Compare commits
26 Commits
Author | SHA1 | Date | |
---|---|---|---|
edd8a42e2d | |||
fe0bd0470c | |||
1d92622f21 | |||
16e35505d6 | |||
5819107340 | |||
f08937111e | |||
dbb79dd567 | |||
e1d0f95a72 | |||
a2b000a05b | |||
8fbca20ffe | |||
0fc12e5f3c | |||
8502fbd9a1 | |||
7adb4c1fde | |||
419b775dcb | |||
20c12df5ba | |||
0225fc26a6 | |||
e949df8a83 | |||
5ae80b4d9b | |||
ee5ec605c6 | |||
3c855b055d | |||
d7ed6afe41 | |||
b57cc949d3 | |||
013c0c0859 | |||
8464bf1f41 | |||
0bf33c582f | |||
04ad6017e6 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1,5 @@
|
||||
*~
|
||||
.*~
|
||||
ENV
|
||||
ENV.test
|
||||
tmp/
|
||||
|
@ -13,6 +13,49 @@ steps:
|
||||
dockerfile: Dockerfile
|
||||
when:
|
||||
- event: [push, tag]
|
||||
|
||||
scan_image:
|
||||
image: aquasec/trivy
|
||||
commands:
|
||||
- env TRIVY_DISABLE_VEX_NOTICE=1 trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
|
||||
when:
|
||||
- event: [push, tag]
|
||||
|
||||
generate_sbom:
|
||||
image: quay.io/wollud1969/woodpecker-helper:0.5.1
|
||||
environment:
|
||||
TRIVY_TOKEN:
|
||||
from_secret: trivy_token
|
||||
TRIVY_URL:
|
||||
from_secret: trivy_url
|
||||
DTRACK_API_KEY:
|
||||
from_secret: dtrack_api_key
|
||||
DTRACK_API_URL:
|
||||
from_secret: dtrack_api_url
|
||||
commands:
|
||||
- HOME=/home/`id -nu`
|
||||
- TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
|
||||
- |
|
||||
trivy image \
|
||||
--server $TRIVY_URL \
|
||||
--token $TRIVY_TOKEN \
|
||||
--format cyclonedx \
|
||||
--scanners license \
|
||||
--output /tmp/sbom.xml \
|
||||
$FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA
|
||||
- cat /tmp/sbom.xml
|
||||
- |
|
||||
curl -X "POST" \
|
||||
-H "Content-Type: multipart/form-data" \
|
||||
-H "X-Api-Key: $DTRACK_API_KEY" \
|
||||
-F "autoCreate=true" \
|
||||
-F "projectName=$CI_REPO" \
|
||||
-F "projectVersion=$TAG" \
|
||||
-F "bom=@/tmp/sbom.xml"\
|
||||
"$DTRACK_API_URL/api/v1/bom"
|
||||
when:
|
||||
- event: [push, tag]
|
||||
|
||||
build:
|
||||
image: plugins/kaniko
|
||||
settings:
|
||||
|
16
Dockerfile
16
Dockerfile
@ -1,18 +1,23 @@
|
||||
FROM alpine:3.21.0
|
||||
FROM alpine:3.21.3
|
||||
|
||||
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
|
||||
LABEL ImageName=""
|
||||
LABEL ImageName="quay.io/wollud1969/exim-docker"
|
||||
|
||||
# domain to be used in sender address of sent mails
|
||||
ENV LOCALMAILNAME=""
|
||||
# smarthost to send mail to
|
||||
ENV SMARTHOST=""
|
||||
ENV SMARTHOST_USER=""
|
||||
ENV SMARTHOST_PASS=""
|
||||
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
|
||||
ENV RELAYNETS=""
|
||||
ENV RELAYNETS="127.0.0.1/32"
|
||||
# whitelist of recipient domains, colon-separated, if empty all no restrictions
|
||||
ENV WHITELISTED_RECIPIENTS=""
|
||||
|
||||
RUN apk add --no-cache exim bash
|
||||
|
||||
COPY exim.conf.tmpl /etc/exim
|
||||
RUN apk add --no-cache exim m4
|
||||
|
||||
COPY exim.conf.m4 /etc/exim
|
||||
COPY start.sh /etc/exim
|
||||
|
||||
WORKDIR /etc/exim
|
||||
@ -20,6 +25,7 @@ WORKDIR /etc/exim
|
||||
EXPOSE 25
|
||||
|
||||
CMD [ "./start.sh" ]
|
||||
#CMD [ "/usr/bin/m4 exim.conf.m4 > exim.conf && /usr/sbin/exim -bd -q15m -v" ]
|
||||
|
||||
|
||||
|
||||
|
16
examples/deploy.sh
Executable file
16
examples/deploy.sh
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
kubectl create secret generic smtp-secrets \
|
||||
--dry-run=client \
|
||||
-o yaml \
|
||||
--save-config \
|
||||
--from-literal=SMARTHOST="smtprelaypool.ispgateway.de" \
|
||||
--from-literal=SMARTHOST_USER="pseudosmarthostuser@hottis.de" \
|
||||
--from-literal=SMARTHOST_PASS="$SMARTHOST_PASSWORD" \
|
||||
--from-literal=RELAY_NETWORKS=":10.0.0.0/8" | \
|
||||
kubectl apply -n system -f -
|
||||
|
||||
kubectl apply -n system -f deploy.yml
|
||||
|
||||
|
44
examples/deploy.yml
Normal file
44
examples/deploy.yml
Normal file
@ -0,0 +1,44 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
labels:
|
||||
app: smtp
|
||||
annotations:
|
||||
secret.reloader.stakater.com/reload: smtp-secrets
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: smtp
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: smtp
|
||||
spec:
|
||||
containers:
|
||||
- name: smtp
|
||||
image: quay.io/wollud1969/exim-docker:0.3.2
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: smtp-secrets
|
||||
ports:
|
||||
- containerPort: 25
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: smtp
|
||||
namespace: system
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: smtp
|
||||
ports:
|
||||
- name: smtp
|
||||
protocol: TCP
|
||||
port: 25
|
||||
targetPort: 25
|
||||
|
@ -18,7 +18,6 @@ docker run \
|
||||
-e SMARTHOST=smarthost.example.com \
|
||||
-e LOCALMAILNAME=example.com \
|
||||
-e RELAYNETS=$RELAYNETS \
|
||||
-e ROOT=root@example.com \
|
||||
--network $MAILER_NETWORK \
|
||||
--name mailer \
|
||||
--restart always \
|
||||
|
73
exim.conf.m4
Normal file
73
exim.conf.m4
Normal file
@ -0,0 +1,73 @@
|
||||
dnl values
|
||||
define(`HOSTNAME', esyscmd(`echo -n $HOSTNAME'))dnl
|
||||
define(`LOCALMAILNAME', esyscmd(`echo -n $LOCALMAILNAME'))dnl
|
||||
define(`SMARTHOST', esyscmd(`echo -n $SMARTHOST'))dnl
|
||||
define(`SMARTHOST_USER', esyscmd(`echo -n $SMARTHOST_USER'))dnl
|
||||
define(`SMARTHOST_PASS', esyscmd(`echo -n $SMARTHOST_PASS'))dnl
|
||||
define(`RELAYNETS', esyscmd(`echo -n $RELAYNETS'))dnl
|
||||
define(`WHITELISTED_RECIPIENTS', esyscmd(`echo -n $WHITELISTED_RECIPIENTS'))dnl
|
||||
|
||||
|
||||
ifelse(SMARTHOST, `', `
|
||||
errprint(`Error: SMARTHOST not set')
|
||||
m4exit(1)
|
||||
')
|
||||
|
||||
ifelse(HOSTNAME, `', `
|
||||
errprint(`Error: HOSTNAME not set')
