Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5860 |
83b27293 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
d4dc049f JH |
6 | .include DIR/aux-var/tls_conf_prefix |
7 | ||
83b27293 | 8 | primary_hostname = myhost.test.ex |
83b27293 JH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
12 | acl_smtp_rcpt = accept | |
13 | ||
14 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
15 | ||
16 | queue_only | |
17 | queue_run_in_order | |
18 | ||
19 | tls_advertise_hosts = * | |
20 | ||
21 | # Set certificate only if server | |
22 | CDIR1 = DIR/aux-fixed | |
23 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
24 | ||
25 | tls_certificate = ${if eq {SERVER}{server} \ | |
26 | {${if eq {DETAILS}{ta} \ | |
27 | {CDIR2/fullchain.pem}\ | |
28 | {CDIR1/cert1}}}\ | |
29 | fail} | |
30 | ||
31 | tls_privatekey = ${if eq {SERVER}{server} \ | |
32 | {${if eq {DETAILS}{ta} \ | |
33 | {CDIR2/server1.example.com.unlocked.key}\ | |
34 | {CDIR1/cert1}}}\ | |
35 | fail} | |
36 | ||
37 | ||
38 | begin acl | |
39 | ||
40 | logger: | |
774ef2d7 JH |
41 | accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} |
42 | logwrite = $event_name depth = $event_data \ | |
83b27293 JH |
43 | <${certextract {subject} {$tls_out_peercert}}> |
44 | # message = noooo | |
45 | ||
774ef2d7 JH |
46 | accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} |
47 | logwrite = $event_name dane=$tls_out_dane | |
83b27293 JH |
48 | accept |
49 | ||
50 | # ----- Routers ----- | |
51 | ||
52 | begin routers | |
53 | ||
54 | client: | |
55 | driver = dnslookup | |
56 | condition = ${if eq {SERVER}{}} | |
57 | dnssec_request_domains = * | |
58 | self = send | |
59 | transport = send_to_server | |
60 | ||
61 | server: | |
62 | driver = redirect | |
63 | data = :blackhole: | |
64 | ||
65 | ||
66 | # ----- Transports ----- | |
67 | ||
68 | begin transports | |
69 | ||
70 | send_to_server: | |
71 | driver = smtp | |
72 | allow_localhost | |
73 | port = PORT_D | |
74 | ||
75 | # hosts_try_dane = * | |
76 | hosts_require_dane = * | |
77 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ | |
78 | {= {0}{$tls_out_tlsa_usage}} } \ | |
79 | {*}{}} | |
80 | ||
774ef2d7 | 81 | event_action = ${acl {logger}} |
83b27293 JH |
82 | |
83 | # End |