DKIM: support oversigning. Bugs 1309, 1310
[users/jgh/exim.git] / test / confs / 5720
1 # Exim test configuration 5720 (dup of 5710)
2 # $tls_out_peercert - OpenSSL
3
4 SERVER=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/SERVER%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13 timezone = UTC
14
15 # ----- Main settings -----
16
17 acl_smtp_rcpt = accept
18
19 log_selector =  +tls_peerdn
20
21 queue_only
22 queue_run_in_order
23
24 tls_advertise_hosts = *
25
26 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
27 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
28
29 tls_verify_hosts = *
30 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
31
32 event_action = ${acl {server_cert_log}}
33
34 #
35
36 begin acl
37
38 server_cert_log:
39   accept condition = ${if eq {tls:cert}{$event_name}}
40          logwrite =  [$sender_host_address] \
41                         depth=$event_data \
42                         ${certextract{subject}{$tls_in_peercert}}
43   accept
44
45 ev_tls:
46   accept logwrite =  $event_name depth=$event_data \
47                         <${certextract {subject} {$tls_out_peercert}}>
48 #        message = nooooo
49
50 ev_msg:
51   warn   logwrite =  $acl_arg1 $local_part
52   warn   logwrite =  ${if !def:tls_out_ourcert \
53                 {NO CLIENT CERT presented} \
54                 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
55   accept condition = ${if !def:tls_out_peercert}
56          logwrite =  No Peer cert
57   accept logwrite = Peer cert:
58          logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
59          logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
60          logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
61          logwrite =  SNO <${certextract {subject,O}     {$tls_out_peercert}}>
62          logwrite =  IN  <${certextract {issuer}        {$tls_out_peercert}}>
63          logwrite =  NB  <${certextract {notbefore}     {$tls_out_peercert}}>
64          logwrite =  NA  <${certextract {notafter}      {$tls_out_peercert}}>
65          logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>
66          logwrite =  SG  <${certextract {signature}     {$tls_out_peercert}}>
67          logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
68          logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
69          logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
70
71 logger:
72   accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
73          acl =       ev_msg $event_name $acl_arg2
74   accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
75          message =   ${acl {ev_tls}}
76   accept
77
78 # ----- Routers -----
79
80 begin routers
81
82 client:
83   driver = accept
84   condition = ${if eq {SERVER}{server}{no}{yes}}
85   retry_use_local_part
86   transport = send_to_server
87
88
89 # ----- Transports -----
90
91 begin transports
92
93 send_to_server:
94   driver = smtp
95   allow_localhost
96   hosts = 127.0.0.1
97   port = PORT_D
98
99   tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
100   tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
101
102   tls_verify_certificates = DIR/aux-fixed/exim-ca/\
103        ${if eq {$local_part}{good}\
104 {example.com/server1.example.com/ca_chain.pem}\
105 {example.net/server1.example.net/ca_chain.pem}}
106   tls_verify_cert_hostnames =
107   tls_try_verify_hosts =
108
109   event_action =   ${acl {logger} {$event_name} {$domain} }
110
111 # ----- Retry -----
112
113
114 begin retry
115
116 * * F,5d,10s
117
118
119 # End