Commit | Line | Data |
---|---|---|
37ff4e03 | 1 | # Exim test configuration 5860 |
83b27293 JH |
2 | # DANE |
3 | ||
4 | SERVER= | |
5 | ||
d4dc049f JH |
6 | .include DIR/aux-var/tls_conf_prefix |
7 | ||
83b27293 | 8 | primary_hostname = myhost.test.ex |
83b27293 JH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
12 | acl_smtp_rcpt = accept | |
13 | ||
14 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
15 | ||
16 | queue_only | |
17 | queue_run_in_order | |
18 | ||
19 | tls_advertise_hosts = * | |
20 | ||
21 | # Set certificate only if server | |
83b27293 JH |
22 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com |
23 | ||
899b8bbc JH |
24 | tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail} |
25 | tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail} | |
83b27293 JH |
26 | |
27 | ||
28 | begin acl | |
29 | ||
30 | logger: | |
774ef2d7 JH |
31 | accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} |
32 | logwrite = $event_name depth = $event_data \ | |
83b27293 JH |
33 | <${certextract {subject} {$tls_out_peercert}}> |
34 | # message = noooo | |
35 | ||
774ef2d7 JH |
36 | accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} |
37 | logwrite = $event_name dane=$tls_out_dane | |
83b27293 JH |
38 | accept |
39 | ||
40 | # ----- Routers ----- | |
41 | ||
42 | begin routers | |
43 | ||
44 | client: | |
45 | driver = dnslookup | |
46 | condition = ${if eq {SERVER}{}} | |
47 | dnssec_request_domains = * | |
48 | self = send | |
49 | transport = send_to_server | |
50 | ||
51 | server: | |
52 | driver = redirect | |
53 | data = :blackhole: | |
54 | ||
55 | ||
56 | # ----- Transports ----- | |
57 | ||
58 | begin transports | |
59 | ||
60 | send_to_server: | |
61 | driver = smtp | |
62 | allow_localhost | |
63 | port = PORT_D | |
64 | ||
65 | # hosts_try_dane = * | |
66 | hosts_require_dane = * | |
a6510420 | 67 | .ifdef _HAVE_OCSP |
83b27293 JH |
68 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ |
69 | {= {0}{$tls_out_tlsa_usage}} } \ | |
70 | {*}{}} | |
a6510420 | 71 | .endif |
83b27293 | 72 | |
774ef2d7 | 73 | event_action = ${acl {logger}} |
83b27293 JH |
74 | |
75 | # End |