projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into 4.next
[exim.git] / test / confs / 5601
1 # Exim test configuration 5601
2 # OCSP stapling, client
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 keep_environment = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
8 host_lookup_order = bydns
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/SERVER%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13 chunking_advertise_hosts =
14 primary_hostname = server1.example.com
15
16
17 # ----- Main settings -----
18
19 domainlist local_domains = test.ex : *.test.ex
20
21 acl_smtp_rcpt = check_recipient
22 acl_smtp_data = check_data
23
24 log_selector = +tls_peerdn +received_recipients
25 remote_max_parallel = 1
26
27 tls_advertise_hosts = *
28
29 # Set certificate only if server
30
31 tls_certificate = ${if eq {SERVER}{server}\
32 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
33 fail\
34 }
35
36 #{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
37
38 tls_privatekey = ${if eq {SERVER}{server}\
39 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
40 fail}
41
42 tls_ocsp_file = RETURN
43
44
45 # ------ ACL ------
46
47 begin acl
48
49 check_recipient:
50 accept domains = +local_domains
51 deny message = relay not permitted
52
53 check_data:
54 warn condition = ${if def:h_X-TLS-out:}
55 logwrite = client claims: $h_X-TLS-out:
56 accept
57
58 # ----- Routers -----
59
60 begin routers
61
62 client:
63 driver = accept
64 condition = ${if eq {SERVER}{server}{no}{yes}}
65 retry_use_local_part
66 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
67 {${if eq{$local_part}{norequire} {2} \
68 {${if eq{$local_part}{smtps} {4}{3}}} \
69 }}}
70
71 server:
72 driver = redirect
73 data = :blackhole:
74 #retry_use_local_part
75 #transport = local_delivery
76
77
78 # ----- Transports -----
79
80 begin transports
81
82 local_delivery:
83 driver = appendfile
84 file = DIR/test-mail/$local_part
85 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
86 user = CALLER
87
88 send_to_server1:
89 driver = smtp
90 allow_localhost
91 hosts = HOSTIPV4
92 port = PORT_D
93 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
94 tls_verify_cert_hostnames =
95 hosts_require_tls = *
96 hosts_request_ocsp = :
97 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
98 (${listextract {${eval:$tls_out_ocsp+1}} \
99 {notreq:notresp:vfynotdone:failed:verified}})
100
101 send_to_server2:
102 driver = smtp
103 allow_localhost
104 hosts = HOSTIPV4
105 port = PORT_D
106 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
107 tls_verify_cert_hostnames =
108 hosts_require_tls = *
109 # note no ocsp mention here
110 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
111 (${listextract {${eval:$tls_out_ocsp+1}} \
112 {notreq:notresp:vfynotdone:failed:verified}})
113
114 send_to_server3:
115 driver = smtp
116 allow_localhost
117 hosts = 127.0.0.1
118 port = PORT_D
119 helo_data = helo.data.changed
120 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
121 tls_verify_cert_hostnames =
122 hosts_require_tls = *
123 hosts_require_ocsp = *
124 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
125 (${listextract {${eval:$tls_out_ocsp+1}} \
126 {notreq:notresp:vfynotdone:failed:verified}})
127
128 send_to_server4:
129 driver = smtp
130 allow_localhost
131 hosts = 127.0.0.1
132 port = PORT_D
133 helo_data = helo.data.changed
134 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
135 tls_verify_cert_hostnames =
136 protocol = smtps
137 hosts_require_tls = *
138 hosts_require_ocsp = *
139 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
140 (${listextract {${eval:$tls_out_ocsp+1}} \
141 {notreq:notresp:vfynotdone:failed:verified}})
142
143
144 # ----- Retry -----
145
146
147 begin retry
148
149 * * F,5d,1s
150
151
152 # End
Unnamed repository; edit this file 'description' to name the repository.