FROM debian:buster-slim
# hadolint ignore=DL3008,DL4006
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        exim4-daemon-heavy \
        fakeroot \
        libcap2-bin \
        patch \
        procps \
        spf-tools-perl \
        ssl-cert \
        time \
    && \
    usermod -aG ssl-cert Debian-exim && \
    install -d -m 750 -o Debian-exim -g Debian-exim /run/exim4 && \
    install -o Debian-exim -g Debian-exim -m 644 /dev/null /etc/mailname && \
    install -d -o Debian-exim -g ssl-cert -m 710 /etc/ssl/private && \
    install -d -o Debian-exim -g root -m 755 /etc/ssl/certs && \
    install -d -o Debian-exim -g Debian-exim -m 755 /var/lib/exim4/ && \
    install -o root -g ssl-cert -m 664 /dev/null /etc/ssl/certs/ssl-cert-snakeoil.pem && \
    install -o root -g ssl-cert -m 664 /dev/null /etc/ssl/private/ssl-cert-snakeoil.key && \
    install -o root -g ssl-cert -m 664 /dev/null /usr/share/exim4/dh.pem && \
    setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/exim4 && \
    rm -rf /usr/share/exim4/dh.pem /var/lib/exim4/config.autogenerated /etc/exim4/* && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=root:root entrypoint /usr/local/bin/
COPY --chown=Debian-exim:Debian-exim aliases /etc/aliases
COPY --chown=root:root exim4.conf /etc/exim4/exim4.conf
RUN ls -l /etc/exim4/exim4.conf && exim4 -bV
#USER Debian-exim
WORKDIR /var/spool/exim4
ENTRYPOINT ["entrypoint"]
CMD ["/usr/sbin/exim4", "-bdf", "-q30m", "-v"]
EXPOSE 25 587
HEALTHCHECK CMD exiwhat || exit 1
