The use of &%helo_data%& applies both to sending messages and when doing
callouts.
+.new
+.option host_name_extract smtp "string list&!!" "see below"
+.cindex "load balancer" "hosts behind"
+.cindex TLS resumption
+Some mail-accepting sites
+(notably Microsoft)
+operate many servers behind a network load-balancer. When this is done,
+with separated TLS session caches, TLS session resuption becomes problematic.
+It will only succeed when the same server happens to be selected by the
+load-balancer, matching the session stored in the client's cache.
+
+Exim can pull out a server name, if there is one, from the response to the
+client's SMTP EHLO command.
+The default value of this option:
+.code
+ ${if and { {match {$host} {.outlook.com\$}} \
+ {match {$item} {\N^250-([\w.]+)\s\N}} \
+ } {$1}}
+.endd
+suffices for one known case.
+During the expansion of this option the &$item$& variable will have the
+server's EHLO response.
+The result of the option expansion is included in the key used to store and
+retrieve the TLS session, for sessino resumption.
+
+Operators of high-load sites may wish to evaluate their logs for indications
+of other destination sites operating load-balancers, and develop a suitable
+expression for this option.
+.wen
+
.option hosts smtp "string list&!!" unset
Hosts are associated with an address by a router such as &(dnslookup)&, which
finds the hosts by looking up the address domain in the DNS, or by
home_directory string* unset transports 4.00 replaces individual options
host_all_ignored string "defer" manualroute 4.67
host_find_failed string "freeze" manualroute 4.00
+host_name_extract string
+ "${if and {{match{.outlook.com\\$}{$host}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}"
+ smtp 4.96
host_lookup host list unset main 3.00
host_lookup_order string list "bydns:byaddr" main 4.30
host_reject_connection host list unset main 4.00
host_item * host;
int host_af;
uschar * interface;
- uschar * sending_ip_address; /* used for TLS resumption */
+
int sock; /* used for a bound but not connected socket */
+ uschar * sending_ip_address; /* used for TLS resumption */
+ const uschar * host_lbserver; /* ditto, for server-behind LB */
#ifdef SUPPORT_DANE
BOOL dane:1; /* connection must do dane */
blob b;
gstring * g;
+DEBUG(D_tls) if (conn_args->host_lbserver)
+ debug_printf("TLS: lbserver '%s'\n", conn_args->host_lbserver);
+
#ifdef EXIM_HAVE_SHA2
exim_sha_init(h, HASH_SHA2_256);
#else
exim_sha_init(h, HASH_SHA1);
#endif
-
-// TODO: word from server EHLO resp /* how, fer gossakes? Add item to conn_args or tls_support? */
-
+exim_sha_update_string(h, conn_args->host_lbserver);
+#ifdef SUPPORT_DANE
if (conn_args->dane)
exim_sha_update(h, CUS &conn_args->tlsa_dnsa, sizeof(dns_answer));
+#endif
exim_sha_update_string(h, conn_args->host->address);
exim_sha_update(h, CUS &conn_args->host->port, sizeof(conn_args->host->port));
exim_sha_update_string(h, conn_args->sending_ip_address);
{ "final_timeout", opt_time, LOFF(final_timeout) },
{ "gethostbyname", opt_bool, LOFF(gethostbyname) },
{ "helo_data", opt_stringptr, LOFF(helo_data) },
+#if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
+ { "host_name_extract", opt_stringptr, LOFF(host_name_extract) },
+# endif
{ "hosts", opt_stringptr, LOFF(hosts) },
{ "hosts_avoid_esmtp", opt_stringptr, LOFF(hosts_avoid_esmtp) },
{ "hosts_avoid_pipelining", opt_stringptr, LOFF(hosts_avoid_pipelining) },
.tls_tempfail_tryclear = TRUE,
.tls_try_verify_hosts = US"*",
.tls_verify_cert_hostnames = US"*",
+# ifndef DISABLE_TLS_RESUME
+ .host_name_extract = US"${if and {{match{$host}{.outlook.com\\$}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}",
+# endif
#endif
#ifdef SUPPORT_I18N
.utf8_downconvert = US"-1",
if (tls_out.active.sock >= 0 || !(peer_offered & OPTION_TLS))
ehlo_response_limits_read(sx);
#endif
+/*XXX RESUMP - EHLO-resp avail here int sx->buffer */
if ( peer_offered != sx->peer_offered
|| (authbits = study_ehlo_auths(sx)) != *ap)
{
+/* Grab a string differentiating server behind a loadbalancer, for TLS
+resumption when such servers do not share a session-cache */
+
+static const uschar *
+ehlo_response_lbserver(uschar * buffer, smtp_transport_options_block * ob)
+{
+#if !defined(DISABLE_TLS) && !defined(DISABLE_TLS_RESUME)
+/* want to make this a main-section option */
+const uschar * s;
+uschar * save_item = iterate_item;
+
+iterate_item = buffer;
+s = expand_cstring(ob->host_name_extract);
+iterate_item = save_item;
+return s && !*s ? NULL : s;
+#else
+return NULL;
+#endif
+}
+
+
+
/* Callback for emitting a BDAT data chunk header.
