Remember the fail reason for verify=headers_syntax. Bug 264
[users/jgh/exim.git] / test / confs / 5840
1 # Exim test configuration 5840
2 # DANE
3
4 SERVER=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/SERVER%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13
14 # ----- Main settings -----
15
16 .ifndef OPT
17 acl_smtp_rcpt = accept
18 .else
19 acl_smtp_rcpt = accept verify = recipient/callout
20 .endif
21
22 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
23
24 queue_run_in_order
25
26 tls_advertise_hosts = *
27
28 # Set certificate only if server
29 CDIR1 = DIR/aux-fixed
30 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
31
32 tls_certificate = ${if eq {SERVER}{server} \
33         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
34                 {CDIR2/fullchain.pem}\
35                 {CDIR1/cert1}}}\
36         fail}
37
38 tls_privatekey = ${if eq {SERVER}{server} \
39         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
40                 {CDIR2/server1.example.com.unlocked.key}\
41                 {CDIR1/cert1}}}\
42         fail}
43
44 # ----- Routers -----
45
46 begin routers
47
48 client:
49   driver = dnslookup
50   condition = ${if eq {SERVER}{}}
51   dnssec_request_domains = *
52   self = send
53   transport = send_to_server
54
55 server:
56   driver = redirect
57   data = :blackhole:
58
59
60 # ----- Transports -----
61
62 begin transports
63
64 send_to_server:
65   driver = smtp
66   allow_localhost
67   port = PORT_D
68
69   hosts_try_dane =     *
70   hosts_require_dane = !thishost.test.ex
71   tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
72   tls_try_verify_hosts = thishost.test.ex
73   tls_verify_certificates = CDIR2/ca_chain.pem
74
75
76
77 # ----- Retry -----
78
79
80 begin retry
81
82 * * F,5d,10s
83
84
85 # End