projects / exim.git / blob
? search:


0b2be46a1719e720256e69ebfcf2ee21804442eb
[exim.git] / test / confs / 5611
1 # Exim test configuration 5601
2 # OCSP stapling, client
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 keep_environment = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
8 host_lookup_order = bydns
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/SERVER%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13 chunking_advertise_hosts =
14 primary_hostname = server1.example.com
15
16 .ifdef _HAVE_DMARC
17 dmarc_tld_file =
18 .endif
19
20
21 # ----- Main settings -----
22
23 domainlist local_domains = test.ex : *.test.ex
24
25 acl_smtp_rcpt = check_recipient
26 acl_smtp_data = check_data
27
28 log_selector = +tls_peerdn
29 remote_max_parallel = 1
30
31 tls_advertise_hosts = *
32
33 # Set certificate only if server
34
35 tls_certificate = ${if eq {SERVER}{server}\
36 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
37 fail\
38 }
39
40 #{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
41
42 tls_privatekey = ${if eq {SERVER}{server}\
43 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
44 fail}
45
46 tls_ocsp_file = RETURN
47
48
49 # ------ ACL ------
50
51 begin acl
52
53 check_recipient:
54 accept domains = +local_domains
55 deny message = relay not permitted
56
57 check_data:
58 warn condition = ${if def:h_X-TLS-out:}
59 logwrite = client claims: $h_X-TLS-out:
60 accept
61
62 # ----- Routers -----
63
64 begin routers
65
66 client:
67 driver = accept
68 condition = ${if eq {SERVER}{server}{no}{yes}}
69 retry_use_local_part
70 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
71 {${if eq{$local_part}{norequire} {2} \
72 {${if eq{$local_part}{smtps} {4}{3}}} \
73 }}}
74
75 server:
76 driver = redirect
77 data = :blackhole:
78 #retry_use_local_part
79 #transport = local_delivery
80
81
82 # ----- Transports -----
83
84 begin transports
85
86 local_delivery:
87 driver = appendfile
88 file = DIR/test-mail/$local_part
89 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
90 user = CALLER
91
92 send_to_server1:
93 driver = smtp
94 allow_localhost
95 hosts = HOSTIPV4
96 port = PORT_D
97 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
98 tls_verify_cert_hostnames =
99 hosts_require_tls = *
100 hosts_request_ocsp = :
101 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
102 (${listextract {${eval:$tls_out_ocsp+1}} \
103 {notreq:notresp:vfynotdone:failed:verified}})
104
105 send_to_server2:
106 driver = smtp
107 allow_localhost
108 hosts = HOSTIPV4
109 port = PORT_D
110 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
111 tls_verify_cert_hostnames =
112 hosts_require_tls = *
113 # note no ocsp mention here
114 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
115 (${listextract {${eval:$tls_out_ocsp+1}} \
116 {notreq:notresp:vfynotdone:failed:verified}})
117
118 send_to_server3:
119 driver = smtp
120 allow_localhost
121 hosts = 127.0.0.1
122 port = PORT_D
123 helo_data = helo.data.changed
124 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
125 tls_verify_cert_hostnames =
126 hosts_require_tls = *
127 hosts_require_ocsp = *
128 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
129 (${listextract {${eval:$tls_out_ocsp+1}} \
130 {notreq:notresp:vfynotdone:failed:verified}})
131
132 send_to_server4:
133 driver = smtp
134 allow_localhost
135 hosts = 127.0.0.1
136 port = PORT_D
137 helo_data = helo.data.changed
138 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
139 tls_verify_cert_hostnames =
140 protocol = smtps
141 hosts_require_tls = *
142 hosts_require_ocsp = *
143 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
144 (${listextract {${eval:$tls_out_ocsp+1}} \
145 {notreq:notresp:vfynotdone:failed:verified}})
146
147
148 # ----- Retry -----
149
150
151 begin retry
152
153 * * F,5d,1s
154
155
156 # End
Unnamed repository; edit this file 'description' to name the repository.