X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/57233af5f91cdca9a0232a71fab2d12a538cb1a6..a2550b677cfc7c4dd6ac1ac24c7f029b6e5ef44d:/test/confs/5600?ds=sidebyside diff --git a/test/confs/5600 b/test/confs/5600 index 8b26ee7fa..c05bcfcf9 100644 --- a/test/confs/5600 +++ b/test/confs/5600 @@ -4,9 +4,9 @@ CRL= exim_path = EXIM_PATH +keep_environment = host_lookup_order = bydns primary_hostname = server1.example.com -rfc1413_query_timeout = 0s spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog gecos_pattern = "" @@ -14,6 +14,8 @@ gecos_name = CALLER_NAME # ----- Main settings ----- +acl_smtp_connect = check_connect +acl_smtp_mail = check_mail acl_smtp_rcpt = check_recipient log_selector = +tls_peerdn @@ -37,6 +39,16 @@ tls_ocsp_file = OCSP begin acl +check_connect: + accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +check_mail: + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + check_recipient: deny message = certificate not verified: peerdn=$tls_peerdn ! verify = certificate