Autor: saud shahzad Data: A: \"Exim-users\" <Exim-users@exim.org> Assumpte: Re: [exim] Unix user / and group(s) of the process doing the SMTP
delivery to a remot MTA?
On 2022-01-07 16:23, Michael Naef wrote: > Hi everyone
>
> I'm testing to offer a TLS client Cert when Exim acts as an SMTP client to a
> remote MTA.
>
> However exim is unable to read the private key unless I make it world readable
> (Which I obviously dont't want to do):
>
> 2022-01-07 17:12:07 1n5rcx-0008mU-OP == a@??? R=dnslookup T=remote_smtp
> defer (-37) H=my.tld [1.2.3.4]:25: TLS session: (SSL_CTX_use_PrivateKey_file
> file=/usr/[..]/privkey4.pem): error:0200100D:system library:fopen:Permission
> denied
>
> As what user is exim reading the TLS private key when it is acting as a TLS
> client and configured to offe ar client cert? I couldn't find and figure it
> out in the documentation... Is it fri(y)day-blindness? ;)
>
>
>
> [root@atlantis ~]# id mailnull
> id=26(mailnull) gid=26(mailnull) groups=26(mailnull),3009(ssl)
>
> [root@atlantis ~]# ls -l /usr/[..]/privkey4.pem
> -rw-r----- 1 root ssl 1704 Oct 28 11:44 /usr/[..]/privkey4.pem
>
> [root@atlantis ~]# sudo -u mailnull head -1 /usr/local/etc/letsencrypt/
> archive/atlantis.aeolus.ch/privkey4.pem
> -----BEGIN PRIVATE KEY-----
>
>
> Thanks for other eyes what my mistake could be...
>
>
> Best Rregards, Michael
>
>
>
> Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows