Johannes Lämmermann wrote: > I don't want my TLS private key insecure and unencrypted, > as i'm not the only root user on the server. With Apache Webserver > it works like a charm. When i start apache, i get prompted for the > key's passphrase.
Another 'root' user could simply dump an apache core and retrieve the decrypted key from it, so this is just security by obscurity. > I wondered, wheter exim4 is also able to do so? > I couldn't find anything, related to my problem, on the web > so I hope at least you guys can give me an answer. AFAIK this is not possible in Exim, since its OpenSSL initialization is per-forked-process, so you would have to re-enter your passphrase for every mail received or sent. /tom
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
