Commit | Line | Data |
---|---|---|
98eb9592 JH |
1 | # Exim test configuration 3820 |
2 | ||
3 | SERVER= | |
4 | ||
14a806d6 JH |
5 | .ifdef TRUSTED |
6 | .include DIR/aux-var/tls_conf_prefix | |
7 | .else | |
98eb9592 | 8 | .include DIR/aux-var/std_conf_prefix |
14a806d6 | 9 | .endif |
98eb9592 JH |
10 | |
11 | primary_hostname = myhost.test.ex | |
14a806d6 | 12 | tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} |
98eb9592 JH |
13 | |
14 | # ----- Main settings ----- | |
15 | ||
14a806d6 JH |
16 | acl_smtp_rcpt = accept |
17 | queue_only | |
18 | ||
19 | ||
20 | begin routers | |
21 | ||
22 | client_r: | |
23 | driver = accept | |
24 | condition = ${if !eq {SERVER}{server}} | |
25 | transport = smtp | |
26 | ||
27 | begin transports | |
28 | ||
29 | smtp: | |
30 | driver = smtp | |
31 | hosts = 127.0.0.1 | |
32 | allow_localhost | |
33 | port = PORT_D | |
34 | .ifdef TRUSTED | |
35 | hosts_require_tls = * | |
36 | tls_verify_certificates = DIR/aux-fixed/cert1 | |
37 | tls_verify_cert_hostnames = : | |
38 | .endif | |
39 | hosts_require_auth = * | |
98eb9592 JH |
40 | |
41 | # ----- Authentication ----- | |
42 | ||
43 | begin authenticators | |
44 | ||
14a806d6 | 45 | .ifndef TRUSTED |
98eb9592 JH |
46 | sasl1: |
47 | driver = gsasl | |
48 | public_name = ANONYMOUS | |
49 | server_set_id = $auth1 | |
50 | server_condition = true | |
51 | ||
52 | sasl2: | |
53 | driver = gsasl | |
54 | public_name = PLAIN | |
55 | server_set_id = $auth1 | |
14a806d6 JH |
56 | server_condition = ${if eq {$auth3}{pencil}} |
57 | ||
58 | client_condition = ${if eq {plain}{$local_part}} | |
59 | client_username = ph10 | |
60 | client_password = pencil | |
61 | .endif | |
98eb9592 JH |
62 | |
63 | sasl3: | |
64 | driver = gsasl | |
14a806d6 JH |
65 | .ifdef TRUSTED |
66 | public_name = SCRAM-SHA-1-PLUS | |
67 | server_advertise_condition = ${if def:tls_in_cipher} | |
68 | server_channelbinding = true | |
69 | .else | |
98eb9592 | 70 | public_name = SCRAM-SHA-1 |
14a806d6 | 71 | .endif |
98eb9592 JH |
72 | |
73 | # will need to give library salt, stored-key, server-key, itercount | |
74 | # | |
75 | # sigh | |
76 | # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take | |
77 | # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode. | |
78 | ||
98eb9592 JH |
79 | # unclear if the salt is given in binary or base64 to the library |
80 | server_scram_salt = QSXCR+Q6sek8bf92 | |
81 | server_password = pencil | |
98eb9592 JH |
82 | server_condition = true |
83 | server_set_id = $auth1 | |
84 | ||
14a806d6 JH |
85 | client_condition = ${if eq {scram_sha_1}{$local_part}} |
86 | client_username = ph10 | |
87 | client_password = pencil | |
88 | .ifdef TRUSTED | |
89 | client_channelbinding = true | |
90 | .endif | |
91 | ||
98eb9592 JH |
92 | |
93 | # End |