test/confs/5890

   1 # Exim test configuration 5890
   2
   3 SERVER =
   4 OPTION = NORMAL
   5
   6 .include DIR/aux-var/tls_conf_prefix
   7
   8 primary_hostname = myhost.test.ex
   9
  10 # ----- Main settings -----
  11
  12 domainlist local_domains = test.ex : *.test.ex
  13
  14 acl_smtp_helo = check_helo
  15 acl_smtp_rcpt = check_recipient
  16 log_selector = +received_recipients +tls_resumption
  17
  18 tls_advertise_hosts = *
  19
  20 # Set certificate only if server
  21
  22 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
  23
  24 tls_require_ciphers = OPTION
  25 tls_resumption_hosts = 127.0.0.1
  26
  27
  28 # ------ ACL ------
  29
  30 begin acl
  31
  32 check_helo:
  33   accept  condition =   ${if def:tls_in_cipher}
  34           logwrite =    tls_in_resumption ${listextract {$tls_in_resumption} {_RESUME_DECODE}}
  35           logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
  36           logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
  37           logwrite =    peer cert verified\t${tls_in_certificate_verified}
  38           logwrite =    peer dn\t${tls_in_peerdn}
  39           logwrite =    ocsp\t${tls_in_ocsp}
  40           logwrite =    cipher\t${tls_in_cipher}
  41           logwrite =    bits\t${tls_in_bits}
  42   accept
  43
  44 check_recipient:
  45   accept  domains =     +local_domains
  46   deny    message =     relay not permitted
  47
  48 log_resumption:
  49   accept condition =    ${if def:tls_out_cipher}
  50          condition =    ${if eq {$event_name}{tcp:close}}
  51          logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
  52           logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
  53           logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
  54           logwrite =    peer cert verified\t${tls_out_certificate_verified}
  55           logwrite =    peer dn\t${tls_out_peerdn}
  56           logwrite =    ocsp\t${tls_out_ocsp}
  57           logwrite =    cipher\t${tls_out_cipher}
  58           logwrite =    bits\t${tls_out_bits}
  59
  60
  61 # ----- Routers -----
  62
  63 begin routers
  64
  65 client:
  66   driver = accept
  67   condition = ${if eq {SERVER}{server}{no}{yes}}
  68   retry_use_local_part
  69   transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
  70
  71 server:
  72   driver = redirect
  73   data = :blackhole:
  74
  75 # ----- Transports -----
  76
  77 begin transports
  78
  79 send_to_server1:
  80   driver = smtp
  81   allow_localhost
  82   hosts = 127.0.0.1
  83   port = PORT_D
  84   helo_data = helo.data.changed
  85 .ifdef VALUE
  86   tls_resumption_hosts = *
  87 .else
  88   tls_resumption_hosts = :
  89 .endif
  90   tls_verify_certificates = DIR/aux-fixed/cert1
  91   tls_verify_cert_hostnames = :
  92   event_action =        ${acl {log_resumption}}
  93
  94 send_to_server2:
  95   driver = smtp
  96   allow_localhost
  97   hosts = HOSTIPV4
  98   port = PORT_D
  99   tls_verify_certificates = DIR/aux-fixed/cert1
 100   tls_verify_cert_hostnames = :
 101   event_action =        ${acl {log_resumption}}
 102
 103
 104 # ----- Retry -----
 105
 106
 107 begin retry
 108
 109 * * F,5d,10s
 110
 111
 112 # End