SERVER =
-exim_path = EXIM_PATH
-host_lookup_order = bydns
-primary_hostname = server1.example.com
-rfc1413_query_timeout = 0s
-spool_directory = DIR/spool
-log_file_path = DIR/spool/log/SERVER%slog
-gecos_pattern = ""
-gecos_name = CALLER_NAME
+.include DIR/aux-var/tls_conf_prefix
+primary_hostname = server1.example.com
# ----- Main settings -----
fail}
# from cmdline define
-tls_ocsp_file = OCSP
+tls_ocsp_file = OPT
# ------ ACL ------
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server2:
driver = smtp
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server3:
driver = smtp
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_try_verify_hosts =
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server4:
driver = smtp
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
# ----- Retry -----