test/confs/5760

   1 # Exim test configuration 5760 (dup of 5750)
   2 # $tls_out_peercert - OpenSSL
   3
   4 SERVER=
   5
   6 exim_path = EXIM_PATH
   7 host_lookup_order = bydns
   8 primary_hostname = myhost.test.ex
   9 rfc1413_query_timeout = 0s
  10 spool_directory = DIR/spool
  11 log_file_path = DIR/spool/log/SERVER%slog
  12 gecos_pattern = ""
  13 gecos_name = CALLER_NAME
  14
  15 # ----- Main settings -----
  16
  17 acl_smtp_rcpt = accept
  18
  19 log_selector =  +tls_peerdn
  20
  21 queue_only
  22 queue_run_in_order
  23
  24 tls_advertise_hosts = *
  25
  26 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  27 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  28
  29 tls_verify_hosts = *
  30 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
  31
  32 #
  33
  34 begin acl
  35
  36 ev_tls:
  37   accept logwrite =  $tpda_event depth=$tpda_data \
  38                         <${certextract {subject} {$tls_out_peercert}}>
  39 #        message = nooooo
  40
  41 ev_msg:
  42   warn   logwrite =  $acl_arg1 $local_part
  43   warn   logwrite =  ${if !def:tls_out_ourcert \
  44                 {NO CLIENT CERT presented} \
  45                 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
  46   accept condition = ${if !def:tls_out_peercert}
  47          logwrite =  No Peer cert
  48   accept logwrite = Peer cert:
  49          logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
  50          logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
  51          logwrite =  IN  <${certextract {issuer}        {$tls_out_peercert}}>
  52          logwrite =  NB  <${certextract {notbefore}     {$tls_out_peercert}}>
  53          logwrite =  NA  <${certextract {notafter}      {$tls_out_peercert}}>
  54          logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>
  55          logwrite =  SG  <${certextract {signature}     {$tls_out_peercert}}>
  56          logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
  57          logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
  58          logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
  59
  60 logger:
  61   accept condition = ${if eq {msg} {${listextract{1}{$tpda_event}}}}
  62          acl =       ev_msg $tpda_event $acl_arg2
  63   accept condition = ${if eq {tls} {${listextract{1}{$tpda_event}}}}
  64          message =   ${acl {ev_tls}}
  65   accept
  66
  67 # ----- Routers -----
  68
  69 begin routers
  70
  71 client:
  72   driver = accept
  73   condition = ${if eq {SERVER}{server}{no}{yes}}
  74   retry_use_local_part
  75   transport = send_to_server
  76
  77
  78 # ----- Transports -----
  79
  80 begin transports
  81
  82 send_to_server:
  83   driver = smtp
  84   allow_localhost
  85   hosts = 127.0.0.1
  86   port = PORT_D
  87
  88   tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
  89   tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
  90
  91   tls_verify_certificates = DIR/aux-fixed/exim-ca/\
  92        ${if eq {$local_part}{good}\
  93 {example.com/server1.example.com/ca_chain.pem}\
  94 {example.net/server1.example.net/ca_chain.pem}}
  95
  96   tpda_event_action =   ${acl {logger} {$tpda_event} {$domain} }
  97
  98 # ----- Retry -----
  99
 100
 101 begin retry
 102
 103 * * F,5d,10s
 104
 105
 106 # End