Viktor Dukhovni:
> > On Feb 15, 2021, at 9:57 PM, Wietse Venema <wie...@porcupine.org> wrote:
> >
> > I just verified that TLS works when running "sendmail -bs" as user
> > 'postfix' from inetd. But I agree that this mode of operation is
> > suitable only for extraordinary cases.
>
> How was the SMTP server able to load the certificate chain? The private
> keys are typically only readable by "root".
They are readable by non-root. All this because of no privilege
dropping support after process initialization, but that could be
fixed by adding a couple command flags to smtpd(8) and invoking it
directly.
Wietse
