SECURITY: off-by-one in smtp transport (read response)
[exim.git] / test / confs / 4060
index a87c3d6b276e13891bc541d6e31308702d85c918..b6e071202bc619e8365b3d22fa20a73d7a417b38 100644 (file)
@@ -3,6 +3,7 @@
 
 CONTROL=*
 OPT=
+CONNECTCOND=
 
 keep_environment = PATH
 exim_path = EXIM_PATH
@@ -20,17 +21,25 @@ gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
 
-# Avoid ECDHE key-exchange so that we can wireshark-decode
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
+
+# Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
 .else
 tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
-pipelining_connect_advertise_hosts = *
-log_selector = +received_recipients +pipelining
+pipelining_connect_advertise_hosts = CONTROL
+log_selector = +received_recipients +millisec +pipelining
 queue_only
 
 acl_smtp_rcpt = accept
@@ -54,6 +63,7 @@ begin transports
 
 smtp:
   driver =             smtp
+  hosts_try_fastopen = CONNECTCOND
   hosts_pipe_connect = CONTROL
   tls_verify_hosts =
   tls_try_verify_hosts =