Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
c1a54b5cc0
|
|||
|
a156b54c1f
|
|||
|
0a65e0e7db
|
|||
|
cd9adb1423
|
|||
|
2cce315ca3
|
|||
|
1c06333c79
|
|||
|
7afcbc2bf1
|
|||
|
f1b14d5974
|
|||
| edd8a42e2d | |||
| fe0bd0470c | |||
| 1d92622f21 | |||
|
16e35505d6
|
|||
|
5819107340
|
|||
| f08937111e | |||
| dbb79dd567 | |||
|
e1d0f95a72
|
|||
| a2b000a05b | |||
| 8fbca20ffe | |||
| 0fc12e5f3c | |||
| 8502fbd9a1 | |||
|
7adb4c1fde
|
@@ -12,13 +12,8 @@ steps:
|
||||
from_secret: container_registry_password
|
||||
dockerfile: Dockerfile
|
||||
when:
|
||||
- event: [push, tag]
|
||||
scan_image:
|
||||
image: aquasec/trivy
|
||||
commands:
|
||||
- trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
|
||||
when:
|
||||
- event: [push, tag]
|
||||
- event: tag
|
||||
|
||||
build:
|
||||
image: plugins/kaniko
|
||||
settings:
|
||||
@@ -33,4 +28,4 @@ steps:
|
||||
from_secret: quay_password
|
||||
dockerfile: Dockerfile
|
||||
when:
|
||||
- event: [tag]
|
||||
- event: tag
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM alpine:3.21.0
|
||||
FROM alpine:3.23.2
|
||||
|
||||
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
|
||||
LABEL ImageName="quay.io/wollud1969/exim-docker"
|
||||
@@ -11,6 +11,9 @@ ENV SMARTHOST_USER=""
|
||||
ENV SMARTHOST_PASS=""
|
||||
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
|
||||
ENV RELAYNETS="127.0.0.1/32"
|
||||
# whitelist of recipient domains, colon-separated, if empty all no restrictions
|
||||
ENV WHITELISTED_RECIPIENTS=""
|
||||
|
||||
|
||||
RUN apk add --no-cache exim m4
|
||||
|
||||
@@ -22,7 +25,6 @@ WORKDIR /etc/exim
|
||||
EXPOSE 25
|
||||
|
||||
CMD [ "./start.sh" ]
|
||||
#CMD [ "/usr/bin/m4 exim.conf.m4 > exim.conf && /usr/sbin/exim -bd -q15m -v" ]
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
labels:
|
||||
app: smtp
|
||||
annotations:
|
||||
@@ -18,7 +19,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: smtp
|
||||
image: quay.io/wollud1969/exim-docker:0.2.1
|
||||
image: quay.io/wollud1969/exim-docker:0.3.4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: smtp-secrets
|
||||
@@ -30,6 +31,7 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
|
||||
24
exim.conf.m4
24
exim.conf.m4
@@ -5,11 +5,8 @@ define(`SMARTHOST', esyscmd(`echo -n $SMARTHOST'))dnl
|
||||
define(`SMARTHOST_USER', esyscmd(`echo -n $SMARTHOST_USER'))dnl
|
||||
define(`SMARTHOST_PASS', esyscmd(`echo -n $SMARTHOST_PASS'))dnl
|
||||
define(`RELAYNETS', esyscmd(`echo -n $RELAYNETS'))dnl
|
||||
define(`WHITELISTED_RECIPIENTS', esyscmd(`echo -n $WHITELISTED_RECIPIENTS'))dnl
|
||||
|
||||
ifelse(SMARTHOST, `', `
|
||||
errprint(`Error: SMARTHOST not set')
|
||||
m4exit(1)
|
||||
')
|
||||
|
||||
ifelse(HOSTNAME, `', `
|
||||
errprint(`Error: HOSTNAME not set')
|
||||
@@ -26,6 +23,19 @@ acl_smtp_rcpt = acl_check_rcpt
|
||||
|
||||
tls_advertise_hosts =
|
||||
|
||||
ifelse(SMARTHOST, `', `dnl
|
||||
# without smarthost
|
||||
begin routers
|
||||
dnslookup:
|
||||
driver = dnslookup
|
||||
domains = *
|
||||
transport = remote_smtp
|
||||
|
||||
begin transports
|
||||
driver = smtp
|
||||
|
||||
', `dnl
|
||||
# with smarthost
|
||||
begin routers
|
||||
smarthost_route:
|
||||
driver = manualroute
|
||||
@@ -54,13 +64,17 @@ login:
|
||||
public_name = LOGIN
|
||||
client_send = : SMARTHOST_USER : SMARTHOST_PASS
|
||||
')
|
||||
')
|
||||
|
||||
begin acl
|
||||
acl_check_rcpt:
|
||||
accept
|
||||
hosts = RELAYNETS
|
||||
ifelse(WHITELISTED_RECIPIENTS, `', `', `
|
||||
domains = WHITELISTED_RECIPIENTS
|
||||
')
|
||||
deny
|
||||
message = "Relaying denied"
|
||||
message = "550 5.7.1 Relaying denied"
|
||||
|
||||
ifelse(LOCALMAILNAME, `', `', `
|
||||
begin rewrite
|
||||
|
||||
@@ -12,8 +12,11 @@ Four environment variables are used to configure the container:
|
||||
* `SMARTHOST_PASS`: Password for smarthost.
