Ten days ago I had to install a new SSL cert. I verified everything as working and there were no problems until yesterday, when suddenly the the ESMTP server would not accept mail on 465.
The logs say that this is because the .pem file with the certificate *and private key* is not readable by esmtpd-ssl. This makes sense since esmtpd-ssl is running as user daemon, and the .pem is owned root and set 0600. I had thought the cert file was handled by one of the privileged processes, since the esmtpd-ssl conf file makes it explicit it NOT be world readable. Of course, it does not explicitly say who it needs to be readable by... So: 1) Is this just some configuration issue? Or 2) Am I wrong in believing the private key has to be in the file? In other words, would just the cert chain alone be okay? I don't like the idea of leaving the key readable by a non-privileged group. Sincerely, MK -- "Philosophy, love of wisdom, asserts a distance between love and wisdom, and in this gap that tenuously joins what it separates, we shall attempt to set up our cables." -> Avital Ronell ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
