Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
d4dc049f JH |
6 | .include DIR/aux-var/tls_conf_prefix |
7 | ||
12ee8cf9 | 8 | primary_hostname = myhost.test.ex |
12ee8cf9 JH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
bf7aabb4 | 12 | .ifndef OPT |
12ee8cf9 | 13 | acl_smtp_rcpt = accept |
bf7aabb4 JH |
14 | .else |
15 | acl_smtp_rcpt = accept verify = recipient/callout | |
16 | .endif | |
12ee8cf9 | 17 | |
e5cccda9 | 18 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 19 | |
12ee8cf9 JH |
20 | queue_run_in_order |
21 | ||
22 | tls_advertise_hosts = * | |
23 | ||
24 | # Set certificate only if server | |
82525c6f JH |
25 | CDIR1 = DIR/aux-fixed |
26 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 27 | |
82525c6f | 28 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 29 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
30 | {CDIR2/fullchain.pem}\ |
31 | {CDIR1/cert1}}}\ | |
32 | fail} | |
33 | ||
34 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 35 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
36 | {CDIR2/server1.example.com.unlocked.key}\ |
37 | {CDIR1/cert1}}}\ | |
38 | fail} | |
12ee8cf9 | 39 | |
12ee8cf9 JH |
40 | # ----- Routers ----- |
41 | ||
42 | begin routers | |
43 | ||
44 | client: | |
cf2b569e | 45 | driver = dnslookup |
82525c6f | 46 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
47 | dnssec_request_domains = * |
48 | self = send | |
12ee8cf9 | 49 | transport = send_to_server |
4b0fe319 | 50 | errors_to = "" |
12ee8cf9 JH |
51 | |
52 | server: | |
53 | driver = redirect | |
54 | data = :blackhole: | |
55 | ||
56 | ||
57 | # ----- Transports ----- | |
58 | ||
59 | begin transports | |
60 | ||
61 | send_to_server: | |
62 | driver = smtp | |
63 | allow_localhost | |
b7e4352c | 64 | port = ${if match {$host}{\Ntest.ex$\N} {PORT_D}{25}} |
12ee8cf9 | 65 | |
281e72e4 | 66 | hosts_try_dane = * |
b7e4352c | 67 | hosts_require_dane = HOSTIPV4 |
01a4a5c5 | 68 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
69 | tls_try_verify_hosts = thishost.test.ex |
70 | tls_verify_certificates = CDIR2/ca_chain.pem | |
71 | ||
7a31d643 | 72 | |
12ee8cf9 JH |
73 | |
74 | # ----- Retry ----- | |
75 | ||
76 | ||
77 | begin retry | |
78 | ||
79 | * * F,5d,10s | |
80 | ||
81 | ||
82 | # End |