Nigel, Thank you for taking the trouble to help.
Now that I have moved the private key file to /etc/exim4 all is working fine: outgoing emails are being signed properly.
Great! But I don't understand why.
(Don't feel obliged to reply ..... but I'd love to know!)
On 24 Mar 2012, at 19:51, Nigel Metheringham wrote:
> What user is exim running as?
top shows a numerical user id that is not in /etc/passwd so I was then uncertain as how to set file ownership and group
I chose user Debian-exim and its group: ssl-cert ... should I remove Debian-exim from group ssl-cert?
> What are the ownership and permissions on /etc/ssl and /etc/ssl/private ?
I (naively?) believed that the file permissions were what determined for whom the file is readable, and not the permissions of the directory in which the file exists.
/etc/ssl's permissions:
drwxr-xr-x 4 root root 4096 2012-02-15 11:59 ./
drwxr-xr-x 100 root root 4096 2012-03-25 02:34 ../
...
drwx--x--- 2 root ssl-cert 4096 2012-03-25 10:11 private/
