Commit | Line | Data |
---|---|---|
899b8bbc JH |
1 | # Exim test configuration 5820 |
2 | # DANE/GnuTLS | |
12ee8cf9 JH |
3 | |
4 | SERVER= | |
59c0959a | 5 | CONTROL= * |
12ee8cf9 | 6 | |
899b8bbc | 7 | .include DIR/aux-var/tls_conf_prefix |
d4dc049f | 8 | |
12ee8cf9 | 9 | primary_hostname = myhost.test.ex |
12ee8cf9 JH |
10 | |
11 | # ----- Main settings ----- | |
12 | ||
899b8bbc JH |
13 | .ifndef OPT |
14 | acl_smtp_rcpt = accept logwrite = "rcpt ACL" | |
15 | .else | |
16 | acl_smtp_rcpt = accept verify = recipient/callout | |
17 | .endif | |
12ee8cf9 | 18 | |
899b8bbc | 19 | log_selector = +received_recipients +tls_peerdn +tls_certificate_verified |
12ee8cf9 | 20 | |
12ee8cf9 JH |
21 | queue_run_in_order |
22 | ||
23 | tls_advertise_hosts = * | |
360c0492 JH |
24 | # needed to force generation |
25 | tls_dhparam = historic | |
12ee8cf9 JH |
26 | |
27 | # Set certificate only if server | |
899b8bbc JH |
28 | CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net |
29 | CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com | |
12ee8cf9 | 30 | |
82525c6f | 31 | |
899b8bbc JH |
32 | tls_certificate = ${if eq {SERVER}{server} \ |
33 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ | |
34 | {CDIR2/fullchain.pem}\ | |
35 | {CDIR1/fullchain.pem}}}\ | |
36 | fail} | |
12ee8cf9 | 37 | |
899b8bbc JH |
38 | tls_privatekey = ${if eq {SERVER}{server} \ |
39 | {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ | |
40 | {CDIR2/server1.example.com.unlocked.key}\ | |
41 | {CDIR1/server1.example.net.unlocked.key}}}\ | |
42 | fail} | |
12ee8cf9 JH |
43 | |
44 | # ----- Routers ----- | |
45 | ||
46 | begin routers | |
47 | ||
48 | client: | |
899b8bbc JH |
49 | driver = dnslookup |
50 | condition = ${if eq {SERVER}{}} | |
51 | dnssec_request_domains = * | |
52 | self = send | |
12ee8cf9 | 53 | transport = send_to_server |
899b8bbc | 54 | errors_to = "" |
12ee8cf9 JH |
55 | |
56 | server: | |
57 | driver = redirect | |
58 | data = :blackhole: | |
59 | ||
60 | ||
61 | # ----- Transports ----- | |
62 | ||
63 | begin transports | |
64 | ||
65 | send_to_server: | |
66 | driver = smtp | |
67 | allow_localhost | |
28646fa9 | 68 | port = PORT_D |
277b9979 | 69 | hosts_try_fastopen = : |
899b8bbc | 70 | |
59c0959a | 71 | hosts_try_dane = CONTROL |
899b8bbc JH |
72 | hosts_require_dane = HOSTIPV4 |
73 | tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} | |
74 | tls_try_verify_hosts = thishost.test.ex | |
570cb1bd | 75 | tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} |
899b8bbc | 76 | |
7a31d643 | 77 | |
12ee8cf9 JH |
78 | |
79 | # ----- Retry ----- | |
80 | ||
81 | ||
82 | begin retry | |
83 | ||
84 | * * F,5d,10s | |
85 | ||
86 | ||
87 | # End |