X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/cc55f4208e997ee8cdd87bf2a141be0c615488f9..114b01dded2c9d72cdd44cac97a4d3cc9f22ddfd:/test/confs/4520 diff --git a/test/confs/4520 b/test/confs/4520 index 3127d13b3..00267da6a 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -1,65 +1,47 @@ # Exim test configuration 4520 SERVER= -OPT= -FAKE = -.include DIR/aux-var/std_conf_prefix +.include DIR/aux-var/tls_conf_prefix primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS -acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames -acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status +acl_smtp_rcpt = accept encrypted = * +acl_smtp_dkim = check_dkim +acl_smtp_data = check_data -dkim_verify_signers = $dkim_signers : FAKE - -DDIR=DIR/aux-fixed/dkim - - -# ----- Routers - -begin routers - -server_dump: - driver = redirect - condition = ${if eq {SERVER}{server}{yes}{no}} - data = :blackhole: - -client: - driver = accept - transport = send_to_server +log_selector = +dkim_verbose +dkim_verify_hashes = sha256 : sha512 : sha1 +.ifdef MSIZE +dkim_verify_min_keysizes = MSIZE +.endif -# ----- Transports +queue_only +queue_run_in_order -begin transports -send_to_server: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D +begin acl - dkim_domain = test.ex -.ifdef SELECTOR - dkim_selector = SELECTOR -.else - dkim_selector = sel +check_dkim: +.ifdef BAD + warn logwrite = ${lookup dnsdb{defer_never,txt=_adsp._domainkey.$dkim_cur_signer}{$value}{unknown}} .endif - - dkim_private_key = ${if match {$dkim_selector}{^ses} {DDIR/dkim512.private} \ - {${if match {$dkim_selector}{^sel} {DDIR/dkim.private} \ - {}}}} - -.ifndef HEADERS_MAXSIZE - dkim_sign_headers = OPT -.else - dkim_identity = allheaders@$dkim_domain +.ifdef OPTION + warn condition = ${if eq {$dkim_algo}{rsa-sha1}} + condition = ${if eq {$dkim_verify_status}{pass}} + logwrite = NOTE: forcing dkim verify fail (was pass) + set dkim_verify_status = fail + set dkim_verify_reason = hash too weak .endif -.ifdef VALUE - dkim_hash = VALUE + warn + logwrite = signer: $dkim_cur_signer bits: $dkim_key_length +.ifndef STRICT + accept .endif +check_data: + accept logwrite = ${authresults {$primary_hostname}} + # End