test/confs/3700

   1 # Exim test configuration 3700
   2
   3 SERVER=
   4
   5 .include DIR/aux-var/tls_conf_prefix
   6
   7 primary_hostname = myhost.test.ex
   8 log_selector = +received_recipients +outgoing_port
   9
  10 # ----- Main settings -----
  11
  12 acl_smtp_auth = log_call
  13 acl_smtp_mail = check_authd
  14 acl_smtp_rcpt = check_authd
  15 acl_smtp_data = ar_header
  16
  17 queue_only
  18 queue_run_in_order
  19 trusted_users = CALLER
  20
  21 tls_on_connect_ports = PORT_S
  22 tls_advertise_hosts = *
  23 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  24 tls_privatekey =  DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  25
  26 tls_verify_hosts = *
  27 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
  28
  29
  30 # ----- ACL -----
  31
  32 begin acl
  33
  34 log_call:
  35   accept   logwrite = Auth ACL called, after smtp cmd "$smtp_command"
  36
  37 check_authd:
  38   deny     message = authentication required
  39           !authenticated = *
  40   accept
  41
  42 ar_header:
  43   accept  add_header = :at_start:${authresults {$primary_hostname}}
  44
  45 # ----- Authentication -----
  46
  47 begin authenticators
  48
  49 tls:
  50   driver = tls
  51   server_debug_print = +++TLS \$auth1="$auth1"
  52   server_param1 =    ${quote:${certextract {subject,CN,>:} \
  53                                   {$tls_in_peercert}}}
  54   server_condition = ${if def:auth1}
  55   server_set_id =    $auth1
  56
  57
  58 # ----- Routers -----
  59
  60 begin routers
  61
  62 server_r:
  63   driver =      accept
  64   condition =   ${if eq {server}{SERVER}}
  65   transport =   file
  66
  67 client_r1:
  68   driver =      accept
  69   transport =   ${if eq {$local_part}{smtps} {t2}{t1}}
  70
  71
  72 # ----- Transports -----
  73
  74 begin transports
  75
  76 t1:
  77   driver = smtp
  78   hosts = 127.0.0.1
  79   port = PORT_D
  80   hosts_try_fastopen =  :
  81   allow_localhost
  82   tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
  83   tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
  84   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
  85   tls_verify_cert_hostnames = :
  86
  87 t2:
  88   driver = smtp
  89   hosts = 127.0.0.1
  90   port = PORT_S
  91   hosts_try_fastopen =  :
  92   protocol = smtps
  93   allow_localhost
  94   tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
  95   tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
  96   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
  97   tls_verify_cert_hostnames = :
  98
  99 file:
 100   driver = appendfile
 101   file = DIR/test-mail/$local_part
 102   create_file = DIR/test-mail
 103   user = CALLER
 104
 105 # End