test/confs/5730

   1 # Exim test configuration 5730
   2 # OCSP stapling, client, events
   3
   4 SERVER =
   5
   6 .include DIR/aux-var/std_conf_prefix
   7
   8 primary_hostname = server1.example.com
   9
  10
  11 # ----- Main settings -----
  12
  13 domainlist local_domains = test.ex : *.test.ex
  14
  15 acl_smtp_rcpt = check_recipient
  16 acl_smtp_data = check_data
  17
  18 log_selector = +tls_peerdn
  19 remote_max_parallel = 1
  20
  21 tls_advertise_hosts = *
  22
  23 # Set certificate only if server
  24 tls_certificate = ${if eq {SERVER}{server}\
  25 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
  26 fail\
  27 }
  28 tls_privatekey = ${if eq {SERVER}{server}\
  29 {DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
  30 fail}
  31
  32 # from cmdline define
  33 tls_ocsp_file = OCSP
  34
  35
  36 # ------ ACL ------
  37
  38 begin acl
  39
  40 check_recipient:
  41   accept  domains = +local_domains
  42   deny    message = relay not permitted
  43
  44 check_data:
  45   warn    condition   = ${if def:h_X-TLS-out:}
  46           logwrite = client claims: $h_X-TLS-out:
  47   accept
  48
  49 logger:
  50   accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}}
  51   warn  logwrite = client ocsp status: $tls_out_ocsp \
  52     (${listextract {${eval:$tls_out_ocsp+1}} \
  53                 {notreq:notresp:vfynotdone:failed:verified}})
  54   accept
  55
  56
  57 # ----- Routers -----
  58
  59 begin routers
  60
  61 client:
  62   driver = accept
  63   condition = ${if eq {SERVER}{server}{no}{yes}}
  64   retry_use_local_part
  65   transport = send_to_server${if eq{$local_part}{nostaple}{1} \
  66                                 {${if eq{$local_part}{norequire} {2} \
  67                                 {${if eq{$local_part}{smtps} {4}{3}}} \
  68                              }}}
  69
  70 server:
  71   driver = redirect
  72   data = :blackhole:
  73   #retry_use_local_part
  74   #transport = local_delivery
  75
  76
  77 # ----- Transports -----
  78
  79 begin transports
  80
  81 local_delivery:
  82   driver = appendfile
  83   file = DIR/test-mail/$local_part
  84   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
  85   user = CALLER
  86
  87 send_to_server1:
  88   driver = smtp
  89   allow_localhost
  90   hosts = HOSTIPV4
  91   port = PORT_D
  92   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
  93   tls_verify_cert_hostnames =
  94   hosts_require_tls = *
  95   hosts_request_ocsp = :
  96   headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
  97     (${listextract {${eval:$tls_out_ocsp+1}} \
  98                 {notreq:notresp:vfynotdone:failed:verified}})
  99   event_action =        ${acl {logger}}
 100
 101 send_to_server2:
 102   driver = smtp
 103   allow_localhost
 104   hosts = HOSTIPV4
 105   port = PORT_D
 106   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
 107   tls_verify_cert_hostnames =
 108   hosts_require_tls = *
 109 # note no ocsp mention here
 110   headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
 111     (${listextract {${eval:$tls_out_ocsp+1}} \
 112                 {notreq:notresp:vfynotdone:failed:verified}})
 113   event_action =        ${acl {logger}}
 114
 115 send_to_server3:
 116   driver = smtp
 117   allow_localhost
 118   hosts = 127.0.0.1
 119   port = PORT_D
 120   helo_data = helo.data.changed
 121   #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
 122   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
 123   tls_try_verify_hosts =
 124   tls_verify_cert_hostnames =
 125   hosts_require_tls =  *
 126   hosts_require_ocsp = *
 127   headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
 128     (${listextract {${eval:$tls_out_ocsp+1}} \
 129                 {notreq:notresp:vfynotdone:failed:verified}})
 130   event_action =        ${acl {logger}}
 131
 132 send_to_server4:
 133   driver = smtp
 134   allow_localhost
 135   hosts = 127.0.0.1
 136   port = PORT_D
 137   helo_data = helo.data.changed
 138   #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
 139   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
 140   tls_verify_cert_hostnames =
 141   protocol =           smtps
 142   hosts_require_tls =  *
 143   hosts_require_ocsp = *
 144   headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
 145     (${listextract {${eval:$tls_out_ocsp+1}} \
 146                 {notreq:notresp:vfynotdone:failed:verified}})
 147   event_action =        ${acl {logger}}
 148
 149
 150 # ----- Retry -----
 151
 152
 153 begin retry
 154
 155 * * F,5d,1s
 156
 157
 158 # End