Commit | Line | Data |
---|---|---|
b10c87b3 JH |
1 | # Exim test configuration 5890 |
2 | ||
3 | SERVER = | |
4 | OPTION = NORMAL | |
5 | ||
6 | .include DIR/aux-var/tls_conf_prefix | |
7 | ||
8 | primary_hostname = myhost.test.ex | |
9 | ||
10 | # ----- Main settings ----- | |
11 | ||
12 | domainlist local_domains = test.ex : *.test.ex | |
13 | ||
14 | acl_smtp_helo = check_helo | |
15 | acl_smtp_rcpt = check_recipient | |
f4e62a87 | 16 | log_selector = +received_recipients +tls_resumption +tls_peerdn |
b10c87b3 JH |
17 | |
18 | tls_advertise_hosts = * | |
19 | ||
20 | # Set certificate only if server | |
21 | ||
c82de233 JH |
22 | CDIR=DIR/aux-fixed/exim-ca/example.com |
23 | ||
24 | tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem | |
25 | tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key | |
26 | tls_ocsp_file = CDIR/server1.example.com/server1.example.com.ocsp.good.resp | |
b10c87b3 JH |
27 | |
28 | tls_require_ciphers = OPTION | |
29 | tls_resumption_hosts = 127.0.0.1 | |
30 | ||
31 | ||
32 | # ------ ACL ------ | |
33 | ||
34 | begin acl | |
35 | ||
36 | check_helo: | |
37 | accept condition = ${if def:tls_in_cipher} | |
f4e62a87 | 38 | logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}} |
11c4a22b JH |
39 | logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}} |
40 | logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}} | |
41 | logwrite = peer cert verified\t${tls_in_certificate_verified} | |
42 | logwrite = peer dn\t${tls_in_peerdn} | |
43 | logwrite = ocsp\t${tls_in_ocsp} | |
44 | logwrite = cipher\t${tls_in_cipher} | |
45 | logwrite = bits\t${tls_in_bits} | |
b10c87b3 JH |
46 | accept |
47 | ||
48 | check_recipient: | |
49 | accept domains = +local_domains | |
50 | deny message = relay not permitted | |
51 | ||
52 | log_resumption: | |
53 | accept condition = ${if def:tls_out_cipher} | |
54 | condition = ${if eq {$event_name}{tcp:close}} | |
55 | logwrite = tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}} | |
11c4a22b JH |
56 | logwrite = our cert subject\t${certextract {subject}{$tls_out_ourcert}} |
57 | logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}} | |
58 | logwrite = peer cert verified\t${tls_out_certificate_verified} | |
59 | logwrite = peer dn\t${tls_out_peerdn} | |
60 | logwrite = ocsp\t${tls_out_ocsp} | |
61 | logwrite = cipher\t${tls_out_cipher} | |
62 | logwrite = bits\t${tls_out_bits} | |
b10c87b3 JH |
63 | |
64 | ||
65 | # ----- Routers ----- | |
66 | ||
67 | begin routers | |
68 | ||
69 | client: | |
f4e62a87 JH |
70 | driver = accept |
71 | condition = ${if eq {SERVER}{server}{no}{yes}} | |
72 | transport = send_to_server${if eq{$local_part}{abcd}{2}{1}} | |
b10c87b3 JH |
73 | |
74 | server: | |
75 | driver = redirect | |
76 | data = :blackhole: | |
77 | ||
78 | # ----- Transports ----- | |
79 | ||
80 | begin transports | |
81 | ||
82 | send_to_server1: | |
f4e62a87 | 83 | driver = smtp |
b10c87b3 | 84 | allow_localhost |
f4e62a87 JH |
85 | hosts = 127.0.0.1 |
86 | port = PORT_D | |
87 | helo_data = helo.data.changed | |
b10c87b3 | 88 | .ifdef VALUE |
f4e62a87 | 89 | tls_resumption_hosts = * |
b10c87b3 | 90 | .else |
f4e62a87 | 91 | tls_resumption_hosts = : |
b10c87b3 | 92 | .endif |
c82de233 | 93 | tls_verify_certificates = CDIR/CA/CA.pem |
f4e62a87 JH |
94 | tls_verify_cert_hostnames = ${if match {$local_part}{^noverify} {*}{:}} |
95 | tls_try_verify_hosts = * | |
96 | event_action = ${acl {log_resumption}} | |
b10c87b3 JH |
97 | |
98 | send_to_server2: | |
99 | driver = smtp | |
100 | allow_localhost | |
101 | hosts = HOSTIPV4 | |
102 | port = PORT_D | |
c82de233 JH |
103 | tls_verify_certificates = CDIR/CA/CA.pem |
104 | tls_verify_cert_hostnames = : | |
105 | event_action = ${acl {log_resumption}} | |
b10c87b3 JH |
106 | |
107 | ||
108 | # ----- Retry ----- | |
109 | ||
110 | ||
111 | begin retry | |
112 | ||
113 | * * F,5d,10s | |
114 | ||
115 | ||
116 | # End |