blob: 62577a61ac0e9a6cf9366486b14ac7cba1b243ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# Exim test configuration 2031
# SNI
SERVER =
.include DIR/aux-var/tls_conf_prefix
primary_hostname = myhost.test.ex
# ----- Main settings -----
domainlist local_domains = test.ex : *.test.ex
acl_smtp_rcpt = acl_log_sni
log_selector = +tls_peerdn +tls_sni +received_recipients
remote_max_parallel = 1
tls_advertise_hosts = *
tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \
{cert1} \
{${if eq {$tls_in_sni}{alternate} \
{exim-ca/example.com/server1.example.com/server1.example.com.pem} \
{${if eq {$tls_in_sni}{badcert} \
{exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
{${if eq {$tls_in_sni}{nonexistcertfile} \
{nonexistent_file} \
fail \
} } \
} } \
} } \
}
tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \
{cert1} \
{${if eq {$tls_in_sni}{alternate} \
{exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
{${if eq {$tls_in_sni}{badkey} \
{cert2} \
{${if eq {$tls_in_sni}{noneistkeyfile} \
{nonexist_file} \
fail \
} } \
} } \
} } \
}
# ------ ACL ------
begin acl
acl_log_sni:
accept
logwrite = SNI <$tls_in_sni>
# ----- Routers -----
begin routers
client:
driver = accept
condition = ${if !eq {SERVER}{server}}
transport = send_to_server
server:
driver = redirect
data = :blackhole:
# ----- Transports -----
begin transports
send_to_server:
driver = smtp
allow_localhost
hosts = HOSTIPV4
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = *
tls_sni = ${local_part}
# ----- Retry -----
begin retry
* * F,5d,10s
# End
|
