Compare commits

...

26 Commits

Author SHA1 Message Date
edd8a42e2d disable vex warning of trivy
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2025-02-28 21:37:29 +01:00
fe0bd0470c Merge branch 'master' of gitea.hottis.de:wn/exim-docker
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2025-02-28 21:28:26 +01:00
1d92622f21 fix acl definition 2025-02-28 21:28:20 +01:00
16e35505d6
Merge branch 'master' of gitea.hottis.de:wn/exim-docker
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2025-02-28 21:15:29 +01:00
5819107340
add tool 2025-02-28 21:14:33 +01:00
f08937111e Merge branch 'master' of gitea.hottis.de:wn/exim-docker
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2025-02-28 21:03:46 +01:00
dbb79dd567 fix Dockerfile 2025-02-28 21:03:38 +01:00
e1d0f95a72
adjust docu
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2025-02-28 20:15:24 +01:00
a2b000a05b adjust example
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2025-02-28 20:12:13 +01:00
8fbca20ffe add sbom stuff
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2025-02-28 20:07:59 +01:00
0fc12e5f3c update alpine base image
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2025-02-28 20:05:13 +01:00
8502fbd9a1 fix concerning whitelist handling
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2025-02-28 20:03:53 +01:00
7adb4c1fde
whitelist
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
2025-02-28 20:01:44 +01:00
419b775dcb
Merge branch 'master' of gitea.hottis.de:wn/exim-docker
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2025-01-16 11:46:59 +01:00
20c12df5ba
trivy 2025-01-16 11:46:50 +01:00
0225fc26a6 add scan stage in ci script
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2025-01-07 14:27:00 +01:00
e949df8a83 code beautified
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 14:34:08 +01:00
5ae80b4d9b readme updated
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 14:33:11 +01:00
ee5ec605c6 disable starttls
All checks were successful
ci/woodpecker/tag/woodpecker Pipeline was successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 13:37:17 +01:00
3c855b055d disable starttls
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2024-12-21 13:35:41 +01:00
d7ed6afe41 k8s snippets
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 13:32:23 +01:00
b57cc949d3 ignore
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 13:31:11 +01:00
013c0c0859 fixed
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline was successful
2024-12-21 13:00:15 +01:00
8464bf1f41 use m4 for config generation
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-21 12:46:39 +01:00
0bf33c582f auth added
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-20 23:56:43 +01:00
04ad6017e6
image name in dockerfile
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-12-20 23:02:46 +01:00
11 changed files with 263 additions and 49 deletions

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
*~
.*~
ENV
ENV.test
tmp/

View File

@ -13,6 +13,49 @@ steps:
dockerfile: Dockerfile
when:
- event: [push, tag]
scan_image:
image: aquasec/trivy
commands:
- env TRIVY_DISABLE_VEX_NOTICE=1 trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
when:
- event: [push, tag]
generate_sbom:
image: quay.io/wollud1969/woodpecker-helper:0.5.1
environment:
TRIVY_TOKEN:
from_secret: trivy_token
TRIVY_URL:
from_secret: trivy_url
DTRACK_API_KEY:
from_secret: dtrack_api_key
DTRACK_API_URL:
from_secret: dtrack_api_url
commands:
- HOME=/home/`id -nu`
- TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
- |
trivy image \
--server $TRIVY_URL \
--token $TRIVY_TOKEN \
--format cyclonedx \
--scanners license \
--output /tmp/sbom.xml \
$FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA
- cat /tmp/sbom.xml
- |
curl -X "POST" \
-H "Content-Type: multipart/form-data" \
-H "X-Api-Key: $DTRACK_API_KEY" \
-F "autoCreate=true" \
-F "projectName=$CI_REPO" \
-F "projectVersion=$TAG" \
-F "bom=@/tmp/sbom.xml"\
"$DTRACK_API_URL/api/v1/bom"
when:
- event: [push, tag]
build:
image: plugins/kaniko
settings:

