Hi everyone I'm testing to offer a TLS client Cert when Exim acts as an SMTP client to a remote MTA.
However exim is unable to read the private key unless I make it world readable (Which I obviously dont't want to do): 2022-01-07 17:12:07 1n5rcx-0008mU-OP == a...@b.tld R=dnslookup T=remote_smtp defer (-37) H=my.tld [1.2.3.4]:25: TLS session: (SSL_CTX_use_PrivateKey_file file=/usr/[..]/privkey4.pem): error:0200100D:system library:fopen:Permission denied As what user is exim reading the TLS private key when it is acting as a TLS client and configured to offe ar client cert? I couldn't find and figure it out in the documentation... Is it fri(y)day-blindness? ;) [root@atlantis ~]# ps auxww | grep exim mailnull 24202 0.0 0.0 22572 11512 - Ss 16:22 0:00.07 /usr/ local/sbin/exim -bd -q12m root 98363 0.0 0.0 11280 2336 1 R+ 17:18 0:00.00 grep exim [root@atlantis ~]# procstat credential 24202 PID COMM EUID RUID SVUID EGID RGID SVGID UMASK FLAGS GROUPS 24202 exim 26 26 26 6 6 6 000 - 6,3009 [root@atlantis ~]# id mailnull id=26(mailnull) gid=26(mailnull) groups=26(mailnull),3009(ssl) [root@atlantis ~]# ls -l /usr/[..]/privkey4.pem -rw-r----- 1 root ssl 1704 Oct 28 11:44 /usr/[..]/privkey4.pem [root@atlantis ~]# sudo -u mailnull head -1 /usr/local/etc/letsencrypt/ archive/atlantis.aeolus.ch/privkey4.pem -----BEGIN PRIVATE KEY----- Thanks for other eyes what my mistake could be... Best Rregards, Michael -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/