test/confs/5760

   1 # Exim test configuration 5760 (dup of 5750)
   2 # $tls_out_peercert - OpenSSL
   3
   4 SERVER=
   5
   6 exim_path = EXIM_PATH
   7 host_lookup_order = bydns
   8 primary_hostname = myhost.test.ex
   9 rfc1413_query_timeout = 0s
  10 spool_directory = DIR/spool
  11 log_file_path = DIR/spool/log/SERVER%slog
  12 gecos_pattern = ""
  13 gecos_name = CALLER_NAME
  14
  15 # ----- Main settings -----
  16
  17 acl_smtp_rcpt = accept
  18
  19 log_selector =  +tls_peerdn
  20
  21 queue_only
  22 queue_run_in_order
  23
  24 tls_advertise_hosts = *
  25
  26 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
  27 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  28
  29 tls_verify_hosts = *
  30 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
  31
  32 event_action = ${acl {server_cert_log}}
  33
  34 #
  35
  36 begin acl
  37
  38 server_cert_log:
  39   accept condition = ${if eq {tls:cert}{$event_name}}
  40          logwrite =  [$sender_host_address] \
  41                         depth=$event_data \
  42                         ${certextract{subject}{$tls_in_peercert}}
  43   accept
  44
  45 ev_tls:
  46   accept logwrite =  $event_name depth=$event_data \
  47                         <${certextract {subject} {$tls_out_peercert}}>
  48 #        message = nooooo
  49
  50 ev_msg:
  51   warn   logwrite =  $acl_arg1 $local_part
  52   warn   logwrite =  ${if !def:tls_out_ourcert \
  53                 {NO CLIENT CERT presented} \
  54                 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
  55   accept condition = ${if !def:tls_out_peercert}
  56          logwrite =  No Peer cert
  57   accept logwrite = Peer cert:
  58          logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
  59          logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
  60          logwrite =  IN  <${certextract {issuer}        {$tls_out_peercert}}>
  61          logwrite =  NB  <${certextract {notbefore}     {$tls_out_peercert}}>
  62          logwrite =  NA  <${certextract {notafter}      {$tls_out_peercert}}>
  63          logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>
  64          logwrite =  SG  <${certextract {signature}     {$tls_out_peercert}}>
  65          logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
  66          logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
  67          logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
  68
  69 logger:
  70   accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
  71          acl =       ev_msg $event_name $acl_arg2
  72   accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
  73          message =   ${acl {ev_tls}}
  74   accept
  75
  76 # ----- Routers -----
  77
  78 begin routers
  79
  80 client:
  81   driver = accept
  82   condition = ${if eq {SERVER}{server}{no}{yes}}
  83   retry_use_local_part
  84   transport = send_to_server
  85
  86
  87 # ----- Transports -----
  88
  89 begin transports
  90
  91 send_to_server:
  92   driver = smtp
  93   allow_localhost
  94   hosts = 127.0.0.1
  95   port = PORT_D
  96
  97   tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
  98   tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
  99
 100   tls_verify_certificates = DIR/aux-fixed/exim-ca/\
 101        ${if eq {$local_part}{good}\
 102 {example.com/server1.example.com/ca_chain.pem}\
 103 {example.net/server1.example.net/ca_chain.pem}}
 104
 105   event_action =   ${acl {logger} {$event_name} {$domain} }
 106
 107 # ----- Retry -----
 108
 109
 110 begin retry
 111
 112 * * F,5d,10s
 113
 114
 115 # End