Hello, I'm writing to you because of a problem I can't solve through searching the web or reading the Exim documentation.
Exim uses my certificate and it's private key. Those data (at least the private key) is precious and therefore not world readable on my host. The file access rights are 640 with u=root and g=privkey_users. The group privkey_users is an additional group with members Debian-exim, dovecot and nginx because they all need access to that files. That works since a year now for Exim as a server So now I want Exim as a client to present the certificates also but Exim fails to load the files when trying to connect a TLS enabled host (mainlog says "Error while reading file."). Changing the file access rights to 644 *or* chown :Debian-exim makes it work again. But neither is ok because it either expose the files to much or makes them unaccessible for the other applications. >From chapter 55 of the Exim documentation I see that Exim delivery drops rights which it has as a server but I don't fully understand it - or I don't understand Unix access rights. With user Debian-exim member of privkey_users why can't it read files with access rights for the group privkey_users? Regards, Arno -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