If given a nonzero size, first flush any buffered SMTP commands
: 0
)
#endif
+/*XXX RESUMP - sx->buffer has the EHLO-resp, but only if not early-pipe and not continued-connection */
+/* maybe disable resump on cont? */
);
#ifdef EXPERIMENTAL_ESMTP_LIMITS
if (tls_out.active.sock >= 0 || !(sx->peer_offered & OPTION_TLS))
}
}
#endif
+ sx->conn_args.host_lbserver = ehlo_response_lbserver(sx->buffer, ob);
}
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
the response for the STARTTLS we just sent alone. On fail, assume wrong
cached capability and retry with the pipelining disabled. */
- if (sx->early_pipe_active && sync_responses(sx, 2, 0) != 0)
+ if (sx->early_pipe_active)
{
- HDEBUG(D_transport)
- debug_printf("failed reaping pipelined cmd responses\n");
- close(sx->cctx.sock);
- sx->cctx.sock = -1;
- sx->early_pipe_active = FALSE;
- goto PIPE_CONNECT_RETRY;
+ if (sync_responses(sx, 2, 0) != 0)
+ {
+ HDEBUG(D_transport)
+ debug_printf("failed reaping pipelined cmd responses\n");
+ close(sx->cctx.sock);
+ sx->cctx.sock = -1;
+ sx->early_pipe_active = FALSE;
+ goto PIPE_CONNECT_RETRY;
+ }
+/*XXX RESUMP - does this leave the EHLO-resp anywhere? Yes, sx->buffer */
+ sx->conn_args.host_lbserver = ehlo_response_lbserver(sx->buffer, ob);
}
#endif
TLS_NEGOTIATE:
{
sx->conn_args.sending_ip_address = sending_ip_address;
+ /*XXX RESUMP want LB-server info here */
if (!tls_client_start(&sx->cctx, &sx->conn_args, sx->addrlist, &tls_out, &tls_errstr))
{
/* TLS negotiation failed; give an error. From outside, this function may
int size_addition;
int hosts_max_try;
int hosts_max_try_hardlimit;
- int message_linelength_limit;
+ int message_linelength_limit;
BOOL address_retry_include_sender;
BOOL allow_localhost;
BOOL authenticated_sender_force;
uschar *tls_privatekey;
uschar *tls_require_ciphers;
# ifndef DISABLE_TLS_RESUME
+ uschar *host_name_extract;
uschar *tls_resumption_hosts;
# endif
const uschar *tls_sni;
hosts = 127.0.0.1
port = PORT_D
helo_data = helo.data.changed
+.ifdef HELO_MSG
+ host_name_extract = HELO_MSG
+.endif
.ifdef VALUE
tls_resumption_hosts = *
.else
hosts = 127.0.0.1
port = PORT_D
helo_data = helo.data.changed
+.ifdef HELO_MSG
+ host_name_extract = HELO_MSG
+.endif
.ifdef VALUE
tls_resumption_hosts = *
.else
1999-03-02 09:44:33 10HmbZ-0005vi-00 bits 256
1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"
1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmcB-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcB-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmcB-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcB-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmcB-0005vi-00 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcB-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcB-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmcB-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcC-0005vi-00"
+1999-03-02 09:44:33 10HmcB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
+1999-03-02 09:44:33 10HmcD-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmcD-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmcD-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcD-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmcD-0005vi-00 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcD-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcD-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmcD-0005vi-00 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcE-0005vi-00"
+1999-03-02 09:44:33 10HmcD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmcF-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcF-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmcF-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcF-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmcF-0005vi-00 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcF-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcF-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmcF-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcG-0005vi-00"
+1999-03-02 09:44:33 10HmcF-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmcH-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmcH-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmcH-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmcH-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmcH-0005vi-00 peer dn CN=server1.example.com
+1999-03-02 09:44:33 10HmcH-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmcH-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmcH-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcI-0005vi-00"
+1999-03-02 09:44:33 10HmcH-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for notreq@test.ex
1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: <notreq@test.ex> R=server
1999-03-02 09:44:33 10HmcA-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcC-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcB-0005vi-00@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmcC-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmcC-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcE-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcD-0005vi-00@myhost.test.ex for noresume@test.ex
+1999-03-02 09:44:33 10HmcE-0005vi-00 => :blackhole: <noresume@test.ex> R=server
+1999-03-02 09:44:33 10HmcE-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcG-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcF-0005vi-00@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmcG-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmcG-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmcI-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmcH-0005vi-00@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmcI-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmcI-0005vi-00 Completed
