Docs: update info on MTA-STS. Bug 3091
[exim.git] / test / confs / 5840
1 # Exim test configuration 5840
2 # DANE/OpenSSL
3
4 SERVER=
5 CONTROL= *
6
7 .include DIR/aux-var/tls_conf_prefix
8
9 primary_hostname = myhost.test.ex
10
11 # ----- Main settings -----
12
13 .ifndef OPT
14 acl_smtp_rcpt = accept logwrite = "rcpt ACL"
15 .else
16 acl_smtp_rcpt = accept verify = recipient/callout
17 .endif
18
19 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified \
20                 +tls_sni
21
22 queue_run_in_order
23
24 tls_advertise_hosts = *
25
26 CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net
27 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
28
29 .ifdef CERT
30 tls_certificate = CERT
31 .else
32 tls_certificate = ${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \
33                 {CDIR2/fullchain.pem}\
34                 {CDIR1/fullchain.pem}}
35 .endif
36
37 .ifdef ALLOW
38 tls_privatekey = ALLOW
39 .else
40 tls_privatekey = ${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \
41                 {CDIR2/server1.example.com.unlocked.key}\
42                 {CDIR1/server1.example.net.unlocked.key}}
43 .endif
44
45 # ----- Routers -----
46
47 begin routers
48
49 client:
50   driver = dnslookup
51   condition = ${if eq {SERVER}{}}
52   dnssec_request_domains = *
53   self = send
54   transport = send_to_server
55   errors_to = ""
56
57 server:
58   driver = redirect
59   data = :blackhole:
60
61
62 # ----- Transports -----
63
64 begin transports
65
66 send_to_server:
67   driver = smtp
68   allow_localhost
69   port = PORT_D
70   hosts_try_fastopen =  :
71
72   hosts_try_dane =     CONTROL
73   hosts_require_dane = HOSTIPV4
74   tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
75   tls_try_verify_hosts = thishost.test.ex
76   tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}}
77
78
79
80 # ----- Retry -----
81
82
83 begin retry
84
85 * * F,5d,10s
86
87
88 # End