Add retry type "lookup". Bug 1566
[users/jgh/exim.git] / test / confs / 5760
index b8cab04faa021fe86c5042a4964f82a7888c7a24..303420f3d3b93f7219a208073bcb7b2c7875e6d0 100644 (file)
@@ -6,11 +6,11 @@ SERVER=
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 primary_hostname = myhost.test.ex
-rfc1413_query_timeout = 0s
 spool_directory = DIR/spool
 log_file_path = DIR/spool/log/SERVER%slog
 gecos_pattern = ""
 gecos_name = CALLER_NAME
+timezone = UTC
 
 # ----- Main settings -----
 
@@ -29,10 +29,19 @@ tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.e
 tls_verify_hosts = *
 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
 
+event_action = ${acl {server_cert_log}}
+
 #
 
 begin acl
 
+server_cert_log:
+  accept condition = ${if eq {tls:cert}{$event_name}}
+        logwrite =  [$sender_host_address] \
+                       depth=$event_data \
+                       ${certextract{subject}{$tls_in_peercert}}
+  accept
+
 ev_tls:
   accept logwrite =  $event_name depth=$event_data \
                        <${certextract {subject} {$tls_out_peercert}}>
@@ -48,6 +57,8 @@ ev_msg:
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
+        logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+        logwrite =  SNO <${certextract {subject,O}     {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>
@@ -92,6 +103,8 @@ send_to_server:
        ${if eq {$local_part}{good}\
 {example.com/server1.example.com/ca_chain.pem}\
 {example.net/server1.example.net/ca_chain.pem}}
+  tls_verify_cert_hostnames =
+  tls_try_verify_hosts =
 
   event_action =   ${acl {logger} {$event_name} {$domain} }