test/confs/3720

   1 # Exim test configuration 3720
   2
   3 SERVER=
   4
   5 .include DIR/aux-var/tls_conf_prefix
   6
   7 primary_hostname = myhost.test.ex
   8 log_selector = +received_recipients +outgoing_port
   9
  10 # ----- Main settings -----
  11
  12 acl_smtp_auth = log_call
  13 acl_smtp_mail = check_authd
  14 acl_smtp_rcpt = check_authd
  15 acl_smtp_data = ar_header
  16
  17 queue_only
  18 queue_run_in_order
  19 trusted_users = CALLER
  20
  21 tls_advertise_hosts = *
  22 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  23 tls_privatekey =  DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  24
  25 tls_verify_hosts = *
  26 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
  27
  28
  29 # ----- ACL -----
  30
  31 begin acl
  32
  33 log_call:
  34   accept   logwrite = Auth ACL called, after smtp cmd "$smtp_command"
  35
  36 check_authd:
  37   deny     message = authentication required
  38           !authenticated = *
  39   accept
  40
  41 ar_header:
  42   accept  add_header = :at_start:${authresults {$primary_hostname}}
  43
  44 # ----- Authentication -----
  45
  46 begin authenticators
  47
  48 ext_ccert_cn:
  49   driver =              external
  50   public_name =         EXTERNAL
  51
  52   server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
  53   server_param2 =       ${certextract {subject,CN} {$tls_in_peercert}}
  54   server_condition =    ${if eq {$auth2}{$auth1}}
  55   server_set_id =       $auth1
  56   server_debug_print =  +++TLS \$auth1="$auth1"
  57
  58   client_send =         "server2.example.org"
  59
  60
  61 # ----- Routers -----
  62
  63 begin routers
  64
  65 server_r:
  66   driver =      accept
  67   condition =   ${if eq {server}{SERVER}}
  68   transport =   file
  69
  70 client_r1:
  71   driver =      accept
  72   transport =   t1
  73
  74
  75 # ----- Transports -----
  76
  77 begin transports
  78
  79 t1:
  80   driver = smtp
  81   hosts = 127.0.0.1
  82   port = PORT_D
  83   hosts_try_fastopen =  :
  84   allow_localhost
  85   tls_certificate =             DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
  86   tls_privatekey =              DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
  87
  88   tls_verify_certificates =     DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
  89   tls_verify_cert_hostnames =   :
  90   hosts_try_auth =              *
  91
  92 file:
  93   driver = appendfile
  94   file = DIR/test-mail/$local_part
  95   create_file = DIR/test-mail
  96   user = CALLER
  97
  98 # End