GnuTLS: Fix client detection of server reject of client cert under TLS1.3
[users/heiko/exim.git] / test / confs / 5910
1 # Exim test configuration 5910
2
3 SERVER=
4
5 # advertise REQUIRETLS unless commandline override
6 SRV= *
7 # set on commandline to add an extra rcpt-time acl condition
8 ACL=
9
10 exim_path = EXIM_PATH
11 keep_environment =
12 host_lookup_order = bydns
13 spool_directory = DIR/spool
14
15 .ifdef SERVER
16 log_file_path = DIR/spool/log/SERVER%slog
17 .else
18 log_file_path = DIR/spool/log/%slog
19 .endif
20
21 gecos_pattern = ""
22 gecos_name = CALLER_NAME
23 chunking_advertise_hosts =
24 .ifdef _HAVE_PIPE_CONNECT
25 pipelining_connect_advertise_hosts =
26 .endif
27
28 primary_hostname = myhost.test.ex
29
30 # ----- Main settings -----
31
32 acl_smtp_mail = m
33 acl_smtp_rcpt = r
34 acl_not_smtp = n
35
36 log_selector =  +tls_peerdn +received_recipients
37
38 queue_only
39 queue_run_in_order
40
41 tls_advertise_hosts = *
42 tls_advertise_requiretls = SRV
43
44 # Set certificate only if server
45
46 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
47 tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
48
49 #tls_verify_hosts = *
50 #tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
51
52
53 # ----- ACL -----
54
55 begin acl
56
57 m:
58   accept        senders = :
59   deny          condition = ${if eq {SERVER}{server}}
60                 !sender_domains = test.ex : myhost.test.ex
61   accept
62  
63 r:
64   warn          condition = ${if eq {SERVER}{server}}
65                 logwrite = requiretls: $requiretls
66
67 # define this to upgrade messages to REQUIRETLS
68 .ifdef OPT
69   warn
70                 condition = ${if !bool{$requiretls}}
71                 logwrite = upgrading
72                 control = requiretls
73 .endif
74   accept        ACL
75
76 n:
77 .ifdef OPT
78   accept
79                 condition = ${if !bool{$requiretls}}
80                 logwrite = upgrading
81                 control = requiretls
82 .endif
83   accept
84 # ----- Routers -----
85
86 begin routers
87
88 bounces:
89   driver = redirect
90   condition = ${if !def:sender_address}
91   condition = ${if first_delivery}
92   data = :defer:
93   allow_defer
94
95 final:
96   driver = accept
97   condition = ${if eq {$received_ip_address}{HOSTIPV4} {yes}{no}}
98   transport = file_a_bounce
99
100 client:
101   driver = accept
102   transport = send_to_server
103
104
105 # ----- Transports -----
106
107 begin transports
108
109 file_a_bounce:
110   driver = appendfile
111   delivery_date_add
112   envelope_to_add
113   file = DIR/test-mail/$local_part
114   return_path_add
115   user = CALLER
116
117 send_to_server:
118   driver = smtp
119   allow_localhost
120   hosts = HOSTIPV4
121   port = PORT_D
122   tls_certificate = DIR/aux-fixed/cert2
123   tls_privatekey = DIR/aux-fixed/cert2
124   tls_verify_certificates = DIR/aux-fixed/cert2
125   tls_try_verify_hosts = :
126
127
128 # ----- Retry -----
129
130
131 begin retry
132
133 * * F,5d,10s
134
135
136 # End