View File

@ -1,18 +1,23 @@
FROM alpine:3.21.0
FROM alpine:3.21.3
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
LABEL ImageName=""
LABEL ImageName="quay.io/wollud1969/exim-docker"
# domain to be used in sender address of sent mails
ENV LOCALMAILNAME=""
# smarthost to send mail to
ENV SMARTHOST=""
ENV SMARTHOST_USER=""
ENV SMARTHOST_PASS=""
# ip addresses or networks to allow for relaying, separate multiple ones by semicolon
ENV RELAYNETS=""
ENV RELAYNETS="127.0.0.1/32"
# whitelist of recipient domains, colon-separated, if empty all no restrictions
ENV WHITELISTED_RECIPIENTS=""
RUN apk add --no-cache exim bash
COPY exim.conf.tmpl /etc/exim
RUN apk add --no-cache exim m4
COPY exim.conf.m4 /etc/exim
COPY start.sh /etc/exim
WORKDIR /etc/exim
@ -20,6 +25,7 @@ WORKDIR /etc/exim
EXPOSE 25
CMD [ "./start.sh" ]
#CMD [ "/usr/bin/m4 exim.conf.m4 > exim.conf && /usr/sbin/exim -bd -q15m -v" ]

16
examples/deploy.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
kubectl create secret generic smtp-secrets \
--dry-run=client \
-o yaml \
--save-config \
--from-literal=SMARTHOST="smtprelaypool.ispgateway.de" \
--from-literal=SMARTHOST_USER="pseudosmarthostuser@hottis.de" \
--from-literal=SMARTHOST_PASS="$SMARTHOST_PASSWORD" \
--from-literal=RELAY_NETWORKS=":10.0.0.0/8" | \
kubectl apply -n system -f -
kubectl apply -n system -f deploy.yml

44
examples/deploy.yml Normal file
View File

@ -0,0 +1,44 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: smtp
namespace: system
labels:
app: smtp
annotations:
secret.reloader.stakater.com/reload: smtp-secrets
spec:
replicas: 1
selector:
matchLabels:
app: smtp
template:
metadata:
labels:
app: smtp
spec:
containers:
- name: smtp
image: quay.io/wollud1969/exim-docker:0.3.2
envFrom:
- secretRef:
name: smtp-secrets
ports:
- containerPort: 25
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: smtp
namespace: system
spec:
type: ClusterIP
selector:
app: smtp
ports:
- name: smtp
protocol: TCP
port: 25
targetPort: 25

View File

@ -18,7 +18,6 @@ docker run \
-e SMARTHOST=smarthost.example.com \
-e LOCALMAILNAME=example.com \
-e RELAYNETS=$RELAYNETS \
-e ROOT=root@example.com \
--network $MAILER_NETWORK \
--name mailer \
--restart always \

73
exim.conf.m4 Normal file
View File

@ -0,0 +1,73 @@
dnl values
define(`HOSTNAME', esyscmd(`echo -n $HOSTNAME'))dnl
define(`LOCALMAILNAME', esyscmd(`echo -n $LOCALMAILNAME'))dnl
define(`SMARTHOST', esyscmd(`echo -n $SMARTHOST'))dnl
define(`SMARTHOST_USER', esyscmd(`echo -n $SMARTHOST_USER'))dnl
define(`SMARTHOST_PASS', esyscmd(`echo -n $SMARTHOST_PASS'))dnl
define(`RELAYNETS', esyscmd(`echo -n $RELAYNETS'))dnl
define(`WHITELISTED_RECIPIENTS', esyscmd(`echo -n $WHITELISTED_RECIPIENTS'))dnl
ifelse(SMARTHOST, `', `
errprint(`Error: SMARTHOST not set')
m4exit(1)
')
ifelse(HOSTNAME, `', `
errprint(`Error: HOSTNAME not set')
m4exit(1)
')
dnl ----------------------------------------------------------------
dnl template for exim.conf
primary_hostname = HOSTNAME
acl_smtp_rcpt = acl_check_rcpt
tls_advertise_hosts =
begin routers
smarthost_route:
driver = manualroute
domains = *
transport = smarthost_smtp
route_list = * SMARTHOST
begin transports
smarthost_smtp:
driver = smtp
port = 25
multi_domain
ifelse(SMARTHOST_USER, `', `', `dnl
hosts_require_auth = *
')
ifelse(SMARTHOST_USER, `', `', `
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
client_send = ^SMARTHOST_USER^SMARTHOST_PASS
login:
driver = plaintext
public_name = LOGIN
client_send = : SMARTHOST_USER : SMARTHOST_PASS
')
begin acl
acl_check_rcpt:
accept
hosts = RELAYNETS
ifelse(WHITELISTED_RECIPIENTS, `', `', `
domains = WHITELISTED_RECIPIENTS
')
deny
message = "550 5.7.1 Relaying denied"
ifelse(LOCALMAILNAME, `', `', `
begin rewrite
*@* ${1}@LOCALMAILNAME Ffrs
')

