Merge branch 'exim-4.96+security'
[exim.git] / test / confs / 2131
1 # Exim test configuration 2131
2 # SNI
3
4 SERVER =
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = myhost.test.ex
9
10 # ----- Main settings -----
11
12 domainlist local_domains = test.ex : *.test.ex
13
14 acl_smtp_rcpt = acl_log_sni
15 log_selector = +tls_peerdn +tls_sni +received_recipients
16 remote_max_parallel = 1
17
18 tls_advertise_hosts = *
19
20 tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \
21             {cert1} \
22             {${if eq {$tls_in_sni}{alternate} \
23               {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
24               {${if eq {$tls_in_sni}{badcert} \
25                 {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
26                 {${if eq {$tls_in_sni}{nonexistcertfile} \
27                   {nonexistent_file} \
28                   fail \
29                 } } \
30               } } \
31             } } \
32                         }
33
34 tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \
35             {cert1} \
36             {${if eq {$tls_in_sni}{alternate} \
37               {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
38               {${if eq {$tls_in_sni}{badkey} \
39                 {cert2} \
40                 {${if eq {$tls_in_sni}{noneistkeyfile} \
41                   {nonexist_file} \
42                   fail \
43                 } } \
44               } } \
45             } } \
46                         }
47
48
49 # ------ ACL ------
50
51 begin acl
52
53 acl_log_sni:
54   accept
55          logwrite = SNI <$tls_in_sni>
56
57 # ----- Routers -----
58
59 begin routers
60
61 client:
62   driver = accept
63   condition = ${if !eq {SERVER}{server}}
64   transport = send_to_server_${if inlist {$local_part}{normal} {1}{2}}
65
66 server:
67   driver = redirect
68   data = :blackhole:
69
70
71 # ----- Transports -----
72
73 begin transports
74
75 send_to_server_1:
76   driver =              smtp
77   allow_localhost
78   hosts =               HOSTIPV4
79   port =                PORT_D
80   hosts_try_fastopen =  :
81   hosts_require_tls =   *
82   tls_sni =             ${local_part}
83   tls_verify_certificates = DIR/aux-fixed/cert1
84   tls_verify_cert_hostnames = :
85
86 send_to_server_2:
87   driver =              smtp
88   allow_localhost
89   hosts =               HOSTIPV4
90   port =                PORT_D
91   hosts_try_fastopen =  :
92   hosts_require_tls =   *
93   tls_sni =             ${local_part}
94   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
95   tls_verify_cert_hostnames = :
96
97 # ----- Retry -----
98
99
100 begin retry
101
102 * * F,5d,10s
103
104
105 # End