TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug...
[users/jgh/exim.git] / test / confs / 4500
index b53dff5b7f2b9b4d4855f82f8485050b0078e0df..9f0829c1a2b23e8379e64cfebf8bf05723b4a989 100644 (file)
@@ -10,6 +10,13 @@ primary_hostname = myhost.test.ex
 
 acl_smtp_rcpt = accept
 acl_smtp_dkim = check_dkim
 
 acl_smtp_rcpt = accept
 acl_smtp_dkim = check_dkim
+acl_smtp_data = check_data
+
+log_selector = +dkim_verbose
+dkim_verify_hashes = sha256 : sha512 : sha1
+.ifdef MSIZE
+dkim_verify_min_keysizes = MSIZE
+.endif
 
 queue_only
 queue_run_in_order
 
 queue_only
 queue_run_in_order
@@ -28,7 +35,13 @@ check_dkim:
        set dkim_verify_status = fail
        set dkim_verify_reason = hash too weak
 .endif
        set dkim_verify_status = fail
        set dkim_verify_reason = hash too weak
 .endif
-  accept
+  warn
        logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
        logwrite = signer: $dkim_cur_signer bits: $dkim_key_length
+.ifndef STRICT
+  accept
+.endif
+
+check_data:
+  accept logwrite = ${authresults {$primary_hostname}}
 
 # End
 
 # End