Fix CVE-2016-1531
[exim.git] / test / confs / 5840
1 # Exim test configuration 5840
2 # DANE
3
4 SERVER=
5
6 exim_path = EXIM_PATH
7 keep_environment =
8 host_lookup_order = bydns
9 primary_hostname = myhost.test.ex
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15 # ----- Main settings -----
16
17 .ifndef OPT
18 acl_smtp_rcpt = accept
19 .else
20 acl_smtp_rcpt = accept verify = recipient/callout
21 .endif
22
23 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
24
25 queue_run_in_order
26
27 tls_advertise_hosts = *
28
29 # Set certificate only if server
30 CDIR1 = DIR/aux-fixed
31 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
32
33 tls_certificate = ${if eq {SERVER}{server} \
34         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
35                 {CDIR2/fullchain.pem}\
36                 {CDIR1/cert1}}}\
37         fail}
38
39 tls_privatekey = ${if eq {SERVER}{server} \
40         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
41                 {CDIR2/server1.example.com.unlocked.key}\
42                 {CDIR1/cert1}}}\
43         fail}
44
45 # ----- Routers -----
46
47 begin routers
48
49 client:
50   driver = dnslookup
51   condition = ${if eq {SERVER}{}}
52   dnssec_request_domains = *
53   self = send
54   transport = send_to_server
55
56 server:
57   driver = redirect
58   data = :blackhole:
59
60
61 # ----- Transports -----
62
63 begin transports
64
65 send_to_server:
66   driver = smtp
67   allow_localhost
68   port = PORT_D
69
70   hosts_try_dane =     *
71   hosts_require_dane = !thishost.test.ex
72   tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
73   tls_try_verify_hosts = thishost.test.ex
74   tls_verify_certificates = CDIR2/ca_chain.pem
75
76
77
78 # ----- Retry -----
79
80
81 begin retry
82
83 * * F,5d,10s
84
85
86 # End