Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
bc3c7bb7 | 7 | keep_environment = |
12ee8cf9 JH |
8 | host_lookup_order = bydns |
9 | primary_hostname = myhost.test.ex | |
12ee8cf9 JH |
10 | spool_directory = DIR/spool |
11 | log_file_path = DIR/spool/log/SERVER%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
bf7aabb4 | 17 | .ifndef OPT |
12ee8cf9 | 18 | acl_smtp_rcpt = accept |
bf7aabb4 JH |
19 | .else |
20 | acl_smtp_rcpt = accept verify = recipient/callout | |
21 | .endif | |
12ee8cf9 | 22 | |
e5cccda9 | 23 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 24 | |
12ee8cf9 JH |
25 | queue_run_in_order |
26 | ||
27 | tls_advertise_hosts = * | |
28 | ||
29 | # Set certificate only if server | |
82525c6f JH |
30 | CDIR1 = DIR/aux-fixed |
31 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 32 | |
82525c6f | 33 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 34 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
35 | {CDIR2/fullchain.pem}\ |
36 | {CDIR1/cert1}}}\ | |
37 | fail} | |
38 | ||
39 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 40 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
41 | {CDIR2/server1.example.com.unlocked.key}\ |
42 | {CDIR1/cert1}}}\ | |
43 | fail} | |
12ee8cf9 | 44 | |
12ee8cf9 JH |
45 | # ----- Routers ----- |
46 | ||
47 | begin routers | |
48 | ||
49 | client: | |
cf2b569e | 50 | driver = dnslookup |
82525c6f | 51 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
52 | dnssec_request_domains = * |
53 | self = send | |
12ee8cf9 | 54 | transport = send_to_server |
4b0fe319 | 55 | errors_to = "" |
12ee8cf9 JH |
56 | |
57 | server: | |
58 | driver = redirect | |
59 | data = :blackhole: | |
60 | ||
61 | ||
62 | # ----- Transports ----- | |
63 | ||
64 | begin transports | |
65 | ||
66 | send_to_server: | |
67 | driver = smtp | |
68 | allow_localhost | |
12ee8cf9 | 69 | port = PORT_D |
12ee8cf9 | 70 | |
281e72e4 JH |
71 | hosts_try_dane = * |
72 | hosts_require_dane = !thishost.test.ex | |
01a4a5c5 | 73 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
74 | tls_try_verify_hosts = thishost.test.ex |
75 | tls_verify_certificates = CDIR2/ca_chain.pem | |
76 | ||
7a31d643 | 77 | |
12ee8cf9 JH |
78 | |
79 | # ----- Retry ----- | |
80 | ||
81 | ||
82 | begin retry | |
83 | ||
84 | * * F,5d,10s | |
85 | ||
86 | ||
87 | # End |