add scan in ci

.gitignore

@@ -1,5 +1,2 @@
 *~
 .*~
-ENV
-ENV.test
-tmp/

.woodpecker.yml

@@ -28,3 +28,38 @@ steps:
       dockerfile: Dockerfile
     when:
       - event: [tag]
+  scan:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
+    commands:
+      - HOME=/home/`id -nu`
+      - IMAGE=quay.io/wollud1969/exim-docker:$CI_COMMIT_TAG
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              $IMAGE
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$CI_COMMIT_TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"        
+    when:
+      - event: [tag]
+

Dockerfile

@@ -1,20 +1,18 @@
-FROM alpine:3.21.0
+FROM alpine:3.21.3
 
 LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
-LABEL ImageName="quay.io/wollud1969/exim-docker"
+LABEL ImageName=""
 
 # domain to be used in sender address of sent mails
 ENV LOCALMAILNAME=""
 # smarthost to send mail to
 ENV SMARTHOST=""
-ENV SMARTHOST_USER=""
-ENV SMARTHOST_PASS=""
 # ip addresses or networks to allow for relaying, separate multiple ones by semicolon
-ENV RELAYNETS="127.0.0.1/32"
+ENV RELAYNETS=""
 
-RUN apk add --no-cache exim m4 openssl
+RUN apk add --no-cache exim bash
 
-COPY exim.conf.m4 /etc/exim
+COPY exim.conf.tmpl /etc/exim
 COPY start.sh /etc/exim
 
 WORKDIR /etc/exim
@@ -22,7 +20,6 @@ WORKDIR /etc/exim
 EXPOSE 25
 
 CMD [ "./start.sh" ]
-#CMD [ "/usr/bin/m4 exim.conf.m4 > exim.conf && /usr/sbin/exim -bd -q15m -v" ]
 
  
 

examples/deploy.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-
-kubectl create secret generic smtp-secrets \
-  --dry-run=client \
-  -o yaml \
-  --save-config \
-  --from-literal=SMARTHOST="smtprelaypool.ispgateway.de" \
-  --from-literal=SMARTHOST_USER="pseudosmarthostuser@hottis.de" \
-  --from-literal=SMARTHOST_PASS="$SMARTHOST_PASSWORD" \
-  --from-literal=RELAYNETS=":10.0.0.0/8" | \
-kubectl apply -n system -f -
-
-kubectl apply -n system -f deploy.yml
-
-

examples/deploy.yml

@@ -1,42 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: smtp
-  labels:
-    app: smtp
-  annotations:
-    secret.reloader.stakater.com/reload: smtp-secrets
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: smtp
-  template:
-    metadata:
-      labels:
-        app: smtp
-    spec:
-      containers:
-        - name: smtp
-          image: quay.io/wollud1969/exim-docker:0.2.2
-          envFrom:
-            - secretRef:
-                name: smtp-secrets
-          ports:
-            - containerPort: 25
-              protocol: TCP
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: smtp
-spec:
-  type: ClusterIP
-  selector:
-    app: smtp
-  ports:
-    - name: smtp
-      protocol: TCP
-      port: 25
-      targetPort: 25
-

examples/start-mailer.sh

@@ -18,6 +18,7 @@ docker run \
   -e SMARTHOST=smarthost.example.com \
   -e LOCALMAILNAME=example.com \
   -e RELAYNETS=$RELAYNETS \
+  -e ROOT=root@example.com \
   --network $MAILER_NETWORK \
   --name mailer \
   --restart always \

