tidying
[exim.git] / test / confs / 5880
CommitLineData
bd5b3f3c
JH
1# Exim test configuration 5880
2# DANE
3
4SERVER=
5
6.include DIR/aux-var/tls_conf_prefix
7
8primary_hostname = myhost.test.ex
9
10# ----- Main settings -----
11
12acl_smtp_rcpt = accept
13
14log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
15
16queue_only
17queue_run_in_order
18
19tls_advertise_hosts = *
20
21# Set certificate only if server
22CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
23
24tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail}
25tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail}
26
27
28begin acl
29
30logger:
31 accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
32 logwrite = $event_name depth = $event_data \
33 <${certextract {subject} {$tls_out_peercert}}>
34# message = noooo
35
36 accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
37 logwrite = $event_name dane=$tls_out_dane
38 accept
39
40# ----- Routers -----
41
42begin routers
43
44client:
45 driver = dnslookup
46 condition = ${if eq {SERVER}{}}
47 dnssec_request_domains = *
48 self = send
49 transport = send_to_server
50
51server:
52 driver = redirect
53 data = :blackhole:
54
55
56# ----- Transports -----
57
58begin transports
59
60send_to_server:
61 driver = smtp
62 allow_localhost
63 port = PORT_D
64
65# hosts_try_dane = *
66 hosts_require_dane = *
67
68 # required for TA-mode testing
69 tls_verify_certificates = CDIR2/ca_chain.pem
70.ifdef _HAVE_OCSP
71 hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
72 {= {0}{$tls_out_tlsa_usage}} } \
73 {*}{}}
74.endif
75
76 event_action = ${acl {logger}}
77
78# End