DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
[exim.git] / test / confs / 4520
index 70454c33c904acb99962d6feaa80e0abf50fe4d9..3127d13b3dab1783eb3af66c155dcc62526b09ba 100644 (file)
@@ -2,6 +2,7 @@
 
 SERVER=
 OPT=
+FAKE =
 
 .include DIR/aux-var/std_conf_prefix
 
@@ -9,8 +10,13 @@ primary_hostname = myhost.test.ex
 
 # ----- Main settings -----
 
-acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS
+acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status
+
+dkim_verify_signers = $dkim_signers : FAKE
+
+DDIR=DIR/aux-fixed/dkim
 
 
 # ----- Routers
@@ -42,9 +48,18 @@ send_to_server:
 .else
   dkim_selector =      sel
 .endif
-  dkim_private_key =   DIR/aux-fixed/dkim/dkim.private
+
+  dkim_private_key =   ${if match {$dkim_selector}{^ses}       {DDIR/dkim512.private} \
+                         {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \
+                         {}}}}
+
 .ifndef HEADERS_MAXSIZE
   dkim_sign_headers =  OPT
+.else
+  dkim_identity =      allheaders@$dkim_domain
+.endif
+.ifdef VALUE
+  dkim_hash =          VALUE
 .endif
 
 # End