[exim.git] / test / confs / 3820

# Exim test configuration 3820

SERVER=

.ifdef TRUSTED
.include DIR/aux-var/tls_conf_prefix
.else
.include DIR/aux-var/std_conf_prefix
.endif

primary_hostname = myhost.test.ex
tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}

# ----- Main settings -----

acl_smtp_rcpt = accept
queue_only


begin routers

client_r:
  driver =	accept
  condition =	${if !eq {SERVER}{server}}
  transport =	smtp

begin transports

smtp:
  driver =		smtp
  hosts =		127.0.0.1
  allow_localhost
  port =		PORT_D
.ifdef TRUSTED
  hosts_require_tls =	*
  tls_verify_certificates = DIR/aux-fixed/cert1
  tls_verify_cert_hostnames = :
.endif
  hosts_require_auth =	*

# ----- Authentication -----

begin authenticators

.ifndef TRUSTED
sasl1:
  driver =		gsasl
  public_name =		ANONYMOUS
  server_set_id =	$auth1
  server_condition =	true

sasl2:
  driver =		gsasl
  public_name =		PLAIN
  server_set_id =	$auth1
  server_condition =	${if eq {$auth3}{pencil}}

  client_condition =	${if eq {plain}{$local_part}}
  client_username =	ph10
  client_password =	pencil
.endif

sasl3:
  driver =		gsasl
.ifdef TRUSTED
  public_name =		SCRAM-SHA-1-PLUS
  server_advertise_condition =	${if def:tls_in_cipher}
  server_channelbinding =	true
.else
  public_name =		SCRAM-SHA-1
.endif

  # will need to give library salt, stored-key, server-key, itercount
  #
  # sigh
  # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT.  It _might_ take
  # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.

  # unclear if the salt is given in binary or base64 to the library
  server_scram_salt =	QSXCR+Q6sek8bf92
  server_password =	pencil
  server_condition =	true
  server_set_id =	$auth1

  client_condition =	${if eq {scram_sha_1}{$local_part}}
  client_username =	ph10
  client_password =	pencil
.ifdef TRUSTED
  client_channelbinding = true
.endif

.ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
sasl4:
  driver =		gsasl
.ifdef TRUSTED
  public_name =		SCRAM-SHA-256-PLUS
  server_advertise_condition =	${if def:tls_in_cipher}
  server_channelbinding =	true
.else
  public_name =		SCRAM-SHA-256
.endif

  server_scram_salt =	QSXCR+Q6sek8bf92
  server_password =	pencil
  server_condition =	true
  server_set_id =	$auth1

  client_condition =	${if eq {scram_sha_256}{$local_part}}
  client_username =	ph10
  client_password =	pencil
.ifdef TRUSTED
  client_channelbinding = true
.endif
.endif


# End
Commit	Line	Data
98eb9592 JH	1	# Exim test configuration 3820
	2
	3	SERVER=
	4
14a806d6 JH	5	.ifdef TRUSTED
	6	.include DIR/aux-var/tls_conf_prefix
	7	.else
98eb9592	8	.include DIR/aux-var/std_conf_prefix
14a806d6	9	.endif
98eb9592 JH	10
98eb9592 JH	11	primary_hostname = myhost.test.ex
14a806d6	12	tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
98eb9592 JH	13
	14	# ----- Main settings -----
	15
14a806d6 JH	16	acl_smtp_rcpt = accept
	17	queue_only
	18
	19
	20	begin routers
	21
	22	client_r:
	23	driver = accept
	24	condition = ${if !eq {SERVER}{server}}
	25	transport = smtp
	26
	27	begin transports
	28
	29	smtp:
fdc7c95e JH	30	driver = smtp
fdc7c95e JH	31	hosts = 127.0.0.1
14a806d6	32	allow_localhost
fdc7c95e	33	port = PORT_D
14a806d6	34	.ifdef TRUSTED
fdc7c95e	35	hosts_require_tls = *
14a806d6 JH	36	tls_verify_certificates = DIR/aux-fixed/cert1
	37	tls_verify_cert_hostnames = :
	38	.endif
fdc7c95e	39	hosts_require_auth = *
98eb9592 JH	40
	41	# ----- Authentication -----
	42
	43	begin authenticators
	44
14a806d6	45	.ifndef TRUSTED
98eb9592	46	sasl1:
fdc7c95e JH	47	driver = gsasl
fdc7c95e JH	48	public_name = ANONYMOUS
98eb9592 JH	49	server_set_id = $auth1
	50	server_condition = true
	51
	52	sasl2:
fdc7c95e JH	53	driver = gsasl
fdc7c95e JH	54	public_name = PLAIN
98eb9592	55	server_set_id = $auth1
14a806d6 JH	56	server_condition = ${if eq {$auth3}{pencil}}
	57
	58	client_condition = ${if eq {plain}{$local_part}}
	59	client_username = ph10
	60	client_password = pencil
	61	.endif
98eb9592 JH	62
98eb9592 JH	63	sasl3:
fdc7c95e	64	driver = gsasl
14a806d6	65	.ifdef TRUSTED
fdc7c95e	66	public_name = SCRAM-SHA-1-PLUS
14a806d6 JH	67	server_advertise_condition = ${if def:tls_in_cipher}
	68	server_channelbinding = true
	69	.else
fdc7c95e	70	public_name = SCRAM-SHA-1
14a806d6	71	.endif
98eb9592 JH	72
	73	# will need to give library salt, stored-key, server-key, itercount
	74	#
	75	# sigh
	76	# gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take
	77	# a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
	78
98eb9592 JH	79	# unclear if the salt is given in binary or base64 to the library
	80	server_scram_salt = QSXCR+Q6sek8bf92
	81	server_password = pencil
98eb9592 JH	82	server_condition = true
	83	server_set_id = $auth1
	84
14a806d6 JH	85	client_condition = ${if eq {scram_sha_1}{$local_part}}
	86	client_username = ph10
	87	client_password = pencil
	88	.ifdef TRUSTED
	89	client_channelbinding = true
	90	.endif
	91
fdc7c95e JH	92	.ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
	93	sasl4:
	94	driver = gsasl
	95	.ifdef TRUSTED
	96	public_name = SCRAM-SHA-256-PLUS
	97	server_advertise_condition = ${if def:tls_in_cipher}
	98	server_channelbinding = true
	99	.else
	100	public_name = SCRAM-SHA-256
	101	.endif
	102
	103	server_scram_salt = QSXCR+Q6sek8bf92
	104	server_password = pencil
	105	server_condition = true
	106	server_set_id = $auth1
	107
	108	client_condition = ${if eq {scram_sha_256}{$local_part}}
	109	client_username = ph10
	110	client_password = pencil
	111	.ifdef TRUSTED
	112	client_channelbinding = true
	113	.endif
	114	.endif
	115
98eb9592 JH	116
98eb9592 JH	117	# End