Docs: add note on non-functionality of "exists" for de-tainting
[users/heiko/exim.git] / test / confs / 4065
1 # test config 4065
2 # Early-pipe, AUTH, GnuTLS, tls-on-connect
3
4 keep_environment = PATH
5 exim_path = EXIM_PATH
6 host_lookup_order = bydns
7 spool_directory = DIR/spool
8
9 .ifdef SERVER
10 log_file_path = DIR/spool/log/SERVER%slog
11 .else
12 log_file_path = DIR/spool/log/%slog
13 .endif
14
15 gecos_pattern = ""
16 gecos_name = CALLER_NAME
17 dns_cname_loops = 9
18 chunking_advertise_hosts =
19 tls_on_connect_ports = PORT_D
20 tls_advertise_hosts = *
21 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
22
23 # Avoid ECDHE key-exchange so that we can wireshark-decode
24 .ifdef _HAVE_GNUTLS
25 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
26 .endif
27
28 .ifdef _HAVE_DMARC
29 dmarc_tld_file =
30 .endif
31
32 pipelining_connect_advertise_hosts = *
33 auth_advertise_hosts = *
34
35 log_selector = +received_recipients +pipelining
36 queue_only
37
38 acl_smtp_rcpt = accept
39
40 #
41 begin routers
42
43 server:
44   driver =      redirect
45   condition =   ${if eq {SERVER}{server}}
46   data =        :blackhole:
47
48 client:
49   driver =      manualroute
50   route_data =  127.0.0.1
51   self =        send
52   transport =   smtp
53
54 #
55 begin transports
56
57 smtp:
58   driver =              smtp
59   hosts_pipe_connect =  *
60   port =                PORT_D
61   hosts_try_fastopen =  :
62   protocol =            smtps
63   tls_verify_hosts =
64   tls_try_verify_hosts =
65   hosts_require_auth =  *
66
67 #
68 begin authenticators
69
70 plain:
71   driver = plaintext
72   public_name = PLAIN
73
74   server_condition = "\
75     ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
76   server_set_id = $auth2
77
78   client_send = ^userx^secret
79