Commit | Line | Data |
---|---|---|
f5d78688 JH |
1 | # Exim test configuration 5600 |
2 | # OCSP stapling, server | |
3 | ||
4 | CRL= | |
5 | ||
6 | exim_path = EXIM_PATH | |
7 | host_lookup_order = bydns | |
8 | primary_hostname = server1.example.com | |
9 | rfc1413_query_timeout = 0s | |
10 | spool_directory = DIR/spool | |
11 | log_file_path = DIR/spool/log/%slog | |
12 | gecos_pattern = "" | |
13 | gecos_name = CALLER_NAME | |
14 | ||
15 | # ----- Main settings ----- | |
16 | ||
17 | acl_smtp_rcpt = check_recipient | |
18 | ||
19 | log_selector = +tls_peerdn | |
20 | ||
21 | queue_only | |
22 | queue_run_in_order | |
23 | ||
24 | tls_advertise_hosts = * | |
25 | ||
26 | tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem | |
27 | tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
28 | ||
29 | tls_verify_hosts = HOSTIPV4 | |
30 | tls_try_verify_hosts = * | |
31 | tls_verify_certificates = DIR/aux-fixed/cert2 | |
32 | tls_crl = CRL | |
33 | tls_ocsp_file = OCSP | |
34 | ||
35 | ||
36 | # ------ ACL ------ | |
37 | ||
38 | begin acl | |
39 | ||
40 | check_recipient: | |
41 | deny message = certificate not verified: peerdn=$tls_peerdn | |
42 | ! verify = certificate | |
43 | accept | |
44 | ||
45 | ||
46 | # ----- Routers ----- | |
47 | ||
48 | begin routers | |
49 | ||
50 | abc: | |
51 | driver = accept | |
52 | retry_use_local_part | |
53 | transport = local_delivery | |
54 | ||
55 | ||
56 | # ----- Transports ----- | |
57 | ||
58 | begin transports | |
59 | ||
60 | local_delivery: | |
61 | driver = appendfile | |
62 | file = DIR/test-mail/$local_part | |
63 | headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn | |
64 | user = CALLER | |
65 | ||
66 | # End |