Docs: add example for DKIM dual-signing
[users/heiko/exim.git] / test / confs / 5650
1 # Exim test configuration 5650
2 # OCSP stapling, server
3
4 CRL=
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = server1.example.com
9
10 # ----- Main settings -----
11
12 acl_smtp_connect = check_connect
13 acl_smtp_mail = check_mail
14 acl_smtp_rcpt = check_recipient
15
16 log_selector = +tls_peerdn
17
18 queue_only
19 queue_run_in_order
20
21 tls_advertise_hosts = *
22
23 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
24 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
25 tls_crl = CRL
26 tls_ocsp_file = OPTION
27
28 #tls_verify_hosts = HOSTIPV4
29 #tls_try_verify_hosts = *
30 #tls_verify_certificates = DIR/aux-fixed/cert2
31
32
33
34 # ------ ACL ------
35
36 begin acl
37
38 check_connect:
39   accept   logwrite = acl_conn: ocsp in status: $tls_in_ocsp \
40     (${listextract {${eval:$tls_in_ocsp+1}} \
41                 {notreq:notresp:vfynotdone:failed:verified}})
42
43 check_mail:
44   accept   logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
45     (${listextract {${eval:$tls_in_ocsp+1}} \
46                 {notreq:notresp:vfynotdone:failed:verified}})
47
48 check_recipient:
49   accept
50
51
52 # ----- Routers -----
53
54 begin routers
55
56 abc:
57   driver = accept
58   retry_use_local_part
59   transport = local_delivery
60
61
62 # ----- Transports -----
63
64 begin transports
65
66 local_delivery:
67   driver = appendfile
68   file = DIR/test-mail/${bless:$local_part}
69   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
70   user = CALLER
71
72 # End