Skip to content

🐳 A lightweight non-root Docker image for an Exim mail relay, based on Alpine Linux.

License

Notifications You must be signed in to change notification settings

devture/exim-relay

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker Exim Relay Image

License GitHub Tag Docker Pulls

A lightweight Docker image for an Exim mail relay, based on the official Alpine image.

For extra security, the container runs as exim (uid=100 and gid=101), not root.

This is a fork of Industrie&Co's wonderful (but seemingly unmaintained) industrieco/docker-exim-relay image. The following changes have been done on top of it:

  • based on a newer Alpine release (and thus, newer exim)

  • removing Received headers for mail received by exim (helps email deliverability)

Docker

Default setup

This will allow relay from all private address ranges and will relay directly to the internet receiving mail servers

docker run \
       --user=100:101 \
       --name smtp \
       --restart always \
       -e HOSTNAME=my.host.name \
       -d \
       -p 25:8025 \
       docker.io/devture/exim-relay:SOME_TAGGED_RELEASE

Note: we advise setting the hostname using a HOSTNAME environment variable, instead of --hostname. Since Docker 20.10, the latter has the side-effect of making other services on the same Docker network resolve said hostname to the in-container IP address of the mailer container. If you'd rather this hostname resolves to the actual public IP address, avoid using --hostname.

Smarthost setup

To send forward outgoing email to a smart relay host

docker run \
       --user=100:101 \
       --name smtp \
       --restart always \
       -d \
       -p 25:8025 \
       -e HOSTNAME=my.host.name \
       -e SMARTHOST=some.relayhost.name::587 \
       -e SMTP_USERNAME=someuser \
       -e SMTP_PASSWORD=password \
       docker.io/devture/exim-relay:SOME_TAGGED_RELEASE

DKIM setup

To sign outgoing email with DKIM

docker run \
       --user=100:101 \
       --name smtp \
       --restart always \
       -d \
       -p 25:8025 \
       -e HOSTNAME=my.host.name \
       -e SMARTHOST=some.relayhost.name::587 \
       -e SMTP_USERNAME=someuser \
       -e SMTP_PASSWORD=password \
       --mount type=bind,src=/PATH/TO/THE/PRIVATE/KEY.pem,dst=/etc/exim/dkim.pem,ro \ 
       docker.io/devture/exim-relay:SOME_TAGGED_RELEASE

Docker Compose

version: "3.7"

services:
  smtp:
    image: docker.io/devture/exim-relay:SOME_TAGGED_RELEASE
    user: 100:101
    restart: always
    ports:
      - "25:8025"
    environment:
      HOSTNAME: my.host.name
      SMARTHOST: some.relayhost.name::587
      SMTP_USERNAME: someuser
      SMTP_PASSWORD: password

Other Variables

HOSTNAME
  • The hostname that is sent as part of the HELO message.
LOCAL_DOMAINS
  • List (colon separated) of domains that are delivered to the local machine
  • Defaults to the hostname of the local machine
  • Set blank to have no mail delivered locally
RELAY_FROM_HOSTS
  • A list (colon separated) of subnets to allow relay from
  • Set to "*" to allow any host to relay - use this with RELAY_TO_DOMAINS to allow any client to relay to a list of domains
  • Defaults to private address ranges: 10.0.0.0/8:172.16.0.0/12:192.168.0.0/16
RELAY_TO_DOMAINS
  • A list (colon separated) of domains to allow relay to
  • Defaults to "*" to allow relaying to all domains
  • Setting both RELAY_FROM_HOSTS and RELAY_TO_DOMAINS to "*" will make this an open relay
  • Setting both RELAY_FROM_HOSTS and RELAY_TO_DOMAINS to other values will limit which clients can send and who they can send to
RELAY_TO_USERS
  • A whitelist (colon separated) of recipient email addresses to allow relay to
  • This list is processed in addition to the domains in RELAY_TO_DOMAINS
  • Use this for more precise whitelisting of relayable mail
  • Defaults to "" which doesn't whitelist any addresses
DISABLE_SENDER_VERIFICATION

If the environment variable is set, sender address verification will be disabled.

SMARTHOST
  • A relay host to forward all non-local email through
SMTP_USERNAME
  • The username for authentication to the smarthost
SMTP_PASSWORD
  • The password for authentication to the smarthost - leave this blank to disable authenticaion

Docker Secrets

The smarthost password can also be supplied via docker swarm secrets / rancher secrets. Create a secret called SMTP_PASSWORD and don't use the SMTP_PASSWORD environment variable

Debugging

The logs are sent to /dev/stdout and /dev/stderr and can be viewed via docker logs

docker logs smtp
docker logs -f smtp

Exim commands can be run to check the status of the mail server as well

docker exec -ti smtp exim -bp