Fix CVE-2016-1531
[exim.git] / test / confs / 5650
1 # Exim test configuration 5650
2 # OCSP stapling, server
3
4 CRL=
5
6 exim_path = EXIM_PATH
7 keep_environment =
8 host_lookup_order = bydns
9 primary_hostname = server1.example.com
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15 # ----- Main settings -----
16
17 acl_smtp_connect = check_connect
18 acl_smtp_mail = check_mail
19 acl_smtp_rcpt = check_recipient
20
21 log_selector = +tls_peerdn
22
23 queue_only
24 queue_run_in_order
25
26 tls_advertise_hosts = *
27
28 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
29 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
30 tls_crl = CRL
31 tls_ocsp_file = OCSP
32
33 #tls_verify_hosts = HOSTIPV4
34 #tls_try_verify_hosts = *
35 #tls_verify_certificates = DIR/aux-fixed/cert2
36
37
38
39 # ------ ACL ------
40
41 begin acl
42
43 check_connect:
44   accept   logwrite = acl_conn: ocsp in status: $tls_in_ocsp \
45     (${listextract {${eval:$tls_in_ocsp+1}} \
46                 {notreq:notresp:vfynotdone:failed:verified}})
47
48 check_mail:
49   accept   logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
50     (${listextract {${eval:$tls_in_ocsp+1}} \
51                 {notreq:notresp:vfynotdone:failed:verified}})
52
53 check_recipient:
54   accept
55
56
57 # ----- Routers -----
58
59 begin routers
60
61 abc:
62   driver = accept
63   retry_use_local_part
64   transport = local_delivery
65
66
67 # ----- Transports -----
68
69 begin transports
70
71 local_delivery:
72   driver = appendfile
73   file = DIR/test-mail/$local_part
74   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
75   user = CALLER
76
77 # End