projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Doc: clarify the syntax of the "begin <section>"
[exim.git] / test / confs / 5601
1 # Exim test configuration 5601
2 # OCSP stapling, client
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = server1.example.com
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/SERVER%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13
14
15 # ----- Main settings -----
16
17 domainlist local_domains = test.ex : *.test.ex
18
19 acl_smtp_rcpt = check_recipient
20 acl_smtp_data = check_data
21
22 log_selector = +tls_peerdn
23 remote_max_parallel = 1
24
25 tls_advertise_hosts = *
26
27 # Set certificate only if server
28
29 tls_certificate = ${if eq {SERVER}{server}\
30 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
31 fail\
32 }
33
34 #{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
35
36 tls_privatekey = ${if eq {SERVER}{server}\
37 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
38 fail}
39
40 tls_ocsp_file = OCSP
41
42
43 # ------ ACL ------
44
45 begin acl
46
47 check_recipient:
48 accept domains = +local_domains
49 deny message = relay not permitted
50
51 check_data:
52 warn condition = ${if def:h_X-TLS-out:}
53 logwrite = client claims: $h_X-TLS-out:
54 accept
55
56 # ----- Routers -----
57
58 begin routers
59
60 client:
61 driver = accept
62 condition = ${if eq {SERVER}{server}{no}{yes}}
63 retry_use_local_part
64 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
65 {${if eq{$local_part}{norequire} {2} \
66 {${if eq{$local_part}{smtps} {4}{3}}} \
67 }}}
68
69 server:
70 driver = redirect
71 data = :blackhole:
72 #retry_use_local_part
73 #transport = local_delivery
74
75
76 # ----- Transports -----
77
78 begin transports
79
80 local_delivery:
81 driver = appendfile
82 file = DIR/test-mail/$local_part
83 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
84 user = CALLER
85
86 send_to_server1:
87 driver = smtp
88 allow_localhost
89 hosts = HOSTIPV4
90 port = PORT_D
91 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
92 tls_verify_cert_hostnames =
93 hosts_require_tls = *
94 hosts_request_ocsp = :
95 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
96 (${listextract {${eval:$tls_out_ocsp+1}} \
97 {notreq:notresp:vfynotdone:failed:verified}})
98
99 send_to_server2:
100 driver = smtp
101 allow_localhost
102 hosts = HOSTIPV4
103 port = PORT_D
104 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
105 tls_verify_cert_hostnames =
106 hosts_require_tls = *
107 # note no ocsp mention here
108 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
109 (${listextract {${eval:$tls_out_ocsp+1}} \
110 {notreq:notresp:vfynotdone:failed:verified}})
111
112 send_to_server3:
113 driver = smtp
114 allow_localhost
115 hosts = 127.0.0.1
116 port = PORT_D
117 helo_data = helo.data.changed
118 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
119 tls_verify_cert_hostnames =
120 hosts_require_tls = *
121 hosts_require_ocsp = *
122 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
123 (${listextract {${eval:$tls_out_ocsp+1}} \
124 {notreq:notresp:vfynotdone:failed:verified}})
125
126 send_to_server4:
127 driver = smtp
128 allow_localhost
129 hosts = 127.0.0.1
130 port = PORT_D
131 helo_data = helo.data.changed
132 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
133 tls_verify_cert_hostnames =
134 protocol = smtps
135 hosts_require_tls = *
136 hosts_require_ocsp = *
137 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
138 (${listextract {${eval:$tls_out_ocsp+1}} \
139 {notreq:notresp:vfynotdone:failed:verified}})
140
141
142 # ----- Retry -----
143
144
145 begin retry
146
147 * * F,5d,1s
148
149
150 # End
Unnamed repository; edit this file 'description' to name the repository.