Commit | Line | Data |
---|---|---|
83b27293 JH |
1 | # Exim test configuration 5850 |
2 | # DANE | |
3 | ||
4 | SERVER= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = myhost.test.ex | |
9 | rfc1413_query_timeout = 0s | |
10 | spool_directory = DIR/spool | |
11 | log_file_path = DIR/spool/log/SERVER%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
17 | acl_smtp_rcpt = accept | |
18 | ||
19 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
20 | ||
21 | queue_only | |
22 | queue_run_in_order | |
23 | ||
24 | tls_advertise_hosts = * | |
25 | ||
26 | # Set certificate only if server | |
27 | CDIR1 = DIR/aux-fixed | |
28 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
29 | ||
30 | tls_certificate = ${if eq {SERVER}{server} \ | |
31 | {${if eq {DETAILS}{ta} \ | |
32 | {CDIR2/fullchain.pem}\ | |
33 | {CDIR1/cert1}}}\ | |
34 | fail} | |
35 | ||
36 | tls_privatekey = ${if eq {SERVER}{server} \ | |
37 | {${if eq {DETAILS}{ta} \ | |
38 | {CDIR2/server1.example.com.unlocked.key}\ | |
39 | {CDIR1/cert1}}}\ | |
40 | fail} | |
41 | ||
42 | ||
43 | begin acl | |
44 | ||
45 | logger: | |
46 | accept condition = ${if eq {tls} {${listextract{1}{$tpda_event}}}} | |
47 | logwrite = $tpda_event depth = $tpda_data \ | |
48 | <${certextract {subject} {$tls_out_peercert}}> | |
49 | # message = noooo | |
50 | ||
51 | accept condition = ${if eq {msg} {${listextract{1}{$tpda_event}}}} | |
52 | logwrite = $tpda_event dane=$tls_out_dane | |
53 | accept | |
54 | ||
55 | # ----- Routers ----- | |
56 | ||
57 | begin routers | |
58 | ||
59 | client: | |
60 | driver = dnslookup | |
61 | condition = ${if eq {SERVER}{}} | |
62 | dnssec_request_domains = * | |
63 | self = send | |
64 | transport = send_to_server | |
65 | ||
66 | server: | |
67 | driver = redirect | |
68 | data = :blackhole: | |
69 | ||
70 | ||
71 | # ----- Transports ----- | |
72 | ||
73 | begin transports | |
74 | ||
75 | send_to_server: | |
76 | driver = smtp | |
77 | allow_localhost | |
78 | port = PORT_D | |
79 | ||
80 | # hosts_try_dane = * | |
81 | hosts_require_dane = * | |
82 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ | |
83 | {= {0}{$tls_out_tlsa_usage}} } \ | |
84 | {*}{}} | |
85 | ||
86 | tpda_event_action = ${acl {logger}} | |
87 | ||
88 | # End |