-# Exim test configuration 2030
+# Exim test configuration 2031
# SNI
SERVER =
tls_advertise_hosts = *
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server} \
- {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
- {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
+tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \
{cert1} \
- }\
- }fail}
-
-tls_privatekey = ${if eq {SERVER}{server} \
- {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
- {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
+ {${if eq {$tls_in_sni}{alternate} \
+ {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
+ {${if eq {$tls_in_sni}{badcert} \
+ {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
+ {${if eq {$tls_in_sni}{nonexistcertfile} \
+ {nonexistent_file} \
+ fail \
+ } } \
+ } } \
+ } } \
+ }
+
+tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \
{cert1} \
- }\
- }fail}
+ {${if eq {$tls_in_sni}{alternate} \
+ {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
+ {${if eq {$tls_in_sni}{badkey} \
+ {cert2} \
+ {${if eq {$tls_in_sni}{noneistkeyfile} \
+ {nonexist_file} \
+ fail \
+ } } \
+ } } \
+ } } \
+ }
# ------ ACL ------
client:
driver = accept
condition = ${if !eq {SERVER}{server}}
- transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+ transport = send_to_server
server:
driver = redirect
begin transports
-send_to_server1:
- driver = smtp
- allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
- hosts_try_fastopen = :
- tls_sni = fred
-
-send_to_server2:
- driver = smtp
+send_to_server:
+ driver = smtp
allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
+ hosts = HOSTIPV4
+ port = PORT_D
hosts_try_fastopen = :
- tls_sni = bill
-
+ hosts_require_tls = *
+ tls_sni = ${local_part}
# ----- Retry -----