domainlist local_domains = test.ex : *.test.ex
acl_smtp_rcpt = check_recipient
+acl_smtp_data = check_data
+
log_selector = +tls_peerdn
remote_max_parallel = 1
accept domains = +local_domains
deny message = relay not permitted
+check_data:
+ warn condition = ${if def:h_X-TLS-out:}
+ logwrite = client claims: $h_X-TLS-out:
+ accept
# ----- Routers -----
condition = ${if eq {SERVER}{server}{no}{yes}}
retry_use_local_part
transport = send_to_server${if eq{$local_part}{nostaple}{1} \
- {${if eq{$local_part}{smtps} {3}{2}}} \
- }
+ {${if eq{$local_part}{norequire} {2} \
+ {${if eq{$local_part}{smtps} {4}{3}}} \
+ }}}
server:
driver = redirect
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
hosts_require_tls = *
-# note no ocsp here
+ hosts_request_ocsp = :
+ headers_add = X-TLS-out: ocsp status $tls_out_ocsp
send_to_server2:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ hosts_require_tls = *
+# note no ocsp mention here
+ headers_add = X-TLS-out: ocsp status $tls_out_ocsp
+
+send_to_server3:
driver = smtp
allow_localhost
hosts = 127.0.0.1
port = PORT_D
helo_data = helo.data.changed
- #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
hosts_require_tls = *
hosts_require_ocsp = *
+ headers_add = X-TLS-out: ocsp status $tls_out_ocsp
-send_to_server3:
+send_to_server4:
driver = smtp
allow_localhost
hosts = 127.0.0.1
port = PORT_D
helo_data = helo.data.changed
- #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
+ headers_add = X-TLS-out: ocsp status $tls_out_ocsp
# ----- Retry -----