Change HELO-verify forward case from byname to bydns and add DNSSEC tracking
[users/jgh/exim.git] / test / confs / 5650
1 # Exim test configuration 5650
2 # OCSP stapling, server
3
4 CRL=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = server1.example.com
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13
14 # ----- Main settings -----
15
16 acl_smtp_connect = check_connect
17 acl_smtp_mail = check_mail
18 acl_smtp_rcpt = check_recipient
19
20 log_selector = +tls_peerdn
21
22 queue_only
23 queue_run_in_order
24
25 tls_advertise_hosts = *
26
27 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
28 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
29 tls_crl = CRL
30 tls_ocsp_file = OCSP
31
32 #tls_verify_hosts = HOSTIPV4
33 #tls_try_verify_hosts = *
34 #tls_verify_certificates = DIR/aux-fixed/cert2
35
36
37
38 # ------ ACL ------
39
40 begin acl
41
42 check_connect:
43   accept   logwrite = acl_conn: ocsp in status: $tls_in_ocsp \
44     (${listextract {${eval:$tls_in_ocsp+1}} \
45                 {notreq:notresp:vfynotdone:failed:verified}})
46
47 check_mail:
48   accept   logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
49     (${listextract {${eval:$tls_in_ocsp+1}} \
50                 {notreq:notresp:vfynotdone:failed:verified}})
51
52 check_recipient:
53   accept
54
55
56 # ----- Routers -----
57
58 begin routers
59
60 abc:
61   driver = accept
62   retry_use_local_part
63   transport = local_delivery
64
65
66 # ----- Transports -----
67
68 begin transports
69
70 local_delivery:
71   driver = appendfile
72   file = DIR/test-mail/$local_part
73   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
74   user = CALLER
75
76 # End