projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make $tls_out_ocsp visible to TPDA (mostly testsuite)
[exim.git] / test / confs / 5651
1 # Exim test configuration 5651
2 # OCSP stapling, client
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = server1.example.com
9 rfc1413_query_timeout = 0s
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15
16 # ----- Main settings -----
17
18 domainlist local_domains = test.ex : *.test.ex
19
20 acl_smtp_rcpt = check_recipient
21 acl_smtp_data = check_data
22
23 log_selector = +tls_peerdn
24 remote_max_parallel = 1
25
26 tls_advertise_hosts = *
27
28 # Set certificate only if server
29 tls_certificate = ${if eq {SERVER}{server}\
30 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
31 fail\
32 }
33 tls_privatekey = ${if eq {SERVER}{server}\
34 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
35 fail}
36
37 # from cmdline define
38 tls_ocsp_file = OCSP
39
40
41 # ------ ACL ------
42
43 begin acl
44
45 check_recipient:
46 accept domains = +local_domains
47 deny message = relay not permitted
48
49 check_data:
50 warn condition = ${if def:h_X-TLS-out:}
51 logwrite = client claims: $h_X-TLS-out:
52 accept
53
54
55 # ----- Routers -----
56
57 begin routers
58
59 client:
60 driver = accept
61 condition = ${if eq {SERVER}{server}{no}{yes}}
62 retry_use_local_part
63 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
64 {${if eq{$local_part}{norequire} {2} \
65 {${if eq{$local_part}{smtps} {4}{3}}} \
66 }}}
67
68 server:
69 driver = redirect
70 data = :blackhole:
71 #retry_use_local_part
72 #transport = local_delivery
73
74
75 # ----- Transports -----
76
77 begin transports
78
79 local_delivery:
80 driver = appendfile
81 file = DIR/test-mail/$local_part
82 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
83 user = CALLER
84
85 send_to_server1:
86 driver = smtp
87 allow_localhost
88 hosts = HOSTIPV4
89 port = PORT_D
90 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
91 hosts_require_tls = *
92 hosts_request_ocsp = :
93 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
94 (${listextract {${eval:$tls_out_ocsp+1}} \
95 {notreq:notresp:vfynotdone:failed:verified}})
96
97 send_to_server2:
98 driver = smtp
99 allow_localhost
100 hosts = HOSTIPV4
101 port = PORT_D
102 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
103 hosts_require_tls = *
104 # note no ocsp mention here
105 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
106 (${listextract {${eval:$tls_out_ocsp+1}} \
107 {notreq:notresp:vfynotdone:failed:verified}})
108
109 send_to_server3:
110 driver = smtp
111 allow_localhost
112 hosts = 127.0.0.1
113 port = PORT_D
114 helo_data = helo.data.changed
115 #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
116 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
117 hosts_require_tls = *
118 hosts_require_ocsp = *
119 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
120 (${listextract {${eval:$tls_out_ocsp+1}} \
121 {notreq:notresp:vfynotdone:failed:verified}})
122
123 send_to_server4:
124 driver = smtp
125 allow_localhost
126 hosts = 127.0.0.1
127 port = PORT_D
128 helo_data = helo.data.changed
129 #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
130 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
131 protocol = smtps
132 hosts_require_tls = *
133 hosts_require_ocsp = *
134 headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
135 (${listextract {${eval:$tls_out_ocsp+1}} \
136 {notreq:notresp:vfynotdone:failed:verified}})
137
138
139 # ----- Retry -----
140
141
142 begin retry
143
144 * * F,5d,1s
145
146
147 # End
Unnamed repository; edit this file 'description' to name the repository.