projects / exim.git / blob
? search:


5803c3ce9e3706de2dd2e4466b9cf6f6eab7132e
[exim.git] / test / confs / 5651
1 # Exim test configuration 5651
2 # OCSP stapling, client
3
4 SERVER =
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = server1.example.com
9
10 # ----- Main settings -----
11
12 domainlist local_domains = test.ex : *.test.ex
13
14 acl_smtp_rcpt = check_recipient
15 acl_smtp_data = check_data
16
17 log_selector = +tls_peerdn
18 remote_max_parallel = 1
19
20 tls_advertise_hosts = *
21
22 # Set certificate only if server
23 tls_certificate = ${if eq {SERVER}{server}\
24 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
25 fail\
26 }
27 tls_privatekey = ${if eq {SERVER}{server}\
28 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
29 fail}
30
31 # from cmdline define
32 tls_ocsp_file = OPT
33
34
35 # ------ ACL ------
36
37 begin acl
38
39 check_recipient:
40 accept domains = +local_domains
41 deny message = relay not permitted
42
43 check_data:
44 warn condition = ${if def:h_X-TLS-out:}
45 logwrite = client claims: $h_X-TLS-out:
46 accept
47
48
49 # ----- Routers -----
50
51 begin routers
52
53 client:
54 driver = accept
55 condition = ${if eq {SERVER}{server}{no}{yes}}
56 retry_use_local_part
57 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
58 {${if eq{$local_part}{norequire} {2} \
59 {${if eq{$local_part}{smtps} {4}{3}}} \
60 }}}
61
62 server:
63 driver = redirect
64 data = :blackhole:
65 #retry_use_local_part
66 #transport = local_delivery
67
68
69 # ----- Transports -----
70
71 begin transports
72
73 local_delivery:
74 driver = appendfile
75 file = DIR/test-mail/$local_part
76 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
77 user = CALLER
78
79 send_to_server1:
80 driver = smtp
81 allow_localhost
82 hosts = HOSTIPV4
83 port = PORT_D
84 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
85 tls_verify_cert_hostnames =
86 hosts_require_tls = *
87 hosts_request_ocsp = :
88 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
89 (${listextract {${eval:$tls_out_ocsp+1}} \
90 {notreq:notresp:vfynotdone:failed:verified}})
91
92 send_to_server2:
93 driver = smtp
94 allow_localhost
95 hosts = HOSTIPV4
96 port = PORT_D
97 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
98 tls_verify_cert_hostnames =
99 hosts_require_tls = *
100 # note no ocsp mention here
101 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
102 (${listextract {${eval:$tls_out_ocsp+1}} \
103 {notreq:notresp:vfynotdone:failed:verified}})
104
105 send_to_server3:
106 driver = smtp
107 allow_localhost
108 hosts = 127.0.0.1
109 port = PORT_D
110 helo_data = helo.data.changed
111 #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
112 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
113 tls_try_verify_hosts =
114 tls_verify_cert_hostnames =
115 hosts_require_tls = *
116 hosts_require_ocsp = *
117 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
118 (${listextract {${eval:$tls_out_ocsp+1}} \
119 {notreq:notresp:vfynotdone:failed:verified}})
120
121 send_to_server4:
122 driver = smtp
123 allow_localhost
124 hosts = 127.0.0.1
125 port = PORT_D
126 helo_data = helo.data.changed
127 #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
128 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
129 tls_verify_cert_hostnames =
130 protocol = smtps
131 hosts_require_tls = *
132 hosts_require_ocsp = *
133 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
134 (${listextract {${eval:$tls_out_ocsp+1}} \
135 {notreq:notresp:vfynotdone:failed:verified}})
136
137
138 # ----- Retry -----
139
140
141 begin retry
142
143 * * F,5d,1s
144
145
146 # End
Unnamed repository; edit this file 'description' to name the repository.