gsasl authenticator: support crypted secrets, server side
[exim.git] / test / confs / 2125
1 # Exim test configuration 2125
2
3 SERVER=
4
5 .include DIR/aux-var/tls_conf_prefix
6
7 primary_hostname = myhost.test.ex
8
9 # ----- Main settings -----
10
11 acl_smtp_rcpt = accept
12
13 log_selector =  +tls_peerdn+tls_certificate_verified
14
15 queue_only
16 queue_run_in_order
17
18 tls_advertise_hosts = *
19
20 tls_require_ciphers = ${if eq{$sender_host_address}{HOSTIPV4}\
21                       {AES256}{AES128}}
22
23 # Set certificate only if server
24
25 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
26 tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
27
28 .ifdef _OPT_OPENSSL_NO_TLSV1_3_X
29 openssl_options = +no_tlsv1_3
30 .endif
31
32 # ----- Routers -----
33
34 begin routers
35
36 client:
37   driver = accept
38   condition = ${if eq {SERVER}{server}{no}{yes}}
39   retry_use_local_part
40   transport = send_to_server
41
42
43 # ----- Transports -----
44
45 begin transports
46
47 send_to_server:
48   driver = smtp
49   allow_localhost
50   hosts = HOSTIPV4 : 127.0.0.1
51   port = PORT_D
52   hosts_require_tls = HOSTIPV4
53   tls_require_ciphers = AES128-SHA
54   hosts_try_fastopen = :
55   tls_try_verify_hosts = :
56
57
58 # ----- Retry -----
59
60
61 begin retry
62
63 * * F,5d,10s
64
65
66 # End