exim.conf.m4

@@ -1,67 +0,0 @@
-dnl values
-define(`HOSTNAME', esyscmd(`echo -n $HOSTNAME'))dnl
-define(`LOCALMAILNAME', esyscmd(`echo -n $LOCALMAILNAME'))dnl
-define(`SMARTHOST', esyscmd(`echo -n $SMARTHOST'))dnl
-define(`SMARTHOST_USER', esyscmd(`echo -n $SMARTHOST_USER'))dnl
-define(`SMARTHOST_PASS', esyscmd(`echo -n $SMARTHOST_PASS'))dnl
-define(`RELAYNETS', esyscmd(`echo -n $RELAYNETS'))dnl
-
-ifelse(SMARTHOST, `', `
-errprint(`Error: SMARTHOST not set')
-m4exit(1)
-')
-
-ifelse(HOSTNAME, `', `
-errprint(`Error: HOSTNAME not set')
-m4exit(1)
-')
-
-dnl template for exim.conf
-
-primary_hostname = HOSTNAME
-
-acl_smtp_rcpt = acl_check_rcpt
-
-tls_certificate = /etc/exim/tls.crt
-tls_privatekey = /etc/exim/tls.key
-
-begin routers
-smarthost_route:
-  driver = manualroute
-  domains = *
-  transport = smarthost_smtp
-  route_list = * SMARTHOST
-
-begin transports
-smarthost_smtp:
-  driver = smtp
-  port = 25
-  multi_domain
-ifelse(SMARTHOST_USER, `', `', `dnl
-  hosts_require_auth = *
-')
-
-ifelse(SMARTHOST_USER, `', `', `
-begin authenticators
-plain:
-  driver = plaintext
-  public_name = PLAIN
-  client_send = ^SMARTHOST_USER^SMARTHOST_PASS
-
-login:
-  driver = plaintext
-  public_name = LOGIN
-  client_send = : SMARTHOST_USER : SMARTHOST_PASS
-')
-
-begin acl
-acl_check_rcpt:
-  accept
-    hosts = RELAYNETS
-  deny
-    message = "Relaying denied"
-
-ifelse(LOCALMAILNAME, `', `', `
-begin rewrite
-*@* ${1}@LOCALMAILNAME Ffrs
-')

exim.conf.tmpl

@@ -0,0 +1,28 @@
+primary_hostname = %HOSTNAME%
+qualify_domain = %LOCALMAILNAME%
+
+acl_smtp_rcpt = acl_check_rcpt
+
+begin routers
+smarthost_route:
+  driver = manualroute
+  domains = *
+  transport = smarthost_smtp
+  route_list = * %SMARTHOST%
+
+begin transports
+smarthost_smtp:
+  driver = smtp
+  port = 25
+  multi_domain
+
+begin acl
+acl_check_rcpt:
+  accept
+    hosts = %RELAYNETS%
+  deny
+    message = "Relaying denied"
+
+begin rewrite
+*@* ${1}@${qualify_domain} Ffrs
+

readme.md

@@ -8,10 +8,9 @@ option to send mail from other containers without the need to configure the smar
 Four environment variables are used to configure the container:
 
 * `SMARTHOST`: The is the name of the smarthost. exim within this container will send all mail to this smarthost for further delivery. Make sure the smarthost accepts mail from this container without authentication.
-* `SMARTHOST_USER`: Login for smarthost. If no authentication is required, skip it.
+* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail.
-* `SMARTHOST_PASS`: Password for smarthost.
-* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
 * `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
+* `ROOT`: Addresses to forward root mail to. Separate multiple addresses by space.
 
 
 ## Deployment
@@ -24,7 +23,7 @@ Typically, don't expose the smtp port of this container to the default network o
 ```
 #!/bin/bash
 
-IMAGE=quay.io/wollud1969/exim-docker:0.2.2
+IMAGE=quay.io/wollud1969/exim-docker:0.0.9
 MAILER_NETWORK=mailer-network
 
 docker network create $MAILER_NETWORK || echo "mailer-network already exists"
@@ -38,6 +37,7 @@ docker run \
   -e SMARTHOST=smarthost.example.com \
   -e LOCALMAILNAME=krohne.com \
   -e RELAYNETS=$RELAYNETS \
+  -e ROOT=root@example.com \
   --network $MAILER_NETWORK \
   --name mailer \
   --restart always \

start.sh

@@ -1,9 +1,13 @@
-#!/bin/sh
+#!/bin/bash
+
+rm exim.conf
+
+cat exim.conf.tmpl \
+  | sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
+        -e 's#%RELAYNETS%#'$RELAYNETS'#' \
+        -e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
+        -e 's/%SMARTHOST%/'$SMARTHOST'/' \
+  > exim.conf 
 
-openssl genpkey -algorithm RSA -out tls.key && \
-openssl req -new -key tls.key -out tls.csr -subj "/C=DE/CN=$HOSTNAME" && \
-openssl x509 -req -in tls.csr -signkey tls.key -out tls.crt -days 3650 && \
-chown exim tls.key tls.crt && \
-m4 exim.conf.m4 > exim.conf && \
 exim -bd -q15m -v