test/confs/5760

   1 # Exim test configuration 5760 (dup of 5750)
   2 # $tls_out_peercert - OpenSSL
   3
   4 SERVER=
   5
   6 exim_path = EXIM_PATH
   7 host_lookup_order = bydns
   8 primary_hostname = myhost.test.ex
   9 rfc1413_query_timeout = 0s
  10 spool_directory = DIR/spool
  11 log_file_path = DIR/spool/log/SERVER%slog
  12 gecos_pattern = ""
  13 gecos_name = CALLER_NAME
  14 timezone = UTC
  15
  16 # ----- Main settings -----
  17
  18 acl_smtp_rcpt = accept
  19
  20 log_selector =  +tls_peerdn
  21
  22 queue_only
  23 queue_run_in_order
  24
  25 tls_advertise_hosts = *
  26
  27 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  28 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  29
  30 tls_verify_hosts = *
  31 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
  32
  33 event_action = ${acl {server_cert_log}}
  34
  35 #
  36
  37 begin acl
  38
  39 server_cert_log:
  40   accept condition = ${if eq {tls:cert}{$event_name}}
  41          logwrite =  [$sender_host_address] \
  42                         depth=$event_data \
  43                         ${certextract{subject}{$tls_in_peercert}}
  44   accept
  45
  46 ev_tls:
  47   accept logwrite =  $event_name depth=$event_data \
  48                         <${certextract {subject} {$tls_out_peercert}}>
  49 #        message = nooooo
  50
  51 ev_msg:
  52   warn   logwrite =  $acl_arg1 $local_part
  53   warn   logwrite =  ${if !def:tls_out_ourcert \
  54                 {NO CLIENT CERT presented} \
  55                 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
  56   accept condition = ${if !def:tls_out_peercert}
  57          logwrite =  No Peer cert
  58   accept logwrite = Peer cert:
  59          logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
  60          logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
  61          logwrite =  IN  <${certextract {issuer}        {$tls_out_peercert}}>
  62          logwrite =  NB  <${certextract {notbefore}     {$tls_out_peercert}}>
  63          logwrite =  NA  <${certextract {notafter}      {$tls_out_peercert}}>
  64          logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>
  65          logwrite =  SG  <${certextract {signature}     {$tls_out_peercert}}>
  66          logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
  67          logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
  68          logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
  69
  70 logger:
  71   accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
  72          acl =       ev_msg $event_name $acl_arg2
  73   accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
  74          message =   ${acl {ev_tls}}
  75   accept
  76
  77 # ----- Routers -----
  78
  79 begin routers
  80
  81 client:
  82   driver = accept
  83   condition = ${if eq {SERVER}{server}{no}{yes}}
  84   retry_use_local_part
  85   transport = send_to_server
  86
  87
  88 # ----- Transports -----
  89
  90 begin transports
  91
  92 send_to_server:
  93   driver = smtp
  94   allow_localhost
  95   hosts = 127.0.0.1
  96   port = PORT_D
  97
  98   tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
  99   tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
 100
 101   tls_verify_certificates = DIR/aux-fixed/exim-ca/\
 102        ${if eq {$local_part}{good}\
 103 {example.com/server1.example.com/ca_chain.pem}\
 104 {example.net/server1.example.net/ca_chain.pem}}
 105
 106   event_action =   ${acl {logger} {$event_name} {$domain} }
 107
 108 # ----- Retry -----
 109
 110
 111 begin retry
 112
 113 * * F,5d,10s
 114
 115
 116 # End