Move certificate name checking to mainline, default enabled
[users/heiko/exim.git] / test / confs / 2031
1 # Exim test configuration 2030
2 # SNI
3
4 SERVER =
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 rfc1413_query_timeout = 0s
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15
16 # ----- Main settings -----
17
18 domainlist local_domains = test.ex : *.test.ex
19
20 acl_smtp_rcpt = acl_log_sni
21 log_selector = +tls_peerdn +tls_sni
22 remote_max_parallel = 1
23
24 tls_advertise_hosts = *
25
26 # Set certificate only if server
27
28 tls_certificate = ${if eq {SERVER}{server} \
29         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
30             {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
31             {cert1} \
32                         }\
33         }fail}
34
35 tls_privatekey = ${if eq {SERVER}{server} \
36         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
37             {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
38             {cert1} \
39                         }\
40         }fail}
41
42
43 # ------ ACL ------
44
45 begin acl
46
47 acl_log_sni:
48   accept
49          logwrite = SNI <$tls_in_sni>
50
51 # ----- Routers -----
52
53 begin routers
54
55 client:
56   driver = accept
57   condition = ${if !eq {SERVER}{server}}
58   transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
59
60 server:
61   driver = redirect
62   data = :blackhole:
63
64
65 # ----- Transports -----
66
67 begin transports
68
69 send_to_server1:
70   driver = smtp
71   allow_localhost
72   hosts = HOSTIPV4
73   port = PORT_D
74   tls_sni = fred
75
76 send_to_server2:
77   driver = smtp
78   allow_localhost
79   hosts = HOSTIPV4
80   port = PORT_D
81   tls_sni = bill
82
83
84 # ----- Retry -----
85
86
87 begin retry
88
89 * * F,5d,10s
90
91
92 # End