|
||||
m4exit(1)
|
||||
')
|
||||
|
||||
|
||||
dnl ----------------------------------------------------------------
|
||||
dnl template for exim.conf
|
||||
|
||||
primary_hostname = HOSTNAME
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
|
||||
tls_advertise_hosts =
|
||||
|
||||
begin routers
|
||||
smarthost_route:
|
||||
driver = manualroute
|
||||
domains = *
|
||||
transport = smarthost_smtp
|
||||
route_list = * SMARTHOST
|
||||
|
||||
begin transports
|
||||
smarthost_smtp:
|
||||
driver = smtp
|
||||
port = 25
|
||||
multi_domain
|
||||
ifelse(SMARTHOST_USER, `', `', `dnl
|
||||
hosts_require_auth = *
|
||||
')
|
||||
|
||||
ifelse(SMARTHOST_USER, `', `', `
|
||||
begin authenticators
|
||||
plain:
|
||||
driver = plaintext
|
||||
public_name = PLAIN
|
||||
client_send = ^SMARTHOST_USER^SMARTHOST_PASS
|
||||
|
||||
login:
|
||||
driver = plaintext
|
||||
public_name = LOGIN
|
||||
client_send = : SMARTHOST_USER : SMARTHOST_PASS
|
||||
')
|
||||
|
||||
begin acl
|
||||
acl_check_rcpt:
|
||||
accept
|
||||
hosts = RELAYNETS
|
||||
ifelse(WHITELISTED_RECIPIENTS, `', `', `
|
||||
domains = WHITELISTED_RECIPIENTS
|
||||
')
|
||||
deny
|
||||
message = "550 5.7.1 Relaying denied"
|
||||
|
||||
ifelse(LOCALMAILNAME, `', `', `
|
||||
begin rewrite
|
||||
*@* ${1}@LOCALMAILNAME Ffrs
|
||||
')
|
@ -1,28 +0,0 @@
|
||||
primary_hostname = %HOSTNAME%
|
||||
qualify_domain = %LOCALMAILNAME%
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
|
||||
begin routers
|
||||
smarthost_route:
|
||||
driver = manualroute
|
||||
domains = *
|
||||
transport = smarthost_smtp
|
||||
route_list = * %SMARTHOST%
|
||||
|
||||
begin transports
|
||||
smarthost_smtp:
|
||||
driver = smtp
|
||||
port = 25
|
||||
multi_domain
|
||||
|
||||
begin acl
|
||||
acl_check_rcpt:
|
||||
accept
|
||||
hosts = %RELAYNETS%
|
||||
deny
|
||||
message = "Relaying denied"
|
||||
|
||||
begin rewrite
|
||||
*@* ${1}@${qualify_domain} Ffrs
|
||||
|
11
readme.md
11
readme.md
@ -8,9 +8,11 @@ option to send mail from other containers without the need to configure the smar
|
||||
Four environment variables are used to configure the container:
|
||||
|
||||
* `SMARTHOST`: The is the name of the smarthost. exim within this container will send all mail to this smarthost for further delivery. Make sure the smarthost accepts mail from this container without authentication.
|
||||
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail.
|
||||
* `SMARTHOST_USER`: Login for smarthost. If no authentication is required, skip it.
|
||||
* `SMARTHOST_PASS`: Password for smarthost.
|
||||
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
|
||||
* `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
|
||||
* `ROOT`: Addresses to forward root mail to. Separate multiple addresses by space.
