Docs: add note on DKIM verify disable
[exim.git] / test / confs / 4520
index 9092c74dc665b96b5d3836ca80493dd15008f9ab..00267da6a6e7b0c6eaba847a06c58d6982ebbd71 100644 (file)
@@ -1,69 +1,47 @@
 # Exim test configuration 4520
 
 SERVER=
-OPT=
-FAKE =
 
-.include DIR/aux-var/std_conf_prefix
+.include DIR/aux-var/tls_conf_prefix
 
 primary_hostname = myhost.test.ex
 
 # ----- Main settings -----
 
-acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS
-acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
-acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status
+acl_smtp_rcpt = accept encrypted = *
+acl_smtp_dkim = check_dkim
+acl_smtp_data = check_data
 
-dkim_verify_signers = $dkim_signers : FAKE
-
-DDIR=DIR/aux-fixed/dkim
-
-log_selector = -dkim +dkim_verbose
-
-# ----- Routers
-
-begin routers
-
-server_dump:
-  driver = redirect
-  condition = ${if eq {SERVER}{server}{yes}{no}}
-  data = :blackhole:
-
-client:
-  driver = accept
-  transport = send_to_server
+log_selector = +dkim_verbose
+dkim_verify_hashes = sha256 : sha512 : sha1
+.ifdef MSIZE
+dkim_verify_min_keysizes = MSIZE
+.endif
 
-# ----- Transports
+queue_only
+queue_run_in_order
 
-begin transports
 
-send_to_server:
-  driver = smtp
-  allow_localhost
-  hosts = HOSTIPV4
-  port = PORT_D
+begin acl
 
-  dkim_domain =                test.ex
-.ifdef SELECTOR
-  dkim_selector =      SELECTOR
-.else
-  dkim_selector =      sel
+check_dkim:
+.ifdef BAD
+  warn logwrite =      ${lookup dnsdb{defer_never,txt=_adsp._domainkey.$dkim_cur_signer}{$value}{unknown}}
 .endif
-
-  dkim_private_key =   ${if match {$dkim_selector}{^ses}       {DDIR/dkim512.private} \
-                         {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \
-                         {}}}}
-
-.ifndef HEADERS_MAXSIZE
-  dkim_sign_headers =  OPT
-.else
-  dkim_identity =      allheaders@$dkim_domain
+.ifdef OPTION
+  warn condition =     ${if eq {$dkim_algo}{rsa-sha1}}
+       condition =     ${if eq {$dkim_verify_status}{pass}}
+       logwrite =      NOTE: forcing dkim verify fail (was pass)
+       set dkim_verify_status = fail
+       set dkim_verify_reason = hash too weak
 .endif
-.ifdef VALUE
-  dkim_hash =          VALUE
-.endif
-.ifdef STRICT
-  dkim_strict =                STRICT
+  warn
+       logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+.ifndef STRICT
+  accept
 .endif
 
+check_data:
+  accept logwrite = ${authresults {$primary_hostname}}
+
 # End