# DANE/GnuTLS
SERVER=
+CONTROL= *
.include DIR/aux-var/tls_conf_prefix
send_to_server:
driver = smtp
allow_localhost
- port = ${if match {$host}{\Ntest.ex$\N} {PORT_D}{25}}
+ port = PORT_D
+ hosts_try_fastopen = :
- hosts_try_dane = *
+ hosts_try_dane = CONTROL
hosts_require_dane = HOSTIPV4
tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
tls_try_verify_hosts = thishost.test.ex
- tls_verify_certificates = CDIR2/ca_chain.pem
+ tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}}