Hi Exim Users, I'm looking into getting Exim to use a TLS certificate.
Looking through the documentation, it seems that the private key file for the certificate needs to have read access by the relevant exim group, and also must not be password protected. Is this really the case? Is there no way to have a well-secured private key file, password-protected and only readable by user root? Apache and Dovecot manage this by reading the file on startup, before dropping privileges and changing to their "normal" uid, and asking for the password on the console. Is Exim not able to work this way as well? I'm not happy having an unprotected private key lying about anywhere, even if its permissions were 0400 - let alone 0440 as Exim requires. If Exim isn't able to do this, does anyone know if there are any plans for it in the future? Thanks, Adam -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
