cybercinch/docker-smtp
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict dc_relay_nets by default

Browse Source
This commit is contained in:
Jamie Nguyen
2018-07-11 15:35:42 +01:00
parent 577417fac2
commit 6509375f1d
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
stretch/docker-entrypoint.sh
View File

@@ -2,8 +2,15 @@
set -e set -e
CONFDIR=/etc/exim4 CONFDIR=/etc/exim4
# Set smarthost. # By default, send email directly to the recipient.
DC_EXIMCONFIG_CONFIGTYPE="internet" DC_EXIMCONFIG_CONFIGTYPE="internet"
# By default, only hosts on the private network can use the smart host (ie,
# only other containers, not the whole internet); a thin layer of protection
# in case port 25 is accidentally exposed to the public internet.
DC_RELAY_NETS="10.0.0.0/8;172.16.0.0/12;192.168.0.0/16"
# Set smarthost.
if [ "x$RELAY_HOST" != "x" ]; then if [ "x$RELAY_HOST" != "x" ]; then
DC_EXIMCONFIG_CONFIGTYPE="satellite" DC_EXIMCONFIG_CONFIGTYPE="satellite"
DC_SMARTHOST="$RELAY_HOST::${RELAY_PORT:-25}" DC_SMARTHOST="$RELAY_HOST::${RELAY_PORT:-25}"
@@ -12,6 +19,11 @@ if [ "x$RELAY_HOST" != "x" ]; then
fi fi
fi fi
# Set which hosts can use the smart host.
if [ "x$RELAY_NETS" != "x" ]; then
DC_RELAY_NETS="$RELAY_NETS"
fi
# Write exim configuration. # Write exim configuration.
cat << EOF > "$CONFDIR/update-exim4.conf.conf" cat << EOF > "$CONFDIR/update-exim4.conf.conf"
dc_eximconfig_configtype='$DC_EXIMCONFIG_CONFIGTYPE' dc_eximconfig_configtype='$DC_EXIMCONFIG_CONFIGTYPE'
@@ -20,7 +32,7 @@ dc_local_interfaces=''
dc_readhost='' dc_readhost=''
dc_relay_domains='' dc_relay_domains=''
dc_minimaldns='false' dc_minimaldns='false'
dc_relay_nets='0.0.0.0/0' dc_relay_nets='$DC_RELAY_NETS'
dc_smarthost='${DC_SMARTHOST:-}' dc_smarthost='${DC_SMARTHOST:-}'
CFILEMODE='644' CFILEMODE='644'
dc_use_split_config='false' dc_use_split_config='false'