Fix CVE-2016-1531

[exim.git] / test / confs / 2131

# Exim test configuration 2131
# SNI

SERVER =

exim_path = EXIM_PATH
keep_environment =
host_lookup_order = bydns
primary_hostname = myhost.test.ex
rfc1413_query_timeout = 0s
spool_directory = DIR/spool
log_file_path = DIR/spool/log/SERVER%slog
gecos_pattern = ""
gecos_name = CALLER_NAME


# ----- Main settings -----

domainlist local_domains = test.ex : *.test.ex

acl_smtp_rcpt = acl_log_sni
log_selector = +tls_peerdn +tls_sni +received_recipients
remote_max_parallel = 1

tls_advertise_hosts = *

# Set certificate only if server

tls_certificate = ${if eq {SERVER}{server} \
        {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
            {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
            {cert1} \
                        }\
        }fail}

tls_privatekey = ${if eq {SERVER}{server} \
        {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
            {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
            {cert1} \
                        }\
        }fail}


# ------ ACL ------

begin acl

acl_log_sni:
  accept
         logwrite = SNI <$tls_in_sni>

# ----- Routers -----

begin routers

client:
  driver = accept
  condition = ${if !eq {SERVER}{server}}
  transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}

server:
  driver = redirect
  data = :blackhole:


# ----- Transports -----

begin transports

send_to_server1:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_sni = fred
  hosts_require_tls = *

send_to_server2:
  driver = smtp
  allow_localhost
  hosts = HOSTIPV4
  port = PORT_D
  tls_sni = bill
  hosts_require_tls = *


# ----- Retry -----


begin retry

* * F,5d,10s


# End