# Exim test configuration 2131 # SNI SERVER = .include DIR/aux-var/tls_conf_prefix primary_hostname = myhost.test.ex # ----- Main settings ----- domainlist local_domains = test.ex : *.test.ex acl_smtp_rcpt = acl_log_sni log_selector = +tls_peerdn +tls_sni +received_recipients remote_max_parallel = 1 tls_advertise_hosts = * tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \ {cert1} \ {${if eq {$tls_in_sni}{alternate} \ {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ {${if eq {$tls_in_sni}{badcert} \ {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ {${if eq {$tls_in_sni}{nonexistcertfile} \ {nonexistent_file} \ fail \ } } \ } } \ } } \ } tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \ {cert1} \ {${if eq {$tls_in_sni}{alternate} \ {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ {${if eq {$tls_in_sni}{badkey} \ {cert2} \ {${if eq {$tls_in_sni}{noneistkeyfile} \ {nonexist_file} \ fail \ } } \ } } \ } } \ } # ------ ACL ------ begin acl acl_log_sni: accept logwrite = SNI <$tls_in_sni> # ----- Routers ----- begin routers client: driver = accept condition = ${if !eq {SERVER}{server}} transport = send_to_server_${if inlist {$local_part}{normal} {1}{2}} server: driver = redirect data = :blackhole: # ----- Transports ----- begin transports send_to_server_1: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D hosts_try_fastopen = : hosts_require_tls = * tls_sni = ${local_part} tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : send_to_server_2: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D hosts_try_fastopen = : hosts_require_tls = * tls_sni = ${local_part} tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_cert_hostnames = : # ----- Retry ----- begin retry * * F,5d,10s # End