Heiko Schlittermann (HS12-RIPE)
b18e40809c
commit 511d4e85c8e2e8a3521ae428e08bb02274242364
Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Sun Jan 4 10:41:04 2026 +0100
new: strip down to the bare minimum OCI image
No magic install routines and such. See the compagnion repo
https://git.schlittermann.de/heiko/exim-container-shell
commit 76d7442d214a2b8c6cf8e57471c9d8ef7b82f08c
Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Sat Jan 3 16:42:34 2026 +0100
registry: oci.schlittermann.de
commit 6b28712572d140ab816be8a9e9051f00aceb428c
Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Fri Jan 2 23:55:42 2026 +0100
debian: build package
commit
|
||
|---|---|---|
| assets | ||
| doc | ||
| ex | ||
| exim-src@d46a672779 | ||
| system-integration | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| .gitmodules | ||
| Dockerfile | ||
| Makefile | ||
| README.md | ||
Run Exim via Docker / Podman
Using a container environment like Docker or Podman for running Exim does not imply anything like Swarm, Compose, Kubernetes or similar. Though it can be understood as a first step towards such scalable environment. But definitively there is nothing forcing you do go this step.
Rationale
Exim has a versatile built time config. Depending on your target's operating system variant (distribution, version, …) dependency issues might arise for custom builds.
Containerization provides a high isolation level between the target host OS and the application. Libraries inside the containerized application do not conflict with libraries of the host operating system.
This isolation provides pros and cons.
Outline
Using container technology does not imply using Kubernetes or any other scaling technologies. By its very heart, we're still using a single Exim instance on a single host.
The Exim binary runs under control of the container runtime. A limited subset of files and directories of the host system will be mounted into the running container, and the running container will listen on a limited set of host ports:
-----------[host os]---------------------------------
,--[container runtime]------.
| |
| ,-[Exim container]-. |
| | | |
25/tcp --+ application +-- /var/spool/exim (rw)
465/tcp --+ • tools +-- /var/log/exim (rw)
587/tcp --+ • libraries +-- /etc/exim (ro)
| `------------------' |
`--------------------------'
The container gets started and shut down by a Systemd service.
Tools like exigrep are installed inside the container and run inside
the container (no interaction with the host OS, except for the mounted
directories).
Wrapper scripts are installed on the host, which allow transparent
execution of these tools. Basically these wrapper scripts run podman exec exim exigrep …
Pros
The container image build process is independent on the target operation system. The build can be done on any host with a container build toolchain installed and can use any (Linux) environment which fits the application's build requirements. (We use Debian, though Fedora would be an other good starting point. The development of Exim is done using Fedora and Debian.)
The container image can be updated independent on updates of the host OS, as long as the container's runtime environment is supported (We're focusing on Podman, as this is a native RedHat component.)
Tools for running the containerized application can be installed inside, or can even be provided already pre-bundled with the container image.
Cons
There a no dependencies between the host's environment (library versions) and the the containerized application. Updates of the containerized application are not covered by normal OS updates.
Responsibility for application (and supporting libraries) updates now shifts to the provider of the container image. (This itself can be seen as a con, as the "os team" can do OS updates w/o aligment with the "application team".)
Admin access to the containerized application and its helper scripts requires an additional layer of execution. Though this can be scripted and is as transparent as possible.
Requirements
The only hard requirement is a container runtime, preferably Podman. It is provided by all major distributions, including RedHat.
For an easy installation and update process, a container image registry is highly recommended.
Execution
Just run ${container} run --rm exim to get the Exim instance running
(and stopping). It behaves like any nativ Exim on the host would behave.
For normal operation you need to mount volumes from the host to the container:
- config:
- either a single config file:
/etc/exim/exim.conf - or a complete directory:
/etc/exim
- either a single config file:
- log dir:
/var/log/exim(ownership will adjusted to the exim runtime user and group) - spool dir:
/var/spool/exim(ownership will adjusted to the exim runtime user and group) - lib dir:
/var/lib/exim(ownership won't be touched, should probably be read only)
More: details on running the image standalone.
Build
In case you need to re-build the image(s): details.
Install
Please see the install guide
Rootless
wip
- required packages:
- uidmap
Compose
For Podman: enable a compose provider: example.