exim4 shared key permission on Debian

On Debian, the exim4 key file is supposed to be /etc/exim4/exim.key with permissions:

chmod 640 exim.key
chown root:Debian-exim exim.key

If I have already a key file in /etc/ssl/private, owned by group ssl-cert, how can I recycle it for exim?

If I change the group of /etc/ssl/private dir to Debian-exim it works, but then for instance I would need to add openldap to the Debian-exim group, in order to use the key for slapd. Pretty unobvious, isn't it?

Adding Debian-exim to the ssl-cert group doesn't work: it is the exim software itself to blame the configuration as unsafe.

Which is the best-practice solution?

Solution 1:

If you use ACLs to make the key file readable by the Debian-exim group, does exim accept that?

setfacl -m g:Debian-exim:x /etc/ssl/private
setfacl -m g:Debian-exim:r /etc/ssl/private/key.pem

What are Linux SCSI command timeouts and is the default suited for software raid?

Ansible with Github: Permission denied (Publickey)

Creating a bridged WiFi AP (hotspot) in Centos 8 (or Fedora)

Windows Server 2003 - applied WCRY patch - restarted then RDP Failed (the workstation driver is not installed)

4 NICs or 4-port NIC?

sSMTP Unable to send message using external mail server SMTP

Disabling a cipher / cipher suite in postfix / TLS for specific recipient

enabling virtualization on supermicro board

Apache mod-rewrite rule to change subdomain.domain.tld to domain.tld/subdomain

Can you run Docker natively on the new Windows 10 Linux kernel?

Pointing main domain to another server while keeping subdomains in same place

How to configure postfix/dovecot setup to reject certain mail

exim4 shared key permission on Debian

Solution 1:

Related

Recent Posts