test/confs/5610

   1 # Exim test configuration 5600
   2 # OCSP stapling, server
   3
   4 CRL=
   5
   6 .include DIR/aux-var/tls_conf_prefix
   7
   8 primary_hostname = server1.example.com
   9
  10 # ----- Main settings -----
  11
  12 acl_smtp_connect = check_connect
  13 acl_smtp_mail = check_mail
  14 acl_smtp_rcpt = check_recipient
  15
  16 log_selector = +tls_peerdn
  17
  18 queue_only
  19 queue_run_in_order
  20
  21 tls_advertise_hosts = *
  22
  23 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  24 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  25
  26 tls_verify_hosts = HOSTIPV4
  27 tls_try_verify_hosts = *
  28 tls_verify_certificates = DIR/aux-fixed/cert2
  29 tls_crl = CRL
  30 tls_ocsp_file = RETURN
  31
  32
  33 # ------ ACL ------
  34
  35 begin acl
  36
  37 check_connect:
  38   accept   logwrite = acl_conn: ocsp in status: $tls_in_ocsp \
  39     (${listextract {${eval:$tls_in_ocsp+1}} \
  40                 {notreq:notresp:vfynotdone:failed:verified}})
  41
  42 check_mail:
  43   accept   logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
  44     (${listextract {${eval:$tls_in_ocsp+1}} \
  45                 {notreq:notresp:vfynotdone:failed:verified}})
  46
  47 check_recipient:
  48   deny     message = certificate not verified: peerdn=$tls_peerdn
  49          ! verify = certificate
  50   accept
  51
  52
  53 # ----- Routers -----
  54
  55 begin routers
  56
  57 abc:
  58   driver = accept
  59   retry_use_local_part
  60   transport = local_delivery
  61
  62
  63 # ----- Transports -----
  64
  65 begin transports
  66
  67 local_delivery:
  68   driver = appendfile
  69   file = DIR/test-mail/${bless:$local_part}
  70   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
  71   user = CALLER
  72
  73 # End