Commit | Line | Data |
---|---|---|
9d1c15ef JH |
1 | # Exim test configuration 5750 (dup of 5760) |
2 | # $tls_out_peercert - GnuTLS | |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
9 | rfc1413_query_timeout = 0s | |
10 | spool_directory = DIR/spool | |
11 | log_file_path = DIR/spool/log/SERVER%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
17 | acl_smtp_rcpt = accept | |
18 | ||
19 | log_selector = +tls_peerdn | |
20 | ||
21 | queue_only | |
22 | queue_run_in_order | |
23 | ||
24 | tls_advertise_hosts = * | |
25 | ||
26 | tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem | |
27 | tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
28 | ||
29 | tls_verify_hosts = * | |
30 | tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem | |
31 | ||
32 | # | |
33 | ||
34 | begin acl | |
35 | logger: | |
36 | warn logwrite = $acl_arg1 $tpda_delivery_local_part | |
37 | warn logwrite = ${if !def:tls_out_ourcert \ | |
38 | {NO CLENT CERT presented} \ | |
39 | {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} | |
40 | accept condition = ${if !def:tls_out_peercert} | |
41 | logwrite = No Peer cert | |
42 | accept logwrite = Peer cert: | |
43 | logwrite = ver <${certextract {version} {$tls_out_peercert}}> | |
44 | logwrite = SN <${certextract {subject} {$tls_out_peercert}}> | |
45 | logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> | |
46 | logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> | |
47 | logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> | |
48 | logwrite = SA <${certextract {signature_algorithm}{$tls_out_peercert}}> | |
49 | logwrite = SG <${certextract {signature} {$tls_out_peercert}}> | |
50 | logwrite = ${certextract {subject_altname}{$tls_out_peercert}{SAN <$value>}{(no SAN)}} | |
348051ad | 51 | # logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} |
9d1c15ef JH |
52 | logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} |
53 | ||
54 | ||
55 | # ----- Routers ----- | |
56 | ||
57 | begin routers | |
58 | ||
59 | client: | |
60 | driver = accept | |
61 | condition = ${if eq {SERVER}{server}{no}{yes}} | |
62 | retry_use_local_part | |
63 | transport = send_to_server | |
64 | ||
65 | ||
66 | # ----- Transports ----- | |
67 | ||
68 | begin transports | |
69 | ||
70 | send_to_server: | |
71 | driver = smtp | |
72 | allow_localhost | |
73 | hosts = 127.0.0.1 | |
74 | port = PORT_D | |
75 | ||
76 | tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem | |
77 | tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key | |
78 | ||
79 | tls_verify_certificates = DIR/aux-fixed/exim-ca/\ | |
80 | ${if eq {$local_part}{good}\ | |
81 | {example.com/server1.example.com/ca_chain.pem}\ | |
82 | {example.net/server1.example.net/ca_chain.pem}} | |
83 | ||
84 | tpda_delivery_action = ${acl {logger} {delivery} {$domain} } | |
85 | tpda_host_defer_action = ${acl {logger} {deferral} {$domain} } | |
86 | ||
87 | # ----- Retry ----- | |
88 | ||
89 | ||
90 | begin retry | |
91 | ||
92 | * * F,5d,10s | |
93 | ||
94 | ||
95 | # End |