Fix CVE-2016-1531
[users/jgh/exim.git] / test / confs / 2131
1 # Exim test configuration 2131
2 # SNI
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 keep_environment =
8 host_lookup_order = bydns
9 primary_hostname = myhost.test.ex
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15
16 # ----- Main settings -----
17
18 domainlist local_domains = test.ex : *.test.ex
19
20 acl_smtp_rcpt = acl_log_sni
21 log_selector = +tls_peerdn +tls_sni +received_recipients
22 remote_max_parallel = 1
23
24 tls_advertise_hosts = *
25
26 # Set certificate only if server
27
28 tls_certificate = ${if eq {SERVER}{server} \
29         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
30             {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
31             {cert1} \
32                         }\
33         }fail}
34
35 tls_privatekey = ${if eq {SERVER}{server} \
36         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
37             {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
38             {cert1} \
39                         }\
40         }fail}
41
42
43 # ------ ACL ------
44
45 begin acl
46
47 acl_log_sni:
48   accept
49          logwrite = SNI <$tls_in_sni>
50
51 # ----- Routers -----
52
53 begin routers
54
55 client:
56   driver = accept
57   condition = ${if !eq {SERVER}{server}}
58   transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
59
60 server:
61   driver = redirect
62   data = :blackhole:
63
64
65 # ----- Transports -----
66
67 begin transports
68
69 send_to_server1:
70   driver = smtp
71   allow_localhost
72   hosts = HOSTIPV4
73   port = PORT_D
74   tls_sni = fred
75   hosts_require_tls = *
76   tls_try_verify_hosts = :
77
78 send_to_server2:
79   driver = smtp
80   allow_localhost
81   hosts = HOSTIPV4
82   port = PORT_D
83   tls_sni = bill
84   hosts_require_tls = *
85   tls_try_verify_hosts = :
86
87
88 # ----- Retry -----
89
90
91 begin retry
92
93 * * F,5d,10s
94
95
96 # End