Hi Anton
On Freitag, 7. Januar 2022 18:08:12 CET Anton via Exim-users wrote:
> On 07-01-22 17:23, Michael Naef via Exim-users wrote:
> > Hi everyone
> >
> > I'm testing to offer a TLS client Cert when Exim acts as an SMTP client to
> > a remote MTA.
>
> hi Michael,
>
> try to add "initgroups = true" to transport?
Bingo!
As the documentation says:
https://www.exim.org/exim-html-current/doc/html/
spec_html/ch-generic_options_for_routers.html
"If the router queues an address for a transport, and this option is true, and
the uid supplied by the router is not overridden by the transport, the
initgroups() function is called when running the transport to ensure that any
additional groups associated with the uid are set up. See also group and user
and the discussion in chapter 23. "
--> "...to ensure that any additional groups associated with the uid are set
up"
This exactly what's missed: now the additional group 'ssl' to which
'mailnull', the exim_user, belongs to in my set-up is applied to the process
and the certificate is readable.
Thanks for the pointer!
Michael
