Commit | Line | Data |
---|---|---|
bd5b3f3c JH |
1 | # Exim test configuration 5880 |
2 | # DANE | |
3 | ||
4 | SERVER= | |
5 | ||
6 | .include DIR/aux-var/tls_conf_prefix | |
7 | ||
8 | primary_hostname = myhost.test.ex | |
9 | ||
10 | # ----- Main settings ----- | |
11 | ||
12 | acl_smtp_rcpt = accept | |
13 | ||
14 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified | |
15 | ||
16 | queue_only | |
17 | queue_run_in_order | |
18 | ||
19 | tls_advertise_hosts = * | |
20 | ||
21 | # Set certificate only if server | |
22 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
23 | ||
24 | tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail} | |
25 | tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail} | |
26 | ||
27 | ||
28 | begin acl | |
29 | ||
30 | logger: | |
31 | accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} | |
32 | logwrite = $event_name depth = $event_data \ | |
33 | <${certextract {subject} {$tls_out_peercert}}> | |
34 | # message = noooo | |
35 | ||
36 | accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} | |
37 | logwrite = $event_name dane=$tls_out_dane | |
38 | accept | |
39 | ||
40 | # ----- Routers ----- | |
41 | ||
42 | begin routers | |
43 | ||
44 | client: | |
45 | driver = dnslookup | |
46 | condition = ${if eq {SERVER}{}} | |
47 | dnssec_request_domains = * | |
48 | self = send | |
49 | transport = send_to_server | |
50 | ||
51 | server: | |
52 | driver = redirect | |
53 | data = :blackhole: | |
54 | ||
55 | ||
56 | # ----- Transports ----- | |
57 | ||
58 | begin transports | |
59 | ||
60 | send_to_server: | |
61 | driver = smtp | |
62 | allow_localhost | |
63 | port = PORT_D | |
64 | ||
65 | # hosts_try_dane = * | |
66 | hosts_require_dane = * | |
67 | ||
68 | # required for TA-mode testing | |
69 | tls_verify_certificates = CDIR2/ca_chain.pem | |
70 | .ifdef _HAVE_OCSP | |
71 | hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ | |
72 | {= {0}{$tls_out_tlsa_usage}} } \ | |
73 | {*}{}} | |
74 | .endif | |
75 | ||
76 | event_action = ${acl {logger}} | |
77 | ||
78 | # End |