[exim.git] / test / confs / 5611

# Exim test configuration 5601
# OCSP stapling, client

SERVER =

exim_path = EXIM_PATH
keep_environment  = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
host_lookup_order = bydns
spool_directory = DIR/spool
log_file_path = DIR/spool/log/SERVER%slog
gecos_pattern = ""
gecos_name = CALLER_NAME
chunking_advertise_hosts =
primary_hostname = server1.example.com


# ----- Main settings -----

domainlist local_domains = test.ex : *.test.ex

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_data

log_selector = +tls_peerdn
remote_max_parallel = 1

tls_advertise_hosts = *

# Set certificate only if server

tls_certificate = ${if eq {SERVER}{server}\
{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
fail\
}

#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\

tls_privatekey = ${if eq {SERVER}{server}\
{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
fail}

tls_ocsp_file = RETURN


# ------ ACL ------

begin acl

check_recipient:
  accept  domains = +local_domains
  deny    message = relay not permitted

check_data:
  warn	  condition   = ${if def:h_X-TLS-out:}
	  logwrite = client claims: $h_X-TLS-out:
  accept

# ----- Routers -----

begin routers

client:
  driver = accept
  condition = ${if eq {SERVER}{server}{no}{yes}}
  retry_use_local_part
  transport = send_to_server${if eq{$local_part}{nostaple}{1} \
				{${if eq{$local_part}{norequire} {2} \
				{${if eq{$local_part}{smtps} {4}{3}}} \
			     }}}

server:
  driver = redirect
  data = :blackhole:
  #retry_use_local_part
  #transport = local_delivery


# ----- Transports -----

begin transports

local_delivery:
  driver = appendfile
  file = DIR/test-mail/$local_part
  headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
  user = CALLER

send_to_server1:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  tls_verify_cert_hostnames =
  hosts_require_tls = *
  hosts_request_ocsp = :
  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
    (${listextract {${eval:$tls_out_ocsp+1}} \
		{notreq:notresp:vfynotdone:failed:verified}})

send_to_server2:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  tls_verify_cert_hostnames =
  hosts_require_tls = *
# note no ocsp mention here
  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
    (${listextract {${eval:$tls_out_ocsp+1}} \
		{notreq:notresp:vfynotdone:failed:verified}})

send_to_server3:
  driver = smtp
  allow_localhost
  hosts = 127.0.0.1
  port = PORT_D
  helo_data = helo.data.changed
  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  tls_verify_cert_hostnames =
  hosts_require_tls =  *
  hosts_require_ocsp = *
  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
    (${listextract {${eval:$tls_out_ocsp+1}} \
		{notreq:notresp:vfynotdone:failed:verified}})

send_to_server4:
  driver = smtp
  allow_localhost
  hosts = 127.0.0.1
  port = PORT_D
  helo_data = helo.data.changed
  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  tls_verify_cert_hostnames =
  protocol =           smtps
  hosts_require_tls =  *
  hosts_require_ocsp = *
  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
    (${listextract {${eval:$tls_out_ocsp+1}} \
		{notreq:notresp:vfynotdone:failed:verified}})


# ----- Retry -----


begin retry

* * F,5d,1s


# End
Commit	Line	Data
e5b60be7 JH	1	# Exim test configuration 5601
	2	# OCSP stapling, client
	3
	4	SERVER =
	5
	6	exim_path = EXIM_PATH
	7	keep_environment = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
	8	host_lookup_order = bydns
	9	spool_directory = DIR/spool
	10	log_file_path = DIR/spool/log/SERVER%slog
	11	gecos_pattern = ""
	12	gecos_name = CALLER_NAME
	13	chunking_advertise_hosts =
	14	primary_hostname = server1.example.com
	15
	16
	17	# ----- Main settings -----
	18
	19	domainlist local_domains = test.ex : *.test.ex
	20
	21	acl_smtp_rcpt = check_recipient
	22	acl_smtp_data = check_data
	23
	24	log_selector = +tls_peerdn
	25	remote_max_parallel = 1
	26
	27	tls_advertise_hosts = *
	28
	29	# Set certificate only if server
	30
	31	tls_certificate = ${if eq {SERVER}{server}\
	32	{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
	33	fail\
	34	}
	35
	36	#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
	37
	38	tls_privatekey = ${if eq {SERVER}{server}\
	39	{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
	40	fail}
	41
	42	tls_ocsp_file = RETURN
	43
	44
	45	# ------ ACL ------
	46
	47	begin acl
	48
	49	check_recipient:
	50	accept domains = +local_domains
	51	deny message = relay not permitted
	52
	53	check_data:
	54	warn condition = ${if def:h_X-TLS-out:}
	55	logwrite = client claims: $h_X-TLS-out:
	56	accept
	57
	58	# ----- Routers -----
	59
	60	begin routers
	61
	62	client:
	63	driver = accept
	64	condition = ${if eq {SERVER}{server}{no}{yes}}
65	retry_use_local_part
66	transport = send_to_server${if eq{$local_part}{nostaple}{1} \
67	{${if eq{$local_part}{norequire} {2} \
68	{${if eq{$local_part}{smtps} {4}{3}}} \
69	}}}
70
71	server:
72	driver = redirect
73	data = :blackhole:
74	#retry_use_local_part
75	#transport = local_delivery
76
77
78	# ----- Transports -----
79
80	begin transports
81
82	local_delivery:
83	driver = appendfile
84	file = DIR/test-mail/$local_part
85	headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
86	user = CALLER
87
88	send_to_server1:
89	driver = smtp
90	allow_localhost
91	hosts = HOSTIPV4
92	port = PORT_D
93	tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
94	tls_verify_cert_hostnames =
95	hosts_require_tls = *
96	hosts_request_ocsp = :
97	headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
98	(${listextract {${eval:$tls_out_ocsp+1}} \
99	{notreq:notresp:vfynotdone:failed:verified}})
100
101	send_to_server2:
102	driver = smtp
103	allow_localhost
104	hosts = HOSTIPV4
105	port = PORT_D
106	tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
107	tls_verify_cert_hostnames =
108	hosts_require_tls = *
109	# note no ocsp mention here
110	headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
111	(${listextract {${eval:$tls_out_ocsp+1}} \
112	{notreq:notresp:vfynotdone:failed:verified}})
113
114	send_to_server3:
115	driver = smtp
116	allow_localhost
117	hosts = 127.0.0.1
118	port = PORT_D
119	helo_data = helo.data.changed
120	tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
121	tls_verify_cert_hostnames =
122	hosts_require_tls = *
123	hosts_require_ocsp = *
124	headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
125	(${listextract {${eval:$tls_out_ocsp+1}} \
126	{notreq:notresp:vfynotdone:failed:verified}})
127
128	send_to_server4:
129	driver = smtp
130	allow_localhost
131	hosts = 127.0.0.1
132	port = PORT_D
133	helo_data = helo.data.changed
134	tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
135	tls_verify_cert_hostnames =
136	protocol = smtps
137	hosts_require_tls = *
138	hosts_require_ocsp = *
139	headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
140	(${listextract {${eval:$tls_out_ocsp+1}} \
141	{notreq:notresp:vfynotdone:failed:verified}})
142
143
144	# ----- Retry -----
145
146
147	begin retry
148
149	* * F,5d,1s
150
151
152	# End