Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5840 |
12ee8cf9 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
bc3c7bb7 | 7 | keep_environment = |
12ee8cf9 JH |
8 | host_lookup_order = bydns |
9 | primary_hostname = myhost.test.ex | |
12ee8cf9 JH |
10 | spool_directory = DIR/spool |
11 | log_file_path = DIR/spool/log/SERVER%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
bf7aabb4 | 17 | .ifndef OPT |
12ee8cf9 | 18 | acl_smtp_rcpt = accept |
bf7aabb4 JH |
19 | .else |
20 | acl_smtp_rcpt = accept verify = recipient/callout | |
21 | .endif | |
12ee8cf9 | 22 | |
e5cccda9 | 23 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 24 | |
12ee8cf9 JH |
25 | queue_run_in_order |
26 | ||
27 | tls_advertise_hosts = * | |
28 | ||
29 | # Set certificate only if server | |
82525c6f JH |
30 | CDIR1 = DIR/aux-fixed |
31 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 32 | |
82525c6f | 33 | tls_certificate = ${if eq {SERVER}{server} \ |
281e72e4 | 34 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
35 | {CDIR2/fullchain.pem}\ |
36 | {CDIR1/cert1}}}\ | |
37 | fail} | |
38 | ||
39 | tls_privatekey = ${if eq {SERVER}{server} \ | |
281e72e4 | 40 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ |
82525c6f JH |
41 | {CDIR2/server1.example.com.unlocked.key}\ |
42 | {CDIR1/cert1}}}\ | |
43 | fail} | |
12ee8cf9 | 44 | |
12ee8cf9 JH |
45 | # ----- Routers ----- |
46 | ||
47 | begin routers | |
48 | ||
49 | client: | |
cf2b569e | 50 | driver = dnslookup |
82525c6f | 51 | condition = ${if eq {SERVER}{}} |
cf2b569e JH |
52 | dnssec_request_domains = * |
53 | self = send | |
12ee8cf9 JH |
54 | transport = send_to_server |
55 | ||
56 | server: | |
57 | driver = redirect | |
58 | data = :blackhole: | |
59 | ||
60 | ||
61 | # ----- Transports ----- | |
62 | ||
63 | begin transports | |
64 | ||
65 | send_to_server: | |
66 | driver = smtp | |
67 | allow_localhost | |
12ee8cf9 | 68 | port = PORT_D |
12ee8cf9 | 69 | |
281e72e4 JH |
70 | hosts_try_dane = * |
71 | hosts_require_dane = !thishost.test.ex | |
01a4a5c5 | 72 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} |
281e72e4 JH |
73 | tls_try_verify_hosts = thishost.test.ex |
74 | tls_verify_certificates = CDIR2/ca_chain.pem | |
75 | ||
7a31d643 | 76 | |
12ee8cf9 JH |
77 | |
78 | # ----- Retry ----- | |
79 | ||
80 | ||
81 | begin retry | |
82 | ||
83 | * * F,5d,10s | |
84 | ||
85 | ||
86 | # End |