View File

@ -1,28 +0,0 @@
primary_hostname = %HOSTNAME%
qualify_domain = %LOCALMAILNAME%
acl_smtp_rcpt = acl_check_rcpt
begin routers
smarthost_route:
driver = manualroute
domains = *
transport = smarthost_smtp
route_list = * %SMARTHOST%
begin transports
smarthost_smtp:
driver = smtp
port = 25
multi_domain
begin acl
acl_check_rcpt:
accept
hosts = %RELAYNETS%
deny
message = "Relaying denied"
begin rewrite
*@* ${1}@${qualify_domain} Ffrs

View File

@ -8,9 +8,11 @@ option to send mail from other containers without the need to configure the smar
Four environment variables are used to configure the container:
* `SMARTHOST`: The is the name of the smarthost. exim within this container will send all mail to this smarthost for further delivery. Make sure the smarthost accepts mail from this container without authentication.
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail.
* `SMARTHOST_USER`: Login for smarthost. If no authentication is required, skip it.
* `SMARTHOST_PASS`: Password for smarthost.
* `LOCALMAILNAME`: The domain name which shall be used as the domain part of the sender address in every outgoing mail. If not required, skip it.
* `RELAYNETS`: Networks exim in this container accepts for relaying. Separate multiple networks by semicolon.
* `ROOT`: Addresses to forward root mail to. Separate multiple addresses by space.
* `WHITELISTED_RECIPIENT`: Colon-separated list of whitelisted recipient domains, if empty no recipient restrictions will be applied
## Deployment
@ -23,7 +25,7 @@ Typically, don't expose the smtp port of this container to the default network o
```
#!/bin/bash
IMAGE=quay.io/wollud1969/exim-docker:0.0.9
IMAGE=quay.io/wollud1969/exim-docker:0.3.2
MAILER_NETWORK=mailer-network
docker network create $MAILER_NETWORK || echo "mailer-network already exists"
@ -37,7 +39,7 @@ docker run \
-e SMARTHOST=smarthost.example.com \
-e LOCALMAILNAME=krohne.com \
-e RELAYNETS=$RELAYNETS \
-e ROOT=root@example.com \
-e WHITELISTED_RECIPIENT="example-recipients.com" \
--network $MAILER_NETWORK \
--name mailer \
--restart always \
@ -54,3 +56,4 @@ docker network connect mailer-network name_of_other_container
Now you can use the name of the mailer container, here `mailer` as smarthost name in that other container.

View File

@ -1,13 +1,4 @@
#!/bin/bash
#!/bin/sh
rm exim.conf
cat exim.conf.tmpl \
| sed -e 's/%HOSTNAME%/'$HOSTNAME'/' \
-e 's#%RELAYNETS%#'$RELAYNETS'#' \
-e 's/%LOCALMAILNAME%/'$LOCALMAILNAME'/' \
-e 's/%SMARTHOST%/'$SMARTHOST'/' \
> exim.conf
exim -bd -q15m -v
m4 exim.conf.m4 > exim.conf && exim -bd -q15m -v

64
tools/smtp-dialog.exp Executable file
View File

@ -0,0 +1,64 @@
#!/usr/bin/expect
package require base64
# SMTP-Server und Port definieren
set smtp_server "localhost"
set smtp_port "25"
set timeout 25
# Absender, Empfänger und Nachricht
set sender $env(SMTP_SENDER)
set recipient "test@hottis.de"
set message "Subject: Test Email\r\n\r\nThis is a test email sent via an expect script."
set smtp_user $env(SMTP_USER)
set smtp_pass $env(SMTP_PASS)
set smtp_user_64 [base64::encode $smtp_user]
set smtp_pass_64 [base64::encode $smtp_pass]
# Verbindung herstellen
spawn nc -C $smtp_server $smtp_port
# Begrüßung vom Server erwarten
expect "220 *"
# HELO/EHLO senden
send "EHLO de01rdsi01.krohnegroup.com\n"
expect "250 *"
send "AUTH LOGIN\n"
expect "334 VXNlcm5hbWU6"
send "$smtp_user_64\n"
expect "334 UGFzc3dvcmQ6"
send "$smtp_pass_64\n"
expect "235 2.7.0 Authentication successful"
# Absender definieren
send "MAIL FROM:<$sender>\n"
expect "250 *"
# Empfänger definieren
send "RCPT TO:<$recipient>\n"
expect "250 *"
# Datenübertragung starten
send "DATA\n"
expect "354 *"
# Nachricht senden und Übertragung abschließen
send "$message\n.\n"
expect "250 *"
# Verbindung schließen
send "QUIT\n"
expect "221 *"
# Beenden
interact