|
||||
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
|
||||
* `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
|
||||
* `WHITELISTED_RECIPIENT`: Colon-separated list of whitelisted recipient domains, if empty no recipient restrictions will be applied
|
||||
|
||||
|
||||
If `SMARTHOST` is not given, mail delivery will be done directly via MX lookup instead of using a smarthost.
|
||||
|
||||
## Deployment
|
||||
|
||||
Typically, don't expose the smtp port of this container to the default network of your Docker installation, otherwise it conflicts with a local MTA on the machine and it would be visible outside of the machine. Create a dedicated docker network, use that one as the default network for this container and connect other containers to that network. Afterwards, you can use the name of this container as smarthost address in the other containers.
|
||||
@@ -24,7 +27,7 @@ Typically, don't expose the smtp port of this container to the default network o
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.2.2
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.3.2
|
||||
MAILER_NETWORK=mailer-network
|
||||
|
||||
docker network create $MAILER_NETWORK || echo "mailer-network already exists"
|
||||
@@ -38,6 +41,7 @@ docker run \
|
||||
-e SMARTHOST=smarthost.example.com \
|
||||
-e LOCALMAILNAME=krohne.com \
|
||||
-e RELAYNETS=$RELAYNETS \
|
||||
-e WHITELISTED_RECIPIENT="example-recipients.com" \
|
||||
--network $MAILER_NETWORK \
|
||||
--name mailer \
|
||||
--restart always \
|
||||
|
||||
68
tools/smtp-dialog.exp
Executable file
68
tools/smtp-dialog.exp
Executable file
@@ -0,0 +1,68 @@
|
||||
#!/usr/bin/expect
|
||||
|
||||
package require base64
|
||||
|
||||
|
||||
# SMTP-Server und Port definieren
|
||||
set smtp_server "172.16.3.33"
|
||||
set smtp_port "25"
|
||||
set timeout 25
|
||||
|
||||
# Absender, Empfänger und Nachricht
|
||||
set sender $env(SMTP_SENDER)
|
||||
set recipient $env(SMTP_RECIPIENT)
|
||||
set message "Subject: Test Email\r\n\r\nThis is a test email sent via an expect script."
|
||||
|
||||
set smtp_user $env(SMTP_USER)
|
||||
set smtp_pass $env(SMTP_PASS)
|
||||
|
||||
set smtp_user_64 [base64::encode $smtp_user]
|
||||
set smtp_pass_64 [base64::encode $smtp_pass]
|
||||
|
||||
|
||||
# Verbindung herstellen
|
||||
spawn nc -C $smtp_server $smtp_port
|
||||
|
||||
# Begrüßung vom Server erwarten
|
||||
expect "220 *"
|
||||
|
||||
# HELO/EHLO senden
|
||||
send "EHLO baikonur\n"
|
||||
expect "250 *"
|
||||
|
||||
if {[info exists smtp_user] && $smtp_user ne ""} {
|
||||
send "AUTH LOGIN\n"
|
||||
expect "334 VXNlcm5hbWU6"
|
||||
|
||||
send "$smtp_user_64\n"
|
||||
expect "334 UGFzc3dvcmQ6"
|
||||
|
||||
send "$smtp_pass_64\n"
|
||||
expect "235 2.7.0 Authentication successful"
|
||||
} else {
|
||||
puts "skip authentication"
|
||||
}
|
||||
|
||||
# Absender definieren
|
||||
send "MAIL FROM:<$sender>\n"
|
||||
expect "250 *"
|
||||
|
||||
# Empfänger definieren
|
||||
send "RCPT TO:<$recipient>\n"
|
||||
expect "250 *"
|
||||
|
||||
# Datenübertragung starten
|
||||
send "DATA\n"
|
||||
expect "354 *"
|
||||
|
||||
# Nachricht senden und Übertragung abschließen
|
||||
send "$message\n.\n"
|
||||
expect "250 *"
|
||||
|
||||
# Verbindung schließen
|
||||
send "QUIT\n"
|
||||
expect "221 *"
|
||||
|
||||
# Beenden
|
||||
interact
|
||||
|
||||
Reference in New Issue
Block a user