim.conf.m4 /etc/exim
|
||||
COPY start.sh /etc/exim
|
||||
|
||||
WORKDIR /etc/exim
|
||||
|
||||
EXPOSE 25
|
||||
|
||||
CMD [ "./start.sh" ]
|
||||
#CMD [ "/usr/bin/m4 exim.conf.m4 > exim.conf && /usr/sbin/exim -bd -q15m -v" ]
|
||||
|
||||
|
||||
|
||||
|
@ -1,15 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
cat update-exim4.conf.tmpl \
|
||||
| sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
|
||||
-e 's#%RELAYNETS%#'$RELAYNETS'#' \
|
||||
-e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
|
||||
-e 's/%SMARTHOST%/'$SMARTHOST'/' \
|
||||
> update-exim4.conf.conf
|
||||
cat aliases.tmpl \
|
||||
| sed -e 's/%ROOT%/'"$ROOT"'/' \
|
||||
> ../aliases && \
|
||||
newaliases
|
||||
|
||||
/usr/sbin/update-exim4.conf -v
|
||||
|
14
aliases.tmpl
14
aliases.tmpl
@ -1,14 +0,0 @@
|
||||
mailer-daemon: postmaster
|
||||
postmaster: root
|
||||
nobody: root
|
||||
hostmaster: root
|
||||
usenet: root
|
||||
news: root
|
||||
webmaster: root
|
||||
www: root
|
||||
ftp: root
|
||||
abuse: root
|
||||
noc: root
|
||||
security: root
|
||||
root: %ROOT%
|
||||
|
16
examples/deploy.sh
Executable file
16
examples/deploy.sh
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
kubectl create secret generic smtp-secrets \
|
||||
--dry-run=client \
|
||||
-o yaml \
|
||||
--save-config \
|
||||
--from-literal=SMARTHOST="smtprelaypool.ispgateway.de" \
|
||||
--from-literal=SMARTHOST_USER="pseudosmarthostuser@hottis.de" \
|
||||
--from-literal=SMARTHOST_PASS="$SMARTHOST_PASSWORD" \
|
||||
--from-literal=RELAY_NETWORKS=":10.0.0.0/8" | \
|
||||
kubectl apply -n system -f -
|
||||
|
||||
kubectl apply -n system -f deploy.yml
|
||||
|
||||
|
44
examples/deploy.yml
Normal file
44
examples/deploy.yml
Normal file
@ -0,0 +1,44 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
labels:
|
||||
app: smtp
|
||||
annotations:
|
||||
secret.reloader.stakater.com/reload: smtp-secrets
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: smtp
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: smtp
|
||||
spec:
|
||||
containers:
|
||||
- name: smtp
|
||||
image: quay.io/wollud1969/exim-docker:0.3.2
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: smtp-secrets
|
||||
ports:
|
||||
- containerPort: 25
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: smtp
|
||||
ports:
|
||||
- name: smtp
|
||||
protocol: TCP
|
||||
port: 25
|
||||
targetPort: 25
|
||||
|
25
examples/start-mailer.sh
Normal file
25
examples/start-mailer.sh
Normal file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.0.9
|
||||
MAILER_NETWORK=mailer-network
|
||||
|
||||
|
||||
docker network inspect $MAILER_NETWORK > /dev/null || docker network create $MAILER_NETWORK
|
||||
|
||||
|
||||
if [ "$RELAYNETS" = "" ]; then
|
||||
RELAYNETS=`docker network inspect $MAILER_NETWORK --format '{{ (index .IPAM.Config 0).Subnet }}'`
|
||||
fi
|
||||
|
||||
|
||||
docker run \
|
||||
-d \
|
||||
-e SMARTHOST=smarthost.example.com \
|
||||
-e LOCALMAILNAME=example.com \
|
||||
-e RELAYNETS=$RELAYNETS \
|
||||
--network $MAILER_NETWORK \
|
||||
--name mailer \
|
||||
--restart always \
|
||||
$IMAGE
|
||||
|
74
exim.conf.m4
Normal file
74
exim.conf.m4
Normal file
@ -0,0 +1,74 @@
|
||||
dnl values
|
||||
define(`HOSTNAME', esyscmd(`echo -n $HOSTNAME'))dnl
|
||||
define(`LOCALMAILNAME', esyscmd(`echo -n $LOCALMAILNAME'))dnl
|
||||
define(`SMARTHOST', esyscmd(`echo -n $SMARTHOST'))dnl
|
||||
define(`SMARTHOST_USER', esyscmd(`echo -n $SMARTHOST_USER'))dnl
|
||||
define(`SMARTHOST_PASS', esyscmd(`echo -n $SMARTHOST_PASS'))dnl
|
||||
define(`RELAYNETS', esyscmd(`echo -n $RELAYNETS'))dnl
|
||||
define(`WHITELISTED_RECIPIENTS', esyscmd(`echo -n $WHITELISTED_RECIPIENTS'))dnl
|
||||
|
||||
|
||||
ifelse(SMARTHOST, `', `
|
||||
errprint(`Error: SMARTHOST not set')
|
||||
m4exit(1)
|
||||
')
|
||||
|
||||
ifelse(HOSTNAME, `', `
|
||||
errprint(`Error: HOSTNAME not set')
|
||||
m4exit(1)
|
||||
')
|
||||
|
||||
|
||||
dnl ----------------------------------------------------------------
|
||||
dnl template for exim.conf
|
||||
|
||||
primary_hostname = HOSTNAME
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
|
||||
tls_advertise_hosts =
|
||||
|
||||
begin routers
|
||||
smarthost_route:
|
||||
driver = manualroute
|
||||
domains = *
|
||||
transport = smarthost_smtp
