1 # Exim test configuration 5652
2 # OCSP stapling, server, multiple certs
4 .include DIR/aux-var/tls_conf_prefix
6 primary_hostname = server1.example.com
8 # ----- Main settings -----
10 acl_smtp_mail = check_mail
11 acl_smtp_rcpt = check_recipient
13 log_selector = +tls_peerdn
18 tls_advertise_hosts = *
20 CADIR = DIR/aux-fixed/exim-ca
21 DRSA = CADIR/example.com
22 DECDSA = CADIR/example_ec.com
24 tls_certificate = DRSA/server1.example.com/server1.example.com.pem \
25 : DECDSA/server1.example_ec.com/server1.example_ec.com.pem
26 tls_privatekey = DRSA/server1.example.com/server1.example.com.unlocked.key \
27 : DECDSA/server1.example_ec.com/server1.example_ec.com.unlocked.key
28 tls_ocsp_file = DRSA/server1.example.com/server1.example.com.ocsp.good.resp \
29 : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp
38 accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
39 (${listextract {${eval:$tls_in_ocsp+1}} \
40 {notreq:notresp:vfynotdone:failed:verified}})
52 condition = ${if !eq {SERVER}{server}}
53 route_list = * 127.0.0.1
55 transport = remote_delivery
61 transport = local_delivery
64 # ----- Transports -----
72 tls_require_ciphers = OPT
73 hosts_require_ocsp = *
74 tls_verify_certificates = CERT
75 tls_verify_cert_hostnames = :
79 file = DIR/test-mail/$local_part
80 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn