log_file_path = DIR/spool/log/SERVER%slog
gecos_pattern = ""
gecos_name = CALLER_NAME
+timezone = UTC
# ----- Main settings -----
tls_verify_hosts = *
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
+event_action = ${acl {server_cert_log}}
+
#
begin acl
+server_cert_log:
+ accept condition = ${if eq {tls:cert}{$event_name}}
+ logwrite = [$sender_host_address] \
+ depth=$event_data \
+ ${certextract{subject}{$tls_in_peercert}}
+ accept
+
ev_tls:
- accept logwrite = $tpda_event depth=$tpda_data \
+ accept logwrite = $event_name depth=$event_data \
<${certextract {subject} {$tls_out_peercert}}>
# message = noooo
logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
logger:
- accept condition = ${if eq {msg} {${listextract{1}{$tpda_event}}}}
- acl = ev_msg $tpda_event $acl_arg2
- accept condition = ${if eq {tls} {${listextract{1}{$tpda_event}}}}
+ accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
+ acl = ev_msg $event_name $acl_arg2
+ accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
message = ${acl {ev_tls}}
accept
${if eq {$local_part}{good}\
{example.com/server1.example.com/ca_chain.pem}\
{example.net/server1.example.net/ca_chain.pem}}
+ tls_verify_cert_hostnames =
- tpda_event_action = ${acl {logger} {$tpda_event} {$domain} }
+ event_action = ${acl {logger} {$event_name} {$domain} }
# ----- Retry -----