|
||||
route_list = * SMARTHOST
|
||||
|
||||
begin transports
|
||||
smarthost_smtp:
|
||||
driver = smtp
|
||||
port = 25
|
||||
multi_domain
|
||||
ifelse(SMARTHOST_USER, `', `', `dnl
|
||||
hosts_require_auth = *
|
||||
')
|
||||
|
||||
ifelse(SMARTHOST_USER, `', `', `
|
||||
begin authenticators
|
||||
plain:
|
||||
driver = plaintext
|
||||
public_name = PLAIN
|
||||
client_send = ^SMARTHOST_USER^SMARTHOST_PASS
|
||||
|
||||
login:
|
||||
driver = plaintext
|
||||
public_name = LOGIN
|
||||
client_send = : SMARTHOST_USER : SMARTHOST_PASS
|
||||
')
|
||||
|
||||
begin acl
|
||||
acl_check_rcpt:
|
||||
accept
|
||||
hosts = RELAYNETS
|
||||
ifelse(WHITELISTED_RECIPIENTS, `', `', `
|
||||
accept
|
||||
domains = WHITELISTED_RECIPIENTS
|
||||
')
|
||||
deny
|
||||
message = "550 5.7.1 Relaying denied"
|
||||
|
||||
ifelse(LOCALMAILNAME, `', `', `
|
||||
begin rewrite
|
||||
*@* ${1}@LOCALMAILNAME Ffrs
|
||||
')
|
59
readme.md
Normal file
59
readme.md
Normal file
@ -0,0 +1,59 @@
|
||||
# EXIM4 from Debian in a container
|
||||
|
||||
This image can be used to deploy an MTA in a container and connect it to a smarthost to provide the
|
||||
option to send mail from other containers without the need to configure the smarthost in each of them.
|
||||
|
||||
## Configuration
|
||||
|
||||
Four environment variables are used to configure the container:
|
||||
|
||||
* `SMARTHOST`: The is the name of the smarthost. exim within this container will send all mail to this smarthost for further delivery. Make sure the smarthost accepts mail from this container without authentication.
|
||||
* `SMARTHOST_USER`: Login for smarthost. If no authentication is required, skip it.
|
||||
* `SMARTHOST_PASS`: Password for smarthost.
|
||||
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
|
||||
* `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
|
||||
* `WHITELISTED_RECIPIENT`: Colon-separated list of whitelisted recipient domains, if empty no recipient restrictions will be applied
|
||||
|
||||
|
||||
## Deployment
|
||||
|
||||
Typically, don't expose the smtp port of this container to the default network of your Docker installation, otherwise it conflicts with a local MTA on the machine and it would be visible outside of the machine. Create a dedicated docker network, use that one as the default network for this container and connect other containers to that network. Afterwards, you can use the name of this container as smarthost address in the other containers.
|
||||
|
||||
|
||||
## Example start script
|
||||
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.3.2
|
||||
MAILER_NETWORK=mailer-network
|
||||
|
||||
docker network create $MAILER_NETWORK || echo "mailer-network already exists"
|
||||
|
||||
if [ "$RELAYNETS" = "" ]; then
|
||||
RELAYNETS=`docker network inspect $MAILER_NETWORK --format '{{ (index .IPAM.Config 0).Subnet }}'`
|
||||
fi
|
||||
|
||||
docker run \
|
||||
-d \
|
||||
-e SMARTHOST=smarthost.example.com \
|
||||
-e LOCALMAILNAME=krohne.com \
|
||||
-e RELAYNETS=$RELAYNETS \
|
||||
-e WHITELISTED_RECIPIENT="example-recipients.com" \
|
||||
--network $MAILER_NETWORK \
|
||||
--name mailer \
|
||||
--restart always \
|
||||
$IMAGE
|
||||
```
|
||||
|
||||
## Usage in other containers
|
||||
|
||||
Connect other containers to the mailer network:
|
||||
|
||||
```
|
||||
docker network connect mailer-network name_of_other_container
|
||||
```
|
||||
|
||||
Now you can use the name of the mailer container, here `mailer` as smarthost name in that other container.
|
||||
|
||||
|
5
start.sh
5
start.sh
@ -1,5 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
|
||||
./adjust-config.sh
|
||||
exim -bd -q15m -v
|
||||
m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v
|
||||
|
||||
|
@ -1,14 +0,0 @@
|
||||
dc_eximconfig_configtype='satellite'
|
||||
dc_other_hostnames='%HOSTNAME%'
|
||||
dc_local_interfaces='0.0.0.0'
|
||||
dc_readhost='%LOCALMAILNAME%'
|
||||
dc_relay_domains=''
|
||||
dc_minimaldns='false'
|
||||
dc_relay_nets='%RELAYNETS%'
|
||||
dc_smarthost='%SMARTHOST%'
|
||||
CFILEMODE='644'
|
||||
dc_use_split_config='false'
|
||||
dc_hide_mailname='true'
|
||||
dc_mailname_in_oh='true'
|
||||
dc_localdelivery='mail_spool'
|
||||
|
Reference in New Issue
Block a user