[exim.git] / test / confs / 5840

# Exim test configuration 5840
# DANE

SERVER=

exim_path = EXIM_PATH
keep_environment =
host_lookup_order = bydns
primary_hostname = myhost.test.ex
spool_directory = DIR/spool
log_file_path = DIR/spool/log/SERVER%slog
gecos_pattern = ""
gecos_name = CALLER_NAME

# ----- Main settings -----

.ifndef OPT
acl_smtp_rcpt = accept
.else
acl_smtp_rcpt = accept verify = recipient/callout
.endif

log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified

queue_run_in_order

tls_advertise_hosts = *

# Set certificate only if server
CDIR1 = DIR/aux-fixed
CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com

tls_certificate = ${if eq {SERVER}{server} \
	{${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
		{CDIR2/fullchain.pem}\
		{CDIR1/cert1}}}\
	fail}

tls_privatekey = ${if eq {SERVER}{server} \
	{${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
		{CDIR2/server1.example.com.unlocked.key}\
		{CDIR1/cert1}}}\
	fail}

# ----- Routers -----

begin routers

client:
  driver = dnslookup
  condition = ${if eq {SERVER}{}}
  dnssec_request_domains = *
  self = send
  transport = send_to_server

server:
  driver = redirect
  data = :blackhole:


# ----- Transports -----

begin transports

send_to_server:
  driver = smtp
  allow_localhost
  port = PORT_D

  hosts_try_dane =     *
  hosts_require_dane = !thishost.test.ex
  tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
  tls_try_verify_hosts = thishost.test.ex
  tls_verify_certificates = CDIR2/ca_chain.pem


# ----- Retry -----


begin retry

* * F,5d,10s


# End
Commit	Line	Data
37ff4e03	1	# Exim test configuration 5840
12ee8cf9 JH	2	# DANE
	3
	4	SERVER=
	5
	6	exim_path = EXIM_PATH
bc3c7bb7	7	keep_environment =
12ee8cf9 JH	8	host_lookup_order = bydns
12ee8cf9 JH	9	primary_hostname = myhost.test.ex
12ee8cf9 JH	10	spool_directory = DIR/spool
	11	log_file_path = DIR/spool/log/SERVER%slog
	12	gecos_pattern = ""
	13	gecos_name = CALLER_NAME
	14
	15	# ----- Main settings -----
	16
bf7aabb4	17	.ifndef OPT
12ee8cf9	18	acl_smtp_rcpt = accept
bf7aabb4 JH	19	.else
	20	acl_smtp_rcpt = accept verify = recipient/callout
	21	.endif
12ee8cf9	22
e5cccda9	23	log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
12ee8cf9	24
12ee8cf9 JH	25	queue_run_in_order
	26
	27	tls_advertise_hosts = *
	28
	29	# Set certificate only if server
82525c6f JH	30	CDIR1 = DIR/aux-fixed
82525c6f JH	31	CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
12ee8cf9	32
82525c6f	33	tls_certificate = ${if eq {SERVER}{server} \
281e72e4	34	{${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
82525c6f JH	35	{CDIR2/fullchain.pem}\
	36	{CDIR1/cert1}}}\
	37	fail}
	38
	39	tls_privatekey = ${if eq {SERVER}{server} \
281e72e4	40	{${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
82525c6f JH	41	{CDIR2/server1.example.com.unlocked.key}\
	42	{CDIR1/cert1}}}\
	43	fail}
12ee8cf9	44
12ee8cf9 JH	45	# ----- Routers -----
	46
	47	begin routers
	48
	49	client:
cf2b569e	50	driver = dnslookup
82525c6f	51	condition = ${if eq {SERVER}{}}
cf2b569e JH	52	dnssec_request_domains = *
cf2b569e JH	53	self = send
12ee8cf9 JH	54	transport = send_to_server
	55
	56	server:
	57	driver = redirect
	58	data = :blackhole:
	59
	60
	61	# ----- Transports -----
	62
	63	begin transports
	64
	65	send_to_server:
	66	driver = smtp
	67	allow_localhost
12ee8cf9	68	port = PORT_D
12ee8cf9	69
281e72e4 JH	70	hosts_try_dane = *
281e72e4 JH	71	hosts_require_dane = !thishost.test.ex
01a4a5c5	72	tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
281e72e4 JH	73	tls_try_verify_hosts = thishost.test.ex
	74	tls_verify_certificates = CDIR2/ca_chain.pem
	75
7a31d643	76
12ee8cf9 JH	77
	78	# ----- Retry -----
	79
	80
	81	begin retry
	82
	83	* * F,5d,10s
	84
	85
	86	# End