X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/281e72e46c44d316d47ed309dcb0d781a909a181..854586e1495b0a0f4be2a561c419ec4671009dbd:/test/confs/5840?ds=sidebyside diff --git a/test/confs/5840 b/test/confs/5840 index 2c72b64c3..1a16e1c09 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -3,18 +3,17 @@ SERVER= -exim_path = EXIM_PATH -host_lookup_order = bydns +.include DIR/aux-var/tls_conf_prefix + primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME # ----- Main settings ----- +.ifndef OPT acl_smtp_rcpt = accept +.else +acl_smtp_rcpt = accept verify = recipient/callout +.endif log_selector = +received_recipients +tls_peerdn +tls_certificate_verified @@ -26,17 +25,25 @@ tls_advertise_hosts = * CDIR1 = DIR/aux-fixed CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com +.ifdef CERT +tls_certificate = CERT +.else tls_certificate = ${if eq {SERVER}{server} \ {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ {CDIR2/fullchain.pem}\ {CDIR1/cert1}}}\ fail} +.endif +.ifdef ALLOW +tls_privatekey = ALLOW +.else tls_privatekey = ${if eq {SERVER}{server} \ {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ {CDIR2/server1.example.com.unlocked.key}\ {CDIR1/cert1}}}\ fail} +.endif # ----- Routers ----- @@ -48,6 +55,7 @@ client: dnssec_request_domains = * self = send transport = send_to_server + errors_to = "" server: driver = redirect @@ -61,13 +69,11 @@ begin transports send_to_server: driver = smtp allow_localhost - port = PORT_D + port = ${if match {$host}{\Ntest.ex$\N} {PORT_D}{25}} hosts_try_dane = * - hosts_require_dane = !thishost.test.ex - hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ - {= {0}{$tls_out_tlsa_usage}} } \ - {*}{}} + hosts_require_dane = HOSTIPV4 + tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex tls_verify_certificates = CDIR2/ca_chain.pem