git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: fix Qualys CVE-2020-PFPZA
[exim.git]
/
test
/
confs
/
2152
diff --git
a/test/confs/2152
b/test/confs/2152
index a8b6c15f1ecdf2b8cf7adc2a3fd8d21f0301e349..a5acff04753867c6f9ae5b6d1d573b4834825c15 100644
(file)
--- a/
test/confs/2152
+++ b/
test/confs/2152
@@
-1,5
+1,4
@@
# Exim test configuration 2152
# Exim test configuration 2152
-# as per 2100 but with TCP Fast Open
SERVER=
SERVER=
@@
-7,28
+6,28
@@
SERVER=
primary_hostname = myhost.test.ex
primary_hostname = myhost.test.ex
-.ifdef _HAVE_TLS
-# that was purely to trigger the lazy-create of builtin macros
-.endif
# ----- Main settings -----
# ----- Main settings -----
-acl_smtp_rcpt =
accept
+acl_smtp_rcpt =
chk_r
-log_selector = +tls_peerdn
+
#
log_selector = +tls_peerdn
queue_only
queue_run_in_order
tls_advertise_hosts = *
queue_only
queue_run_in_order
tls_advertise_hosts = *
-# Set certificate only if server
+tls_certificate = DIR/aux-fixed/cert1
+tls_privatekey = DIR/aux-fixed/cert1
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
+# ----- ACL -----
+begin acl
+
+chk_r:
+ accept condition = ${if = {$received_port}{PORT_D2}}
+ accept verify = recipient/callout
# ----- Routers -----
# ----- Routers -----
@@
-36,25
+35,36
@@
begin routers
client:
driver = accept
client:
driver = accept
- condition = ${if eq {SERVER}{server}{no}{yes}}
- retry_use_local_part
+ condition = ${if !eq {SERVER}{server}}
transport = send_to_server
transport = send_to_server
+srvr_v:
+ driver = accept
+ verify_only
+ transport = send_to_server_v
+
# ----- Transports -----
begin transports
send_to_server:
# ----- Transports -----
begin transports
send_to_server:
- driver = smtp
+ driver = smtp
+ allow_localhost
+ hosts = 127.0.0.1
+ port = PORT_D
+ hosts_try_fastopen = :
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = :
+
+send_to_server_v:
+ driver = smtp
allow_localhost
allow_localhost
- hosts = 127.0.0.1
- port = PORT_D
- hosts_try_fastopen = *
- tls_certificate = DIR/aux-fixed/cert2
- tls_privatekey = DIR/aux-fixed/cert2
- tls_verify_certificates = DIR/aux-fixed/cert2
- tls_try_verify_hosts = :
+ hosts = 127.0.0.1
+ port = PORT_D2
+ hosts_try_fastopen = :
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = :
# ----- Retry -----
# ----- Retry -----