test/confs/5840

   1 # Exim test configuration 5840
   2 # DANE
   3
   4 SERVER=
   5
   6 exim_path = EXIM_PATH
   7 host_lookup_order = bydns
   8 primary_hostname = myhost.test.ex
   9 spool_directory = DIR/spool
  10 log_file_path = DIR/spool/log/SERVER%slog
  11 gecos_pattern = ""
  12 gecos_name = CALLER_NAME
  13
  14 # ----- Main settings -----
  15
  16 .ifndef OPT
  17 acl_smtp_rcpt = accept
  18 .else
  19 acl_smtp_rcpt = accept verify = recipient/callout
  20 .endif
  21
  22 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
  23
  24 queue_run_in_order
  25
  26 tls_advertise_hosts = *
  27
  28 # Set certificate only if server
  29 CDIR1 = DIR/aux-fixed
  30 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
  31
  32 tls_certificate = ${if eq {SERVER}{server} \
  33         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
  34                 {CDIR2/fullchain.pem}\
  35                 {CDIR1/cert1}}}\
  36         fail}
  37
  38 tls_privatekey = ${if eq {SERVER}{server} \
  39         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
  40                 {CDIR2/server1.example.com.unlocked.key}\
  41                 {CDIR1/cert1}}}\
  42         fail}
  43
  44 # ----- Routers -----
  45
  46 begin routers
  47
  48 client:
  49   driver = dnslookup
  50   condition = ${if eq {SERVER}{}}
  51   dnssec_request_domains = *
  52   self = send
  53   transport = send_to_server
  54
  55 server:
  56   driver = redirect
  57   data = :blackhole:
  58
  59
  60 # ----- Transports -----
  61
  62 begin transports
  63
  64 send_to_server:
  65   driver = smtp
  66   allow_localhost
  67   port = PORT_D
  68
  69   hosts_try_dane =     *
  70   hosts_require_dane = !thishost.test.ex
  71   tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
  72   tls_try_verify_hosts = thishost.test.ex
  73   tls_verify_certificates = CDIR2/ca_chain.pem
  74
  75
  76
  77 # ----- Retry -----
  78
  79
  80 begin retry
  81
  82 * * F,5d,10s
  83
  84
  85 # End