Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
9 | rfc1413_query_timeout = 0s | |
10 | spool_directory = DIR/spool | |
11 | log_file_path = DIR/spool/log/SERVER%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
17 | acl_smtp_rcpt = accept | |
18 | ||
e5cccda9 | 19 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 20 | |
12ee8cf9 JH |
21 | queue_run_in_order |
22 | ||
23 | tls_advertise_hosts = * | |
24 | ||
25 | # Set certificate only if server | |
82525c6f JH |
26 | CDIR1 = DIR/aux-fixed |
27 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 28 | |
82525c6f | 29 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 30 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
31 | {CDIR2/fullchain.pem}\ |
32 | {CDIR1/cert1}}}\ | |
33 | fail} | |
34 | ||
35 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 36 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
37 | {CDIR2/server1.example.com.unlocked.key}\ |
38 | {CDIR1/cert1}}}\ | |
39 | fail} | |
12ee8cf9 | 40 | |
12ee8cf9 JH |
41 | # ----- Routers ----- |
42 | ||
43 | begin routers | |
44 | ||
45 | client: | |
cf2b569e | 46 | driver = dnslookup |
82525c6f | 47 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
48 | dnssec_request_domains = * |
49 | self = send | |
12ee8cf9 JH |
50 | transport = send_to_server |
51 | ||
52 | server: | |
53 | driver = redirect | |
54 | data = :blackhole: | |
55 | ||
56 | ||
57 | # ----- Transports ----- | |
58 | ||
59 | begin transports | |
60 | ||
61 | send_to_server: | |
62 | driver = smtp | |
63 | allow_localhost | |
12ee8cf9 | 64 | port = PORT_D |
12ee8cf9 | 65 | |
281e72e4 JH |
66 | hosts_try_dane = * |
67 | hosts_require_dane = !thishost.test.ex | |
594706ea JH |
68 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ |
69 | {= {0}{$tls_out_tlsa_usage}} } \ | |
70 | {*}{}} | |
281e72e4 JH |
71 | tls_try_verify_hosts = thishost.test.ex |
72 | tls_verify_certificates = CDIR2/ca_chain.pem | |
73 | ||
7a31d643 | 74 | |
12ee8cf9 JH |
75 | |
76 | # ----- Retry ----- | |
77 | ||
78 | ||
79 | begin retry | |
80 | ||
81 | * * F,5d,10s | |
82 | ||
83 | ||
84 | # End |