Commit | Line | Data |
---|---|---|
899b8bbc JH |
1 | # Exim test configuration 5820 |
2 | # DANE/GnuTLS | |
12ee8cf9 JH |
3 | |
4 | SERVER= | |
5 | ||
899b8bbc | 6 | .include DIR/aux-var/tls_conf_prefix |
d4dc049f | 7 | |
12ee8cf9 | 8 | primary_hostname = myhost.test.ex |
12ee8cf9 JH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
899b8bbc JH |
12 | .ifndef OPT |
13 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" | |
14 | .else | |
15 | acl_smtp_rcpt = accept verify = recipient/callout | |
16 | .endif | |
12ee8cf9 | 17 | |
899b8bbc | 18 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 19 | |
12ee8cf9 JH |
20 | queue_run_in_order |
21 | ||
22 | tls_advertise_hosts = * | |
360c0492 JH |
23 | # needed to force generation |
24 | tls_dhparam = historic | |
12ee8cf9 JH |
25 | |
26 | # Set certificate only if server | |
899b8bbc JH |
27 | CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net |
28 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 29 | |
82525c6f | 30 | |
899b8bbc JH |
31 | tls_certificate = ${if eq {SERVER}{server} \ |
32 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ | |
33 | {CDIR2/fullchain.pem}\ | |
34 | {CDIR1/fullchain.pem}}}\ | |
35 | fail} | |
12ee8cf9 | 36 | |
899b8bbc JH |
37 | tls_privatekey = ${if eq {SERVER}{server} \ |
38 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ | |
39 | {CDIR2/server1.example.com.unlocked.key}\ | |
40 | {CDIR1/server1.example.net.unlocked.key}}}\ | |
41 | fail} | |
12ee8cf9 JH |
42 | |
43 | # ----- Routers ----- | |
44 | ||
45 | begin routers | |
46 | ||
47 | client: | |
899b8bbc JH |
48 | driver = dnslookup |
49 | condition = ${if eq {SERVER}{}} | |
50 | dnssec_request_domains = * | |
51 | self = send | |
12ee8cf9 | 52 | transport = send_to_server |
899b8bbc | 53 | errors_to = "" |
12ee8cf9 JH |
54 | |
55 | server: | |
56 | driver = redirect | |
57 | data = :blackhole: | |
58 | ||
59 | ||
60 | # ----- Transports ----- | |
61 | ||
62 | begin transports | |
63 | ||
64 | send_to_server: | |
65 | driver = smtp | |
66 | allow_localhost | |
28646fa9 | 67 | port = PORT_D |
899b8bbc JH |
68 | |
69 | hosts_try_dane = * | |
70 | hosts_require_dane = HOSTIPV4 | |
71 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} | |
72 | tls_try_verify_hosts = thishost.test.ex | |
570cb1bd | 73 | tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} |
899b8bbc | 74 | |
7a31d643 | 75 | |
12ee8cf9 JH |
76 | |
77 | # ----- Retry ----- | |
78 | ||
79 | ||
80 | begin retry | |
81 | ||
82 | * * F,5d,10s | |
83 | ||
84 | ||
85 | # End |