I'm trying to set up esmtpd-ssl for submitting mail from the client to Courier. In my configuration, I've got my certificates under /etc/ssl/private; however, I've had to add a+x permissions to /etc/ssl/private for Courier to be able to read esmtpd.pem. I also do imapd-ssl and pop3d-ssl with the certs in /etc/ssl/private, and those don't need the looser permissions. Does Courier drop root earlier for esmtpd-ssl than for imapd-ssl?
Yes.
Can it read the cert before it drops privs? If it
Nope.
can't (or shouldn't), should imapd-ssl and pop3d-ssl drop the privs earlier as well?
Neither imapd-ssl nor pop3d-ssl have a telepathic module installed. They cannot look into a crystal ball and see who the user will log in as, after the encrypted connection is made.
pgp00000.pgp
Description: PGP signature
