TLS authenticator
[users/jgh/exim.git] / test / confs / 3700
1 # Exim test configuration 3700
2
3 SERVER=
4
5 exim_path = EXIM_PATH
6 host_lookup_order = bydns
7 primary_hostname = myhost.test.ex
8 spool_directory = DIR/spool
9 log_file_path = DIR/spool/log/SERVER%slog
10 gecos_pattern = ""
11 gecos_name = CALLER_NAME
12
13 log_selector = +received_recipients +outgoing_port
14
15 # ----- Main settings -----
16
17 acl_smtp_mail = check_authd
18 acl_smtp_rcpt = check_authd
19 queue_only
20 queue_run_in_order
21 trusted_users = CALLER
22
23 tls_on_connect_ports = PORT_S
24 tls_advertise_hosts = *
25 tls_certificate = DIR/aux-fixed/cert1
26
27 tls_verify_hosts = *
28 tls_verify_certificates = DIR/aux-fixed/cert2
29
30
31 # ----- ACL -----
32
33 begin acl
34
35 check_authd:
36   deny     message = authentication required
37           !authenticated = *
38   accept
39
40
41 # ----- Authentication -----
42
43 begin authenticators
44
45 tls:
46   driver = tls
47   server_debug_print = +++TLS \$auth1="$auth1"
48   server_param1 =    ${quote:${certextract {subject,CN,>:} \
49                                   {$tls_in_peercert}}}
50   server_condition = ${if def:auth1}
51   server_set_id =    $auth1
52
53
54 # ----- Routers -----
55
56 begin routers
57
58 r1:
59   driver = accept
60   transport = ${if eq {$local_part}{smtps} {t2}{t1}}
61
62
63 # ----- Transports -----
64
65 begin transports
66
67 t1:
68   driver = smtp
69   hosts = 127.0.0.1
70   port = PORT_D
71   allow_localhost
72   tls_certificate =         DIR/aux-fixed/cert2
73   tls_verify_certificates = DIR/aux-fixed/cert1
74   tls_verify_cert_hostnames = :
75
76 t2:
77   driver = smtp
78   hosts = 127.0.0.1
79   port = PORT_S
80   protocol = smtps
81   allow_localhost
82   tls_certificate =         DIR/aux-fixed/cert2
83   tls_verify_certificates = DIR/aux-fixed/cert1
84   tls_verify_cert_hostnames = :
85
86 # End