ACL: Permit the "encrypted" condition to be used in a HELO/EHLO ACL
[exim.git] / test / confs / 3700
index 94bd26ebdf3c0ab7107effbcfcaf3317e5fc7243..598bc7f1a15c6971fe5623e8fa605a725306085f 100644 (file)
@@ -9,29 +9,38 @@ log_selector = +received_recipients +outgoing_port
 
 # ----- Main settings -----
 
+acl_smtp_auth = log_call
 acl_smtp_mail = check_authd
 acl_smtp_rcpt = check_authd
+acl_smtp_data = ar_header
+
 queue_only
 queue_run_in_order
 trusted_users = CALLER
 
 tls_on_connect_ports = PORT_S
 tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey =  DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 
 tls_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
 
 
 # ----- ACL -----
 
 begin acl
 
+log_call:
+  accept   logwrite = Auth ACL called, after smtp cmd "$smtp_command"
+
 check_authd:
   deny     message = authentication required
           !authenticated = *
   accept
 
+ar_header:
+  accept  add_header = :at_start:${authresults {$primary_hostname}}
 
 # ----- Authentication -----
 
@@ -50,9 +59,14 @@ tls:
 
 begin routers
 
-r1:
-  driver = accept
-  transport = ${if eq {$local_part}{smtps} {t2}{t1}}
+server_r:
+  driver =     accept
+  condition =  ${if eq {server}{SERVER}}
+  transport =  file
+
+client_r1:
+  driver =     accept
+  transport =  ${if eq {$local_part}{smtps} {t2}{t1}}
 
 
 # ----- Transports -----
@@ -63,19 +77,29 @@ t1:
   driver = smtp
   hosts = 127.0.0.1
   port = PORT_D
+  hosts_try_fastopen = :
   allow_localhost
-  tls_certificate =         DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
   tls_verify_cert_hostnames = :
 
 t2:
   driver = smtp
   hosts = 127.0.0.1
   port = PORT_S
+  hosts_try_fastopen = :
   protocol = smtps
   allow_localhost
-  tls_certificate =         DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
   tls_verify_cert_hostnames = :
 
+file:
+  driver = appendfile
+  file = DIR/test-mail/$local_part
+  create_file = DIR/test-mail
+  user = CALLER
+
 # End