test/confs/2131

   1 # Exim test configuration 2131
   2 # SNI
   3
   4 SERVER =
   5
   6 .include DIR/aux-var/tls_conf_prefix
   7
   8 primary_hostname = myhost.test.ex
   9
  10 # ----- Main settings -----
  11
  12 domainlist local_domains = test.ex : *.test.ex
  13
  14 acl_smtp_rcpt = acl_log_sni
  15 log_selector = +tls_peerdn +tls_sni +received_recipients
  16 remote_max_parallel = 1
  17
  18 tls_advertise_hosts = *
  19
  20 tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \
  21             {cert1} \
  22             {${if eq {$tls_in_sni}{alternate} \
  23               {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
  24               {${if eq {$tls_in_sni}{badcert} \
  25                 {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
  26                 {${if eq {$tls_in_sni}{nonexistcertfile} \
  27                   {nonexistent_file} \
  28                   fail \
  29                 } } \
  30               } } \
  31             } } \
  32                         }
  33
  34 tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \
  35             {cert1} \
  36             {${if eq {$tls_in_sni}{alternate} \
  37               {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
  38               {${if eq {$tls_in_sni}{badkey} \
  39                 {cert2} \
  40                 {${if eq {$tls_in_sni}{noneistkeyfile} \
  41                   {nonexist_file} \
  42                   fail \
  43                 } } \
  44               } } \
  45             } } \
  46                         }
  47
  48
  49 # ------ ACL ------
  50
  51 begin acl
  52
  53 acl_log_sni:
  54   accept
  55          logwrite = SNI <$tls_in_sni>
  56
  57 # ----- Routers -----
  58
  59 begin routers
  60
  61 client:
  62   driver = accept
  63   condition = ${if !eq {SERVER}{server}}
  64   transport = send_to_server_${if inlist {$local_part}{normal} {1}{2}}
  65
  66 server:
  67   driver = redirect
  68   data = :blackhole:
  69
  70
  71 # ----- Transports -----
  72
  73 begin transports
  74
  75 send_to_server_1:
  76   driver =              smtp
  77   allow_localhost
  78   hosts =               HOSTIPV4
  79   port =                PORT_D
  80   hosts_try_fastopen =  :
  81   hosts_require_tls =   *
  82   tls_sni =             ${local_part}
  83   tls_verify_certificates = DIR/aux-fixed/cert1
  84   tls_verify_cert_hostnames = :
  85
  86 send_to_server_2:
  87   driver =              smtp
  88   allow_localhost
  89   hosts =               HOSTIPV4
  90   port =                PORT_D
  91   hosts_try_fastopen =  :
  92   hosts_require_tls =   *
  93   tls_sni =             ${local_part}
  94   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
  95   tls_verify_cert_hostnames = :
  96
  97 # ----- Retry -----
  98
  99
 100 begin retry
 101
 102 * * F,5d,10s
 103
 104
 105 # End