enable starttls and generate self-signed certificate

fixes
disable starttls
2024-12-21 14:22:39 +01:00 · 2024-12-21 13:43:41 +01:00 · 2024-12-21 13:37:17 +01:00 · 2024-12-21 13:35:41 +01:00 · 2024-12-21 13:32:23 +01:00 · 2024-12-21 13:31:11 +01:00
8 changed files with 75 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,5 @@
 *~
 .*~
+ENV
+ENV.test
+tmp/
--- a/2
+++ b/2
@ -12,7 +12,7 @@ ENV SMARTHOST_PASS=""
 # ip addresses or networks to allow for relaying, separate multiple ones by semicolon
 ENV RELAYNETS="127.0.0.1/32"

-RUN apk add --no-cache exim m4
+RUN apk add --no-cache exim m4 openssl

 COPY exim.conf.m4 /etc/exim
 COPY start.sh /etc/exim
--- a/9
+++ b/9
@ -1,9 +0,0 @@
-export HOSTNAME=`hostname`
-export LOCALMAILNAME="hottis.de"
-#export LOCALMAILNAME=""
-export SMARTHOST=smtprelaypool.ispgateway.de
-#export SMARTHOST=""
-export SMARTHOST_USER=pseudosmarthostuser@hottis.de 
-#export SMARTHOST_USER="_"
-export SMARTHOST_PASS="Chaediek3Chaer7u" 
-export RELAYNETS="0.0.0.0/0"
--- a/examples/deploy.sh
+++ b/examples/deploy.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+
+kubectl create secret generic smtp-secrets \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=SMARTHOST="smtprelaypool.ispgateway.de" \
+  --from-literal=SMARTHOST_USER="pseudosmarthostuser@hottis.de" \
+  --from-literal=SMARTHOST_PASS="$SMARTHOST_PASSWORD" \
+  --from-literal=RELAYNETS=":10.0.0.0/8" | \
+kubectl apply -n system -f -
+
+kubectl apply -n system -f deploy.yml
+
+
--- a/examples/deploy.yml
+++ b/examples/deploy.yml
@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: smtp
+  labels:
+    app: smtp
+  annotations:
+    secret.reloader.stakater.com/reload: smtp-secrets
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: smtp
+  template:
+    metadata:
+      labels:
+        app: smtp
+    spec:
+      containers:
+        - name: smtp
+          image: quay.io/wollud1969/exim-docker:0.2.2
+          envFrom:
+            - secretRef:
+                name: smtp-secrets
+          ports:
+            - containerPort: 25
+              protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: smtp
+spec:
+  type: ClusterIP
+  selector:
+    app: smtp
+  ports:
+    - name: smtp
+      protocol: TCP
+      port: 25
+      targetPort: 25
+
--- a/exim.conf.m4
+++ b/exim.conf.m4
@ -22,6 +22,9 @@ primary_hostname = HOSTNAME

 acl_smtp_rcpt = acl_check_rcpt

+tls_certificate = /etc/exim/tls.crt
+tls_privatekey = /etc/exim/tls.key
+
 begin routers
 smarthost_route:
  driver = manualroute
--- a/readme.md
+++ b/readme.md
@ -8,9 +8,10 @@ option to send mail from other containers without the need to configure the smar
 Four environment variables are used to configure the container:

 * `SMARTHOST`: The is the name of the smarthost. exim within this container will send all mail to this smarthost for further delivery. Make sure the smarthost accepts mail from this container without authentication.
-* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail.
+* `SMARTHOST_USER`: Login for smarthost. If no authentication is required, skip it.
+* `SMARTHOST_PASS`: Password for smarthost.
+* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
 * `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
-* `ROOT`: Addresses to forward root mail to. Separate multiple addresses by space.


 ## Deployment
@ -23,7 +24,7 @@ Typically, don't expose the smtp port of this container to the default network o
 ```
 #!/bin/bash

-IMAGE=quay.io/wollud1969/exim-docker:0.0.9
+IMAGE=quay.io/wollud1969/exim-docker:0.2.2
 MAILER_NETWORK=mailer-network

 docker network create $MAILER_NETWORK || echo "mailer-network already exists"
@ -37,7 +38,6 @@ docker run \
  -e SMARTHOST=smarthost.example.com \
  -e LOCALMAILNAME=krohne.com \
  -e RELAYNETS=$RELAYNETS \
-  -e ROOT=root@example.com \
  --network $MAILER_NETWORK \
  --name mailer \
  --restart always \
--- a/start.sh
+++ b/start.sh
@ -1,4 +1,9 @@
 #!/bin/sh

-m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v
+openssl genpkey -algorithm RSA -out tls.key && \
+openssl req -new -key tls.key -out tls.csr -subj "/C=DE/CN=$HOSTNAME" && \
+openssl x509 -req -in tls.csr -signkey tls.key -out tls.crt -days 3650 && \
+chown exim tls.key tls.crt && \
+m4 exim.conf.m4 > exim.conf && \
+exim -bd -q15m -v
Author	SHA1	Message	Date
Wolfgang Hottgenroth	267a4954ab	enable starttls and generate self-signed certificate All checks were successful ci/woodpecker/tag/woodpecker Pipeline was successful Details ci/woodpecker/push/woodpecker Pipeline was successful Details	2024-12-21 14:22:39 +01:00
Wolfgang Hottgenroth	81f57a53ce	fixes All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2024-12-21 13:43:41 +01:00
Wolfgang Hottgenroth	ee5ec605c6	disable starttls All checks were successful ci/woodpecker/tag/woodpecker Pipeline was successful Details ci/woodpecker/push/woodpecker Pipeline was successful Details	2024-12-21 13:37:17 +01:00
Wolfgang Hottgenroth	3c855b055d	disable starttls All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details ci/woodpecker/tag/woodpecker Pipeline was successful Details	2024-12-21 13:35:41 +01:00
Wolfgang Hottgenroth	d7ed6afe41	k8s snippets All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2024-12-21 13:32:23 +01:00
Wolfgang Hottgenroth	b57cc949d3	ignore All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2024-12-21 13:31:11 +01:00