test/confs/5601

   1 # Exim test configuration 5601
   2 # OCSP stapling, client
   3
   4 SERVER =
   5
   6 exim_path = EXIM_PATH
   7 keep_environment  = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
   8 host_lookup_order = bydns
   9 primary_hostname = server1.example.com
  10 rfc1413_query_timeout = 0s
  11 spool_directory = DIR/spool
  12 log_file_path = DIR/spool/log/SERVER%slog
  13 gecos_pattern = ""
  14 gecos_name = CALLER_NAME
  15
  16
  17 # ----- Main settings -----
  18
  19 domainlist local_domains = test.ex : *.test.ex
  20
  21 acl_smtp_rcpt = check_recipient
  22 log_selector = +tls_peerdn
  23 remote_max_parallel = 1
  24
  25 tls_advertise_hosts = *
  26
  27 # Set certificate only if server
  28
  29 tls_certificate = ${if eq {SERVER}{server}\
  30 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
  31 fail\
  32 }
  33
  34 #{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
  35
  36 tls_privatekey = ${if eq {SERVER}{server}\
  37 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
  38 fail}
  39
  40 tls_ocsp_file = OCSP
  41
  42
  43 # ------ ACL ------
  44
  45 begin acl
  46
  47 check_recipient:
  48   accept  domains = +local_domains
  49   deny    message = relay not permitted
  50
  51
  52 # ----- Routers -----
  53
  54 begin routers
  55
  56 client:
  57   driver = accept
  58   condition = ${if eq {SERVER}{server}{no}{yes}}
  59   retry_use_local_part
  60   transport = send_to_server${if eq{$local_part}{nostaple}{1} \
  61                                 {${if eq{$local_part}{smtps} {3}{2}}} \
  62                              }
  63
  64 server:
  65   driver = redirect
  66   data = :blackhole:
  67   #retry_use_local_part
  68   #transport = local_delivery
  69
  70
  71 # ----- Transports -----
  72
  73 begin transports
  74
  75 local_delivery:
  76   driver = appendfile
  77   file = DIR/test-mail/$local_part
  78   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
  79   user = CALLER
  80
  81 send_to_server1:
  82   driver = smtp
  83   allow_localhost
  84   hosts = HOSTIPV4
  85   port = PORT_D
  86   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  87   hosts_require_tls = *
  88 # note no ocsp here
  89
  90 send_to_server2:
  91   driver = smtp
  92   allow_localhost
  93   hosts = 127.0.0.1
  94   port = PORT_D
  95   helo_data = helo.data.changed
  96   #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
  97   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  98   hosts_require_tls =  *
  99   hosts_require_ocsp = *
 100
 101 send_to_server3:
 102   driver = smtp
 103   allow_localhost
 104   hosts = 127.0.0.1
 105   port = PORT_D
 106   helo_data = helo.data.changed
 107   #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
 108   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
 109   protocol =           smtps
 110   hosts_require_tls =  *
 111   hosts_require_ocsp = *
 112
 113
 114 # ----- Retry -----
 115
 116
 117 begin retry
 118
 119 * * F,5d,1s
 120
 121
 122 # End