|
||||
* `WHITELISTED_RECIPIENT`: Colon-separated list of whitelisted recipient domains, if empty no recipient restrictions will be applied
|
||||
|
||||
|
||||
## Deployment
|
||||
@ -23,7 +25,7 @@ Typically, don't expose the smtp port of this container to the default network o
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.0.9
|
||||
IMAGE=quay.io/wollud1969/exim-docker:0.3.2
|
||||
MAILER_NETWORK=mailer-network
|
||||
|
||||
docker network create $MAILER_NETWORK || echo "mailer-network already exists"
|
||||
@ -37,7 +39,7 @@ docker run \
|
||||
-e SMARTHOST=smarthost.example.com \
|
||||
-e LOCALMAILNAME=krohne.com \
|
||||
-e RELAYNETS=$RELAYNETS \
|
||||
-e ROOT=root@example.com \
|
||||
-e WHITELISTED_RECIPIENT="example-recipients.com" \
|
||||
--network $MAILER_NETWORK \
|
||||
--name mailer \
|
||||
--restart always \
|
||||
@ -54,3 +56,4 @@ docker network connect mailer-network name_of_other_container
|
||||
|
||||
Now you can use the name of the mailer container, here `mailer` as smarthost name in that other container.
|
||||
|
||||
|
||||
|
13
start.sh
13
start.sh
@ -1,13 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
|
||||
rm exim.conf
|
||||
|
||||
cat exim.conf.tmpl \
|
||||
| sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
|
||||
-e 's#%RELAYNETS%#'$RELAYNETS'#' \
|
||||
-e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
|
||||
-e 's/%SMARTHOST%/'$SMARTHOST'/' \
|
||||
> exim.conf
|
||||
|
||||
exim -bd -q15m -v
|
||||
m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v
|
||||
|
||||
|
64
tools/smtp-dialog.exp
Executable file
64
tools/smtp-dialog.exp
Executable file
@ -0,0 +1,64 @@
|
||||
#!/usr/bin/expect
|
||||
|
||||
package require base64
|
||||
|
||||
|
||||
# SMTP-Server und Port definieren
|
||||
set smtp_server "localhost"
|
||||
set smtp_port "25"
|
||||
set timeout 25
|
||||
|
||||
# Absender, Empfänger und Nachricht
|
||||
set sender $env(SMTP_SENDER)
|
||||
set recipient "test@hottis.de"
|
||||
set message "Subject: Test Email\r\n\r\nThis is a test email sent via an expect script."
|
||||
|
||||
set smtp_user $env(SMTP_USER)
|
||||
set smtp_pass $env(SMTP_PASS)
|
||||
|
||||
set smtp_user_64 [base64::encode $smtp_user]
|
||||
set smtp_pass_64 [base64::encode $smtp_pass]
|
||||
|
||||
|
||||
# Verbindung herstellen
|
||||
spawn nc -C $smtp_server $smtp_port
|
||||
|
||||
# Begrüßung vom Server erwarten
|
||||
expect "220 *"
|
||||
|
||||
# HELO/EHLO senden
|
||||
send "EHLO de01rdsi01.krohnegroup.com\n"
|
||||
expect "250 *"
|
||||
|
||||
send "AUTH LOGIN\n"
|
||||
expect "334 VXNlcm5hbWU6"
|
||||
|
||||
send "$smtp_user_64\n"
|
||||
expect "334 UGFzc3dvcmQ6"
|
||||
|
||||
send "$smtp_pass_64\n"
|
||||
expect "235 2.7.0 Authentication successful"
|
||||
|
||||
# Absender definieren
|
||||
send "MAIL FROM:<$sender>\n"
|
||||
expect "250 *"
|
||||
|
||||
# Empfänger definieren
|
||||
send "RCPT TO:<$recipient>\n"
|
||||
expect "250 *"
|
||||
|
||||
# Datenübertragung starten
|
||||
send "DATA\n"
|
||||
expect "354 *"
|
||||
|
||||
# Nachricht senden und Übertragung abschließen
|
||||
send "$message\n.\n"
|
||||
expect "250 *"
|
||||
|
||||
# Verbindung schließen
|
||||
send "QUIT\n"
|
||||
expect "221 *"
|
||||
|
||||
# Beenden
|
||||
interact
|
||||
|
Loading…
x
Reference in New Issue
Block a user