test/confs/3820

   1 # Exim test configuration 3820
   2
   3 SERVER=
   4
   5 .ifdef TRUSTED
   6 .include DIR/aux-var/tls_conf_prefix
   7 .else
   8 .include DIR/aux-var/std_conf_prefix
   9 .endif
  10
  11 primary_hostname = myhost.test.ex
  12 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
  13
  14 # ----- Main settings -----
  15
  16 acl_smtp_rcpt = accept
  17 queue_only
  18
  19
  20 begin routers
  21
  22 client_r:
  23   driver =      accept
  24   condition =   ${if !eq {SERVER}{server}}
  25   transport =   smtp
  26
  27 begin transports
  28
  29 smtp:
  30   driver =              smtp
  31   hosts =               127.0.0.1
  32   allow_localhost
  33   port =                PORT_D
  34 .ifdef TRUSTED
  35   hosts_require_tls =   *
  36   tls_verify_certificates = DIR/aux-fixed/cert1
  37   tls_verify_cert_hostnames = :
  38 .endif
  39   hosts_require_auth =  *
  40
  41 # ----- Authentication -----
  42
  43 begin authenticators
  44
  45 .ifndef TRUSTED
  46 sasl1:
  47   driver =              gsasl
  48   public_name =         ANONYMOUS
  49   server_set_id =       $auth1
  50   server_condition =    true
  51
  52 sasl2:
  53   driver =              gsasl
  54   public_name =         PLAIN
  55   server_set_id =       $auth1
  56   server_condition =    ${if eq {$auth3}{pencil}}
  57
  58   client_condition =    ${if eq {plain}{$local_part}}
  59   client_username =     ph10
  60   client_password =     pencil
  61 .endif
  62
  63 sasl3:
  64   driver =              gsasl
  65 .ifdef TRUSTED
  66   public_name =         SCRAM-SHA-1-PLUS
  67   server_advertise_condition =  ${if def:tls_in_cipher}
  68   server_channelbinding =       true
  69 .else
  70   public_name =         SCRAM-SHA-1
  71 .endif
  72
  73   # will need to give library salt, stored-key, server-key, itercount
  74   #
  75   # sigh
  76   # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT.  It _might_ take
  77   # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
  78
  79   # unclear if the salt is given in binary or base64 to the library
  80   server_scram_salt =   ${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}}
  81   server_password =     ${if eq {$auth1}{ph10} {pencil}{unset_password}}
  82   server_condition =    true
  83   server_set_id =       $auth1
  84
  85   client_condition =    ${if eq {scram_sha_1}{$local_part}}
  86   client_username =     ph10
  87   client_password =     pencil
  88 .ifdef TRUSTED
  89   client_channelbinding = true
  90 .endif
  91
  92 .ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
  93 sasl4:
  94   driver =              gsasl
  95 .ifdef TRUSTED
  96   public_name =         SCRAM-SHA-256-PLUS
  97   server_advertise_condition =  ${if def:tls_in_cipher}
  98   server_channelbinding =       true
  99 .else
 100   public_name =         SCRAM-SHA-256
 101 .endif
 102
 103   server_scram_salt =   QSXCR+Q6sek8bf92
 104   server_password =     pencil
 105   server_condition =    true
 106   server_set_id =       $auth1
 107
 108   client_condition =    ${if eq {scram_sha_256}{$local_part}}
 109   client_username =     ph10
 110   client_password =     pencil
 111 .ifdef TRUSTED
 112   client_channelbinding = true
 113 .endif
 114 .endif
 115
 116
 117 # End