Commit | Line | Data |
---|---|---|
98eb9592 JH |
1 | # Exim test configuration 3820 |
2 | ||
3 | SERVER= | |
4 | ||
14a806d6 JH |
5 | .ifdef TRUSTED |
6 | .include DIR/aux-var/tls_conf_prefix | |
7 | .else | |
98eb9592 | 8 | .include DIR/aux-var/std_conf_prefix |
14a806d6 | 9 | .endif |
98eb9592 JH |
10 | |
11 | primary_hostname = myhost.test.ex | |
14a806d6 | 12 | tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} |
98eb9592 JH |
13 | |
14 | # ----- Main settings ----- | |
15 | ||
14a806d6 JH |
16 | acl_smtp_rcpt = accept |
17 | queue_only | |
18 | ||
19 | ||
20 | begin routers | |
21 | ||
22 | client_r: | |
23 | driver = accept | |
24 | condition = ${if !eq {SERVER}{server}} | |
25 | transport = smtp | |
26 | ||
27 | begin transports | |
28 | ||
29 | smtp: | |
fdc7c95e JH |
30 | driver = smtp |
31 | hosts = 127.0.0.1 | |
14a806d6 | 32 | allow_localhost |
fdc7c95e | 33 | port = PORT_D |
14a806d6 | 34 | .ifdef TRUSTED |
fdc7c95e | 35 | hosts_require_tls = * |
14a806d6 JH |
36 | tls_verify_certificates = DIR/aux-fixed/cert1 |
37 | tls_verify_cert_hostnames = : | |
38 | .endif | |
fdc7c95e | 39 | hosts_require_auth = * |
98eb9592 JH |
40 | |
41 | # ----- Authentication ----- | |
42 | ||
43 | begin authenticators | |
44 | ||
14a806d6 | 45 | .ifndef TRUSTED |
98eb9592 | 46 | sasl1: |
fdc7c95e JH |
47 | driver = gsasl |
48 | public_name = ANONYMOUS | |
98eb9592 JH |
49 | server_set_id = $auth1 |
50 | server_condition = true | |
51 | ||
52 | sasl2: | |
fdc7c95e JH |
53 | driver = gsasl |
54 | public_name = PLAIN | |
98eb9592 | 55 | server_set_id = $auth1 |
14a806d6 JH |
56 | server_condition = ${if eq {$auth3}{pencil}} |
57 | ||
58 | client_condition = ${if eq {plain}{$local_part}} | |
59 | client_username = ph10 | |
60 | client_password = pencil | |
61 | .endif | |
98eb9592 JH |
62 | |
63 | sasl3: | |
fdc7c95e | 64 | driver = gsasl |
14a806d6 | 65 | .ifdef TRUSTED |
fdc7c95e | 66 | public_name = SCRAM-SHA-1-PLUS |
14a806d6 JH |
67 | server_advertise_condition = ${if def:tls_in_cipher} |
68 | server_channelbinding = true | |
69 | .else | |
fdc7c95e | 70 | public_name = SCRAM-SHA-1 |
14a806d6 | 71 | .endif |
98eb9592 JH |
72 | |
73 | # will need to give library salt, stored-key, server-key, itercount | |
74 | # | |
75 | # sigh | |
76 | # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take | |
77 | # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode. | |
78 | ||
98eb9592 JH |
79 | # unclear if the salt is given in binary or base64 to the library |
80 | server_scram_salt = QSXCR+Q6sek8bf92 | |
81 | server_password = pencil | |
98eb9592 JH |
82 | server_condition = true |
83 | server_set_id = $auth1 | |
84 | ||
14a806d6 JH |
85 | client_condition = ${if eq {scram_sha_1}{$local_part}} |
86 | client_username = ph10 | |
87 | client_password = pencil | |
88 | .ifdef TRUSTED | |
89 | client_channelbinding = true | |
90 | .endif | |
91 | ||
fdc7c95e JH |
92 | .ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256 |
93 | sasl4: | |
94 | driver = gsasl | |
95 | .ifdef TRUSTED | |
96 | public_name = SCRAM-SHA-256-PLUS | |
97 | server_advertise_condition = ${if def:tls_in_cipher} | |
98 | server_channelbinding = true | |
99 | .else | |
100 | public_name = SCRAM-SHA-256 | |
101 | .endif | |
102 | ||
103 | server_scram_salt = QSXCR+Q6sek8bf92 | |
104 | server_password = pencil | |
105 | server_condition = true | |
106 | server_set_id = $auth1 | |
107 | ||
108 | client_condition = ${if eq {scram_sha_256}{$local_part}} | |
109 | client_username = ph10 | |
110 | client_password = pencil | |
111 | .ifdef TRUSTED | |
112 | client_channelbinding = true | |
113 | .endif | |
114 | .endif | |
115 | ||
98eb9592 JH |
116 | |
117 | # End |