1999-03-02 09:44:33 10HmbQ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbS-0005vi-00"
1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
-1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified 1
1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject CN=server1.example.com
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified 1
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <xyz@test.ex> R=server
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <resume@test.ex> R=server
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 tls_in_resumption 0x05
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@myhost.test.ex for timeout@test.ex
1999-03-02 09:44:33 10HmbH-0005vi-00 => :blackhole: <timeout@test.ex> R=server
1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@myhost.test.ex for notreq@test.ex
1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <notreq@test.ex> R=server
1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 our cert subject CN=server1.example.com
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for abcd@test.ex
1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <abcd@test.ex> R=server
1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for renewal@test.ex
1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <renewal@test.ex> R=server
1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256
1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbO-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbO-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbO-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noresume@test.ex
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => noresume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbS-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbS-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbS-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbS-0005vi-00 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbS-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbS-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbS-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbT-0005vi-00"
+1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex
+1999-03-02 09:44:33 10HmbU-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbU-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbU-0005vi-00 peer cert subject CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbU-0005vi-00 peer dn /CN=server1.example.com
+1999-03-02 09:44:33 10HmbU-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbU-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbU-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbV-0005vi-00"
+1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for noverify_resume@test.ex
1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <noverify_resume@test.ex> R=server
1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbP-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for noresume@test.ex
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <noresume@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbS-0005vi-00@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbT-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject CN=server1.example.com
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbU-0005vi-00@myhost.test.ex for resume@test.ex
+1999-03-02 09:44:33 10HmbV-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
exim -odf notreq@test.ex
Test message, not requesting resumption.
****
+#
+# Test the host_name_extract transport option. Due to the change the second
+# message's connection should not offer a session. The third should (on the 2nd),
+# as should the fourth (on the 1st).
+sudo rm -f DIR/spool/db/tls*
+exim -DVALUE=resume -odf getticket@test.ex
+****
+exim -DVALUE=resume -DHELO_MSG=differenthost -odf noresume@test.ex
+****
+exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@test.ex
+****
+exim -DVALUE=resume -odf resume@test.ex
+****
+#
killdaemon
no_msglog_check
+++ /dev/null
-# TLS session resumption with OCSP
-gnutls
-#
-# For keying info:
-# (requires SSLKEYLOGFILE added to /etc/sudoers)
-# SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
-#
-### TLS1.2
-exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D
-****
-exim -DVALUE=resume -odf getticket@test.ex
-Test message. Contains FF: ÿ
-****
-exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
-Test message to two different hosts, one does not support resume
-****
-# allow time for ticket to hit renewal time
-sleep 3
-exim -DVALUE=resume -odf renewal@test.ex
-Test message.
-****
-exim -DVALUE=resume -odf postrenewal@test.ex
-Test message.
-****
-sleep 3
-exim -DVALUE=resume -odf timeout@test.ex
-Test message.
-****
-exim -odf notreq@test.ex
-Test message, not requesting resumption.
-****
-sudo rm -f DIR/spool/db/tls
-exim -odf -DVALUE=resume noverify_getticket@test.ex
-Dest on this means the server cert will not verify (but try_verify will permit it)
-****
-exim -odf -DVALUE=resume noverify_resume@test.ex
-Dest on this means the server cert will not verify (but try_verify will permit it)
-****
-killdaemon
-sleep 1
-sudo rm -f DIR/spool/db/tls
-#
-#
-### TLS1.3
-exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D
-****
-exim -DVALUE=resume -odf getticket@test.ex
-Test message. Contains FF: ÿ
-****
-exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
-Test message to two different hosts, one does not support resume
-****
-# allow time for ticket to hit renewal time
-sleep 3
-exim -DVALUE=resume -odf renewal@test.ex
-Test message.
-****
-exim -DVALUE=resume -odf postrenewal@test.ex
-Test message.
-****
-sleep 3
-exim -DVALUE=resume -odf timeout@test.ex
-Test message.
-****
-exim -odf notreq@test.ex
-Test message, not requesting resumption.
