Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
899b8bbc | 2 | # DANE/OpenSSL |
12ee8cf9 JH |
3 | |
4 | SERVER= | |
5 | ||
d4dc049f JH |
6 | .include DIR/aux-var/tls_conf_prefix |
7 | ||
12ee8cf9 | 8 | primary_hostname = myhost.test.ex |
12ee8cf9 JH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
bf7aabb4 | 12 | .ifndef OPT |
899b8bbc | 13 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" |
bf7aabb4 JH |
14 | .else |
15 | acl_smtp_rcpt = accept verify = recipient/callout | |
16 | .endif | |
12ee8cf9 | 17 | |
e5cccda9 | 18 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 19 | |
12ee8cf9 JH |
20 | queue_run_in_order |
21 | ||
22 | tls_advertise_hosts = * | |
23 | ||
24 | # Set certificate only if server | |
899b8bbc | 25 | CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net |
82525c6f | 26 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com |
12ee8cf9 | 27 | |
854586e1 JH |
28 | .ifdef CERT |
29 | tls_certificate = CERT | |
30 | .else | |
82525c6f | 31 | tls_certificate = ${if eq {SERVER}{server} \ |
899b8bbc | 32 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ |
82525c6f | 33 | {CDIR2/fullchain.pem}\ |
899b8bbc | 34 | {CDIR1/fullchain.pem}}}\ |
82525c6f | 35 | fail} |
854586e1 | 36 | .endif |
82525c6f | 37 | |
854586e1 JH |
38 | .ifdef ALLOW |
39 | tls_privatekey = ALLOW | |
40 | .else | |
82525c6f | 41 | tls_privatekey = ${if eq {SERVER}{server} \ |
899b8bbc | 42 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ |
82525c6f | 43 | {CDIR2/server1.example.com.unlocked.key}\ |
899b8bbc | 44 | {CDIR1/server1.example.net.unlocked.key}}}\ |
82525c6f | 45 | fail} |
854586e1 | 46 | .endif |
12ee8cf9 | 47 | |
12ee8cf9 JH |
48 | # ----- Routers ----- |
49 | ||
50 | begin routers | |
51 | ||
52 | client: | |
cf2b569e | 53 | driver = dnslookup |
82525c6f | 54 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
55 | dnssec_request_domains = * |
56 | self = send | |
12ee8cf9 | 57 | transport = send_to_server |
4b0fe319 | 58 | errors_to = "" |
12ee8cf9 JH |
59 | |
60 | server: | |
61 | driver = redirect | |
62 | data = :blackhole: | |
63 | ||
64 | ||
65 | # ----- Transports ----- | |
66 | ||
67 | begin transports | |
68 | ||
69 | send_to_server: | |
70 | driver = smtp | |
71 | allow_localhost | |
28646fa9 | 72 | port = PORT_D |
12ee8cf9 | 73 | |
281e72e4 | 74 | hosts_try_dane = * |
b7e4352c | 75 | hosts_require_dane = HOSTIPV4 |
01a4a5c5 | 76 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
77 | tls_try_verify_hosts = thishost.test.ex |
78 | tls_verify_certificates = CDIR2/ca_chain.pem | |
79 | ||
7a31d643 | 80 | |
12ee8cf9 JH |
81 | |
82 | # ----- Retry ----- | |
83 | ||
84 | ||
85 | begin retry | |
86 | ||
87 | * * F,5d,10s | |
88 | ||
89 | ||
90 | # End |