[exim.git] / test / confs / 2131

# Exim test configuration 2131
# SNI

SERVER =

.include DIR/aux-var/tls_conf_prefix

primary_hostname = myhost.test.ex

# ----- Main settings -----

domainlist local_domains = test.ex : *.test.ex

acl_smtp_rcpt = acl_log_sni
log_selector = +tls_peerdn +tls_sni +received_recipients
remote_max_parallel = 1

tls_advertise_hosts = *

# Set certificate only if server

tls_certificate = ${if eq {SERVER}{server} \
	{DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
	    {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
	    {cert1} \
			}\
	}fail}

tls_privatekey = ${if eq {SERVER}{server} \
	{DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
	    {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
	    {cert1} \
			}\
	}fail}


# ------ ACL ------

begin acl

acl_log_sni:
  accept
	 logwrite = SNI <$tls_in_sni>

# ----- Routers -----

begin routers

client:
  driver = accept
  condition = ${if !eq {SERVER}{server}}
  transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}

server:
  driver = redirect
  data = :blackhole:


# ----- Transports -----

begin transports

send_to_server1:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_sni = fred
  hosts_require_tls = *
  tls_try_verify_hosts = :

send_to_server2:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_sni = bill
  hosts_require_tls = *
  tls_try_verify_hosts = :


# ----- Retry -----


begin retry

* * F,5d,10s


# End
Commit	Line	Data
37ff4e03	1	# Exim test configuration 2131
0df4ab80 JH	2	# SNI
	3
	4	SERVER =
	5
d4dc049f	6	.include DIR/aux-var/tls_conf_prefix
0df4ab80	7
d4dc049f	8	primary_hostname = myhost.test.ex
0df4ab80 JH	9
	10	# ----- Main settings -----
	11
	12	domainlist local_domains = test.ex : *.test.ex
	13
	14	acl_smtp_rcpt = acl_log_sni
38d10e18	15	log_selector = +tls_peerdn +tls_sni +received_recipients
0df4ab80 JH	16	remote_max_parallel = 1
	17
	18	tls_advertise_hosts = *
	19
	20	# Set certificate only if server
	21
	22	tls_certificate = ${if eq {SERVER}{server} \
	23	{DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
	24	{exim-ca/example.com/server1.example.com/server1.example.com.pem} \
	25	{cert1} \
	26	}\
	27	}fail}
	28
	29	tls_privatekey = ${if eq {SERVER}{server} \
	30	{DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
	31	{exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
	32	{cert1} \
	33	}\
	34	}fail}
	35
	36
	37	# ------ ACL ------
	38
	39	begin acl
	40
	41	acl_log_sni:
	42	accept
	43	logwrite = SNI <$tls_in_sni>
	44
	45	# ----- Routers -----
	46
	47	begin routers
	48
	49	client:
	50	driver = accept
	51	condition = ${if !eq {SERVER}{server}}
	52	transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
	53
	54	server:
	55	driver = redirect
	56	data = :blackhole:
	57
	58
	59	# ----- Transports -----
	60
	61	begin transports
	62
	63	send_to_server1:
	64	driver = smtp
	65	allow_localhost
	66	hosts = HOSTIPV4
	67	port = PORT_D
	68	tls_sni = fred
	69	hosts_require_tls = *
610ff438	70	tls_try_verify_hosts = :
0df4ab80 JH	71
	72	send_to_server2:
	73	driver = smtp
	74	allow_localhost
	75	hosts = HOSTIPV4
	76	port = PORT_D
	77	tls_sni = bill
	78	hosts_require_tls = *
610ff438	79	tls_try_verify_hosts = :
0df4ab80 JH	80
	81
	82	# ----- Retry -----
	83
	84
	85	begin retry
	86
	87	* * F,5d,10s
	88
	89
	90	# End