Taint: mark more command-line arguments
[users/heiko/exim.git] / test / confs / 2132
1 # Exim test configuration 2132 (close copy of 2102)
2
3 .include DIR/aux-var/tls_conf_prefix
4
5 primary_hostname = myhost.test.ex
6
7 # ----- Main settings -----
8
9 acl_smtp_rcpt = check_recipient
10
11 log_selector = +tls_peerdn
12
13 queue_only
14 queue_run_in_order
15
16 tls_advertise_hosts = 127.0.0.1 : HOSTIPV4
17
18 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
19 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
20
21 tls_verify_hosts = HOSTIPV4
22 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/certdir
23
24
25 # ------ ACL ------
26
27 begin acl
28
29 check_recipient:
30   accept  hosts = :
31   deny    hosts = HOSTIPV4
32          !encrypted = *
33   warn    logwrite =  ${if def:tls_in_ourcert \
34                 {Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \
35                 {We did not present a cert}}
36   accept  condition = ${if !def:tls_in_peercert}
37           logwrite =  Peer did not present a cert
38   accept  logwrite =  SN  <${certextract {subject}      {$tls_in_peercert}}>
39
40
41 # ----- Routers -----
42
43 begin routers
44
45 abc:
46   driver = accept
47   retry_use_local_part
48   transport = local_delivery
49   headers_add = tls-certificate-verified: $tls_certificate_verified
50
51
52 # ----- Transports -----
53
54 begin transports
55
56 local_delivery:
57   driver = appendfile
58   file = DIR/test-mail/${bless:$local_part}
59   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
60   user = CALLER
61
62 # End