# Exim test configuration 4520
SERVER=
-OPT=
-.include DIR/aux-var/std_conf_prefix
+.include DIR/aux-var/tls_conf_prefix
primary_hostname = myhost.test.ex
# ----- Main settings -----
-acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+acl_smtp_rcpt = accept encrypted = *
+acl_smtp_dkim = check_dkim
+acl_smtp_data = check_data
-DDIR=DIR/aux-fixed/dkim
-
-# ----- Routers
-
-begin routers
-
-server_dump:
- driver = redirect
- condition = ${if eq {SERVER}{server}{yes}{no}}
- data = :blackhole:
-
-client:
- driver = accept
- transport = send_to_server
+log_selector = +dkim_verbose
+dkim_verify_hashes = sha256 : sha512 : sha1
+.ifdef MSIZE
+dkim_verify_min_keysizes = MSIZE
+.endif
-# ----- Transports
+queue_only
+queue_run_in_order
-begin transports
-send_to_server:
- driver = smtp
- allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
+begin acl
- dkim_domain = test.ex
-.ifdef SELECTOR
- dkim_selector = SELECTOR
-.else
- dkim_selector = sel
+check_dkim:
+.ifdef BAD
+ warn logwrite = ${lookup dnsdb{defer_never,txt=_adsp._domainkey.$dkim_cur_signer}{$value}{unknown}}
.endif
-
- dkim_private_key = ${if match {$dkim_selector}{^ses} {DDIR/dkim512.private} \
- {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \
- {}}}}
-
-.ifndef HEADERS_MAXSIZE
- dkim_sign_headers = OPT
+.ifdef OPTION
+ warn condition = ${if eq {$dkim_algo}{rsa-sha1}}
+ condition = ${if eq {$dkim_verify_status}{pass}}
+ logwrite = NOTE: forcing dkim verify fail (was pass)
+ set dkim_verify_status = fail
+ set dkim_verify_reason = hash too weak
.endif
-.ifdef VALUE
- dkim_hash = VALUE
+ warn
+ logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+.ifndef STRICT
+ accept
.endif
+check_data:
+ accept logwrite = ${authresults {$primary_hostname}}
+
# End