Testsuite: reorder for dependencies; rename TPDA to events
[users/jgh/exim.git] / test / confs / 5740
diff --git a/test/confs/5740 b/test/confs/5740
new file mode 100644 (file)
index 0000000..e20a8b6
--- /dev/null
@@ -0,0 +1,157 @@
+# Exim test configuration 5740
+# OCSP stapling, client, events
+
+SERVER =
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = server1.example.com
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/SERVER%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = check_recipient
+acl_smtp_data = check_data
+
+log_selector = +tls_peerdn
+remote_max_parallel = 1
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+
+tls_certificate = ${if eq {SERVER}{server}\
+{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
+fail\
+}
+
+#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
+
+tls_privatekey = ${if eq {SERVER}{server}\
+{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
+fail}
+
+tls_ocsp_file = OCSP
+
+
+# ------ ACL ------
+
+begin acl
+
+check_recipient:
+  accept  domains = +local_domains
+  deny    message = relay not permitted
+
+check_data:
+  warn   condition   = ${if def:h_X-TLS-out:}
+         logwrite = client claims: $h_X-TLS-out:
+  accept
+
+logger:
+  accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}}
+  warn logwrite = client ocsp status: $tls_out_ocsp \
+    (${listextract {${eval:$tls_out_ocsp+1}} \
+               {notreq:notresp:vfynotdone:failed:verified}})
+  accept
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver = accept
+  condition = ${if eq {SERVER}{server}{no}{yes}}
+  retry_use_local_part
+  transport = send_to_server${if eq{$local_part}{nostaple}{1} \
+                               {${if eq{$local_part}{norequire} {2} \
+                               {${if eq{$local_part}{smtps} {4}{3}}} \
+                            }}}
+
+server:
+  driver = redirect
+  data = :blackhole:
+  #retry_use_local_part
+  #transport = local_delivery
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+  driver = appendfile
+  file = DIR/test-mail/$local_part
+  headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+  user = CALLER
+
+# nostaple: deliberately do not request cert-status
+send_to_server1:
+  driver = smtp
+  allow_localhost
+  hosts = HOSTIPV4
+  port = PORT_D
+  tls_verify_certificates =    DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+  tls_verify_cert_hostnames =
+  hosts_require_tls =  *
+  hosts_request_ocsp = :
+  headers_add =                        X-TLS-out: ocsp status $tls_out_ocsp
+  event_action =               ${acl {logger}}
+
+# norequire: request stapling but do not verify
+send_to_server2:
+  driver = smtp
+  allow_localhost
+  hosts = HOSTIPV4
+  port = PORT_D
+  tls_verify_certificates =    DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+  tls_verify_cert_hostnames =
+  hosts_require_tls =  *
+# note no ocsp mention here
+  headers_add =                        X-TLS-out: ocsp status $tls_out_ocsp
+  event_action =               ${acl {logger}}
+
+# (any other name): request and verify
+send_to_server3:
+  driver = smtp
+  allow_localhost
+  hosts = 127.0.0.1
+  port = PORT_D
+  helo_data = helo.data.changed
+  tls_verify_certificates =    DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+  tls_verify_cert_hostnames =
+  hosts_require_tls =  *
+  hosts_require_ocsp = *
+  headers_add =                        X-TLS-out: ocsp status $tls_out_ocsp
+  event_action =               ${acl {logger}}
+
+# (any other name): request and verify, ssl-on-connect
+send_to_server4:
+  driver = smtp
+  allow_localhost
+  hosts = 127.0.0.1
+  port = PORT_D
+  helo_data = helo.data.changed
+  tls_verify_certificates =    DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+  tls_verify_cert_hostnames =
+  protocol =           smtps
+  hosts_require_tls =  *
+  hosts_require_ocsp = *
+  headers_add =                        X-TLS-out: ocsp status $tls_out_ocsp
+  event_action =               ${acl {logger}}
+
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,1s
+
+
+# End