-****
-killdaemon
-no_msglog_check
--- /dev/null
+# TLS session resumption with OCSP
+gnutls
+#
+# For keying info:
+# (requires SSLKEYLOGFILE added to /etc/sudoers)
+# SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
+#
+### TLS1.2
+exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D
+****
+exim -DVALUE=resume -odf getticket@test.ex
+Test message. Contains FF: ÿ
+****
+exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
+Test message to two different hosts, one does not support resume
+****
+# allow time for ticket to hit renewal time
+sleep 3
+exim -DVALUE=resume -odf renewal@test.ex
+Test message.
+****
+exim -DVALUE=resume -odf postrenewal@test.ex
+Test message.
+****
+sleep 3
+exim -DVALUE=resume -odf timeout@test.ex
+Test message.
+****
+exim -odf notreq@test.ex
+Test message, not requesting resumption.
+****
+sudo rm -f DIR/spool/db/tls*
+exim -odf -DVALUE=resume noverify_getticket@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
+exim -odf -DVALUE=resume noverify_resume@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
+killdaemon
+sleep 1
+sudo rm -f DIR/spool/db/tls
+#
+#
+### TLS1.3
+exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D
+****
+exim -DVALUE=resume -odf getticket@test.ex
+Test message. Contains FF: ÿ
+****
+exim -DVALUE=resume -odf resume@test.ex abcd@test.ex xyz@test.ex
+Test message to two different hosts, one does not support resume
+****
+# allow time for ticket to hit renewal time
+sleep 3
+exim -DVALUE=resume -odf renewal@test.ex
+Test message.
+****
+exim -DVALUE=resume -odf postrenewal@test.ex
+Test message.
+****
+sleep 3
+exim -DVALUE=resume -odf timeout@test.ex
+Test message.
+****
+exim -odf notreq@test.ex
+Test message, not requesting resumption.
+****
+killdaemon
+no_msglog_check
exim -odf notreq@test.ex
Test message, not requesting resumption.
****
+#
sudo rm -f DIR/spool/db/tls*
exim -odf -DVALUE=resume noverify_getticket@test.ex
Dest on this means the server cert will not verify (but try_verify will permit it)
exim -odf -DVALUE=resume noverify_resume@test.ex
Dest on this means the server cert will not verify (but try_verify will permit it)
****
+#
+# Test the host_name_extract transport option. Due to the change the second
+# message's connection should not offer a session. The third should (on the 2nd),
+# as should the fourth (on the 1st).
+sudo rm -f DIR/spool/db/tls*
+exim -DVALUE=resume -odf getticket@test.ex
+****
+exim -DVALUE=resume -DHELO_MSG=differenthost -odf noresume@test.ex
+****
+exim -DVALUE=resume -DHELO_MSG=differenthost -odf resume@test.ex
+****
+exim -DVALUE=resume -odf resume@test.ex
+****
+#
killdaemon
no_msglog_check
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
250-PIPELINING
250-STARTTLS
250 HELP
+ ╭considering: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╭considering: $host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├considering: }{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $host
+ ╰─────result: 127.0.0.1
+ ╭considering: .outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───────text: .outlook.com
+ ├considering: \$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├backslashed: '\$'
+ ├considering: }} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: .outlook.com\$
+ ╰─────result: .outlook.com$
+ ╭───scanning: $item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├───scanning: }{\N^250-([\w.]+)\s\N}}} {$1}}
+ ├──expanding: $item
+ ├─────result:
+ ╰───skipping: result is not used
+ ╭───scanning: \N^250-([\w.]+)\s\N}}} {$1}}
+ ├──protected: ^250-([\w.]+)\s
+ ├───scanning: }}} {$1}}
+ ├──expanding: \N^250-([\w.]+)\s\N
+ ├─────result: ^250-([\w.]+)\s
+ ╰───skipping: result is not used
+ ├──condition: and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}}
+ ├─────result: false
+ ╭───scanning: $1}}
+ ├───scanning: }}
+ ├──expanding: $1
+ ├─────result:
+ ╰───skipping: result is not used
+ ├──expanding: ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
+ ╰─────result:
╭considering: ${if eq {$address_data}{usery}{*}{:}}
╭considering: $address_data}{usery}{*}{:}}
├considering: }{usery}{*}{:}}
final_timeout = 10m
no_gethostbyname
helo_data = $primary_hostname
+host_name_extract = ${if and {{match{$host}{.outlook.com\$}} {match{$item}{\N^250-([\w.]+)\s\N}}} {$1}}
hosts =
hosts_avoid_esmtp =
hosts_avoid_pipelining =