1 # Exim test configuration 5760 (dup of 5750)
2 # $tls_out_peercert - OpenSSL
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 rfc1413_query_timeout = 0s
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
13 gecos_name = CALLER_NAME
16 # ----- Main settings -----
18 acl_smtp_rcpt = accept
20 log_selector = +tls_peerdn
25 tls_advertise_hosts = *
27 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
28 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
31 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
33 event_action = ${acl {server_cert_log}}
40 accept condition = ${if eq {tls:cert}{$event_name}}
41 logwrite = [$sender_host_address] \
43 ${certextract{subject}{$tls_in_peercert}}
47 accept logwrite = $event_name depth=$event_data \
48 <${certextract {subject} {$tls_out_peercert}}>
52 warn logwrite = $acl_arg1 $local_part
53 warn logwrite = ${if !def:tls_out_ourcert \
54 {NO CLIENT CERT presented} \
55 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
56 accept condition = ${if !def:tls_out_peercert}
57 logwrite = No Peer cert
58 accept logwrite = Peer cert:
59 logwrite = ver <${certextract {version} {$tls_out_peercert}}>
60 logwrite = SN <${certextract {subject} {$tls_out_peercert}}>
61 logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}>
62 logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}>
63 logwrite = IN <${certextract {issuer} {$tls_out_peercert}}>
64 logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}>
65 logwrite = NA <${certextract {notafter} {$tls_out_peercert}}>
66 logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}>
67 logwrite = SG <${certextract {signature} {$tls_out_peercert}}>
68 logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
69 logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
70 logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
73 accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
74 acl = ev_msg $event_name $acl_arg2
75 accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
76 message = ${acl {ev_tls}}
85 condition = ${if eq {SERVER}{server}{no}{yes}}
87 transport = send_to_server
90 # ----- Transports -----
100 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
101 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
103 tls_verify_certificates = DIR/aux-fixed/exim-ca/\
104 ${if eq {$local_part}{good}\
105 {example.com/server1.example.com/ca_chain.pem}\
106 {example.net/server1.example.net/ca_chain.pem}}
107 tls_verify_cert_hostnames =
108 tls_try_verify_hosts =
110 event_action = ${acl {logger} {$event_name} {$domain} }