Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
12ee8cf9 JH |
9 | spool_directory = DIR/spool |
10 | log_file_path = DIR/spool/log/SERVER%slog | |
11 | gecos_pattern = "" | |
12 | gecos_name = CALLER_NAME | |
13 | ||
14 | # ----- Main settings ----- | |
15 | ||
bf7aabb4 | 16 | .ifndef OPT |
12ee8cf9 | 17 | acl_smtp_rcpt = accept |
bf7aabb4 JH |
18 | .else |
19 | acl_smtp_rcpt = accept verify = recipient/callout | |
20 | .endif | |
12ee8cf9 | 21 | |
e5cccda9 | 22 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 23 | |
12ee8cf9 JH |
24 | queue_run_in_order |
25 | ||
26 | tls_advertise_hosts = * | |
27 | ||
28 | # Set certificate only if server | |
82525c6f JH |
29 | CDIR1 = DIR/aux-fixed |
30 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 31 | |
82525c6f | 32 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 33 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
34 | {CDIR2/fullchain.pem}\ |
35 | {CDIR1/cert1}}}\ | |
36 | fail} | |
37 | ||
38 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 39 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
40 | {CDIR2/server1.example.com.unlocked.key}\ |
41 | {CDIR1/cert1}}}\ | |
42 | fail} | |
12ee8cf9 | 43 | |
12ee8cf9 JH |
44 | # ----- Routers ----- |
45 | ||
46 | begin routers | |
47 | ||
48 | client: | |
cf2b569e | 49 | driver = dnslookup |
82525c6f | 50 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
51 | dnssec_request_domains = * |
52 | self = send | |
12ee8cf9 JH |
53 | transport = send_to_server |
54 | ||
55 | server: | |
56 | driver = redirect | |
57 | data = :blackhole: | |
58 | ||
59 | ||
60 | # ----- Transports ----- | |
61 | ||
62 | begin transports | |
63 | ||
64 | send_to_server: | |
65 | driver = smtp | |
66 | allow_localhost | |
12ee8cf9 | 67 | port = PORT_D |
12ee8cf9 | 68 | |
281e72e4 JH |
69 | hosts_try_dane = * |
70 | hosts_require_dane = !thishost.test.ex | |
01a4a5c5 | 71 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
72 | tls_try_verify_hosts = thishost.test.ex |
73 | tls_verify_certificates = CDIR2/ca_chain.pem | |
74 | ||
7a31d643 | 75 | |
12ee8cf9 JH |
76 | |
77 | # ----- Retry ----- | |
78 | ||
79 | ||
80 | begin retry | |
81 | ||
82 | * * F,5d,10s | |
83 | ||
84 | ||
85 | # End |