Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
12ee8cf9 JH |
9 | spool_directory = DIR/spool |
10 | log_file_path = DIR/spool/log/SERVER%slog | |
11 | gecos_pattern = "" | |
12 | gecos_name = CALLER_NAME | |
13 | ||
14 | # ----- Main settings ----- | |
15 | ||
16 | acl_smtp_rcpt = accept | |
17 | ||
e5cccda9 | 18 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 19 | |
12ee8cf9 JH |
20 | queue_run_in_order |
21 | ||
22 | tls_advertise_hosts = * | |
23 | ||
24 | # Set certificate only if server | |
82525c6f JH |
25 | CDIR1 = DIR/aux-fixed |
26 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 27 | |
82525c6f | 28 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 29 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
30 | {CDIR2/fullchain.pem}\ |
31 | {CDIR1/cert1}}}\ | |
32 | fail} | |
33 | ||
34 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 35 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
36 | {CDIR2/server1.example.com.unlocked.key}\ |
37 | {CDIR1/cert1}}}\ | |
38 | fail} | |
12ee8cf9 | 39 | |
12ee8cf9 JH |
40 | # ----- Routers ----- |
41 | ||
42 | begin routers | |
43 | ||
44 | client: | |
cf2b569e | 45 | driver = dnslookup |
82525c6f | 46 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
47 | dnssec_request_domains = * |
48 | self = send | |
12ee8cf9 JH |
49 | transport = send_to_server |
50 | ||
51 | server: | |
52 | driver = redirect | |
53 | data = :blackhole: | |
54 | ||
55 | ||
56 | # ----- Transports ----- | |
57 | ||
58 | begin transports | |
59 | ||
60 | send_to_server: | |
61 | driver = smtp | |
62 | allow_localhost | |
12ee8cf9 | 63 | port = PORT_D |
12ee8cf9 | 64 | |
281e72e4 JH |
65 | hosts_try_dane = * |
66 | hosts_require_dane = !thishost.test.ex | |
594706ea JH |
67 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ |
68 | {= {0}{$tls_out_tlsa_usage}} } \ | |
69 | {*}{}} | |
01a4a5c5 | 70 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
71 | tls_try_verify_hosts = thishost.test.ex |
72 | tls_verify_certificates = CDIR2/ca_chain.pem | |
73 | ||
7a31d643 | 74 | |
12ee8cf9 JH |
75 | |
76 | # ----- Retry ----- | |
77 | ||
78 | ||
79 | begin retry | |
80 | ||
81 | * * F,5d,10s | |
82 | ||
83 | ||
84 | # End |