[exim] Unix user / and group(s) of the process doing the SMT…

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Naef
Data:  
A: exim-users
Assumpte: [exim] Unix user / and group(s) of the process doing the SMTP delivery to a remot MTA?
Hi everyone

I'm testing to offer a TLS client Cert when Exim acts as an SMTP client to a
remote MTA.

However exim is unable to read the private key unless I make it world readable
(Which I obviously dont't want to do):

2022-01-07 17:12:07 1n5rcx-0008mU-OP == a@??? R=dnslookup T=remote_smtp
defer (-37) H=my.tld [1.2.3.4]:25: TLS session: (SSL_CTX_use_PrivateKey_file
file=/usr/[..]/privkey4.pem): error:0200100D:system library:fopen:Permission
denied

As what user is exim reading the TLS private key when it is acting as a TLS
client and configured to offe ar client cert? I couldn't find and figure it
out in the documentation... Is it fri(y)day-blindness? ;)

[root@atlantis ~]# ps auxww | grep exim
mailnull  24202   0.0  0.0  22572  11512  -  Ss   16:22        0:00.07 /usr/
local/sbin/exim -bd -q12m
root      98363   0.0  0.0  11280   2336  1  R+   17:18        0:00.00 grep 
exim


[root@atlantis ~]# procstat credential 24202
  PID COMM              EUID  RUID SVUID  EGID  RGID SVGID UMASK FLAGS GROUPS         
24202 exim                26    26    26     6     6     6   000 -     6,3009


[root@atlantis ~]# id mailnull
id=26(mailnull) gid=26(mailnull) groups=26(mailnull),3009(ssl)

[root@atlantis ~]# ls -l /usr/[..]/privkey4.pem
-rw-r----- 1 root ssl 1704 Oct 28 11:44 /usr/[..]/privkey4.pem

[root@atlantis ~]# sudo -u mailnull head -1 /usr/local/etc/letsencrypt/
archive/atlantis.aeolus.ch/privkey4.pem
-----BEGIN PRIVATE KEY-----


Thanks for other eyes what my mistake could be...


Best Rregards, Michael