blob: c80d4d414b0462319b7217c0b97a05c79583a2bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
# Exim test configuration 3820
SERVER=
.ifdef TRUSTED
.include DIR/aux-var/tls_conf_prefix
.else
.include DIR/aux-var/std_conf_prefix
.endif
primary_hostname = myhost.test.ex
tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
# ----- Main settings -----
acl_smtp_rcpt = accept
queue_only
begin routers
client_r:
driver = accept
condition = ${if !eq {SERVER}{server}}
transport = smtp
begin transports
smtp:
driver = smtp
hosts = 127.0.0.1
allow_localhost
port = PORT_D
.ifdef TRUSTED
hosts_require_tls = *
tls_verify_certificates = DIR/aux-fixed/cert1
tls_verify_cert_hostnames = :
.endif
hosts_require_auth = *
# ----- Authentication -----
begin authenticators
.ifndef TRUSTED
sasl1:
driver = gsasl
public_name = ANONYMOUS
server_set_id = $auth1
server_condition = true
sasl2:
driver = gsasl
public_name = PLAIN
server_set_id = $auth1
server_condition = ${if eq {$auth3}{pencil}}
client_condition = ${if eq {plain}{$local_part}}
client_username = ph10
client_password = pencil
.endif
sasl3:
driver = gsasl
.ifdef TRUSTED
public_name = SCRAM-SHA-1-PLUS
server_advertise_condition = ${if def:tls_in_cipher}
server_channelbinding = true
.else
public_name = SCRAM-SHA-1
.endif
# will need to give library salt, stored-key, server-key, itercount
#
# sigh
# gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take
# a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
# unclear if the salt is given in binary or base64 to the library
server_scram_salt = ${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}}
server_password = ${if eq {$auth1}{ph10} {pencil}{unset_password}}
server_condition = true
server_set_id = $auth1
client_condition = ${if eq {scram_sha_1}{$local_part}}
client_username = ph10
client_password = pencil
.ifdef TRUSTED
client_channelbinding = true
.endif
.ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
sasl4:
driver = gsasl
.ifdef TRUSTED
public_name = SCRAM-SHA-256-PLUS
server_advertise_condition = ${if def:tls_in_cipher}
server_channelbinding = true
.else
public_name = SCRAM-SHA-256
.endif
server_scram_salt = QSXCR+Q6sek8bf92
server_password = pencil
server_condition = true
server_set_id = $auth1
client_condition = ${if eq {scram_sha_256}{$local_part}}
client_username = ph10
client_password = pencil
.ifdef TRUSTED
client_channelbinding = true
.endif
.endif
# End
|
