Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5860 |
83b27293 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
83b27293 JH |
9 | spool_directory = DIR/spool |
10 | log_file_path = DIR/spool/log/SERVER%slog | |
11 | gecos_pattern = "" | |
12 | gecos_name = CALLER_NAME | |
13 | ||
14 | # ----- Main settings ----- | |
15 | ||
16 | acl_smtp_rcpt = accept | |
17 | ||
18 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
19 | ||
20 | queue_only | |
21 | queue_run_in_order | |
22 | ||
23 | tls_advertise_hosts = * | |
24 | ||
25 | # Set certificate only if server | |
26 | CDIR1 = DIR/aux-fixed | |
27 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
28 | ||
29 | tls_certificate = ${if eq {SERVER}{server} \ | |
30 | {${if eq {DETAILS}{ta} \ | |
31 | {CDIR2/fullchain.pem}\ | |
32 | {CDIR1/cert1}}}\ | |
33 | fail} | |
34 | ||
35 | tls_privatekey = ${if eq {SERVER}{server} \ | |
36 | {${if eq {DETAILS}{ta} \ | |
37 | {CDIR2/server1.example.com.unlocked.key}\ | |
38 | {CDIR1/cert1}}}\ | |
39 | fail} | |
40 | ||
41 | ||
42 | begin acl | |
43 | ||
44 | logger: | |
774ef2d7 JH |
45 | accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} |
46 | logwrite = $event_name depth = $event_data \ | |
83b27293 JH |
47 | <${certextract {subject} {$tls_out_peercert}}> |
48 | # message = noooo | |
49 | ||
774ef2d7 JH |
50 | accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} |
51 | logwrite = $event_name dane=$tls_out_dane | |
83b27293 JH |
52 | accept |
53 | ||
54 | # ----- Routers ----- | |
55 | ||
56 | begin routers | |
57 | ||
58 | client: | |
59 | driver = dnslookup | |
60 | condition = ${if eq {SERVER}{}} | |
61 | dnssec_request_domains = * | |
62 | self = send | |
63 | transport = send_to_server | |
64 | ||
65 | server: | |
66 | driver = redirect | |
67 | data = :blackhole: | |
68 | ||
69 | ||
70 | # ----- Transports ----- | |
71 | ||
72 | begin transports | |
73 | ||
74 | send_to_server: | |
75 | driver = smtp | |
76 | allow_localhost | |
77 | port = PORT_D | |
78 | ||
79 | # hosts_try_dane = * | |
80 | hosts_require_dane = * | |
81 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ | |
82 | {= {0}{$tls_out_tlsa_usage}} } \ | |
83 | {*}{}} | |
84 | ||
774ef2d7 | 85 | event_action = ${acl {logger}} |
83b27293 JH |
86 | |
87 | # End |