Hi everyone
I'm testing to offer a TLS client Cert when Exim acts as an SMTP client to a
remote MTA.
However exim is unable to read the private key unless I make it world readable
(Which I obviously dont't want to do):
2022-01-07 17:12:07 1n5rcx-0008mU-OP == a@??? R=dnslookup T=remote_smtp
defer (-37) H=my.tld [1.2.3.4]:25: TLS session: (SSL_CTX_use_PrivateKey_file
file=/usr/[..]/privkey4.pem): error:0200100D:system library:fopen:Permission
denied
As what user is exim reading the TLS private key when it is acting as a TLS
client and configured to offe ar client cert? I couldn't find and figure it
out in the documentation... Is it fri(y)day-blindness? ;)
[root@atlantis ~]# ps auxww | grep exim
mailnull 24202 0.0 0.0 22572 11512 - Ss 16:22 0:00.07 /usr/
local/sbin/exim -bd -q12m
root 98363 0.0 0.0 11280 2336 1 R+ 17:18 0:00.00 grep
exim
[root@atlantis ~]# procstat credential 24202
PID COMM EUID RUID SVUID EGID RGID SVGID UMASK FLAGS GROUPS
24202 exim 26 26 26 6 6 6 000 - 6,3009
[root@atlantis ~]# id mailnull
id=26(mailnull) gid=26(mailnull) groups=26(mailnull),3009(ssl)
[root@atlantis ~]# ls -l /usr/[..]/privkey4.pem
-rw-r----- 1 root ssl 1704 Oct 28 11:44 /usr/[..]/privkey4.pem
[root@atlantis ~]# sudo -u mailnull head -1 /usr/local/etc/letsencrypt/
archive/atlantis.aeolus.ch/privkey4.pem
-----BEGIN PRIVATE KEY-----
Thanks for other eyes what my mistake could be...
Best Rregards, Michael
