Docs: add note on DKIM verify disable
[exim.git] / test / confs / 4060
index a87c3d6b276e13891bc541d6e31308702d85c918..fa643ae4c5f825da07043ef531cc2355c27fa530 100644 (file)
@@ -3,8 +3,10 @@
 
 CONTROL=*
 OPT=
 
 CONTROL=*
 OPT=
+CONNECTCOND=
 
 keep_environment = PATH
 
 keep_environment = PATH
+add_environment = SSLKEYLOGFILE=DIR/spool/sslkeys
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
@@ -20,17 +22,25 @@ gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
 
 
-# Avoid ECDHE key-exchange so that we can wireshark-decode
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
+
+# Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
 .else
 tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
 .else
 tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
-pipelining_connect_advertise_hosts = *
-log_selector = +received_recipients +pipelining
+pipelining_connect_advertise_hosts = CONTROL
+log_selector = +received_recipients +millisec +pipelining
 queue_only
 
 acl_smtp_rcpt = accept
 queue_only
 
 acl_smtp_rcpt = accept
@@ -54,6 +64,7 @@ begin transports
 
 smtp:
   driver =             smtp
 
 smtp:
   driver =             smtp
+  hosts_try_fastopen = CONNECTCOND
   hosts_pipe_connect = CONTROL
   tls_verify_hosts =
   tls_try_verify_hosts =
   hosts_pipe_connect = CONTROL
   tls_verify_hosts =
   tls_try_verify_hosts =