From a7d09b4c5f3a3d15375814ca199c4ad9167a4ac2 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Thu, 23 Oct 2025 21:00:14 +0200
Subject: [PATCH] cert 3

---
 deployment/deploy-yml.tmpl | 5 ++++-
 exim.conf                  | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/deployment/deploy-yml.tmpl b/deployment/deploy-yml.tmpl
index f510147..19da39b 100644
--- a/deployment/deploy-yml.tmpl
+++ b/deployment/deploy-yml.tmpl
@@ -36,7 +36,7 @@ spec:
               mountPath: /etc/exim/db
               readOnly: true
             - name: tls-cert
-              mountPath: /etc/exim/db
+              mountPath: /etc/exim/ssl
               readOnly: true
       volumes:
         - name: exim-config
@@ -50,11 +50,14 @@ spec:
         - name: tls-cert
           secret:
             secretName: exim-forwarder-cert
+            defaultMode: 0644
             items:
               - key: tls.crt
                 path: server.crt
+                mode: 0644
               - key: tls.key
                 path: server.key
+                mode: 0400
 ---
 apiVersion: v1
 kind: Service
diff --git a/exim.conf b/exim.conf
index 3dd284d..736ea40 100644
--- a/exim.conf
+++ b/exim.conf
@@ -1,8 +1,8 @@
 domainlist forward_domains = lsearch;/etc/exim/db/forward_domains
 
 tls_advertise_hosts = *
-tls_certificate = /etc/exim/db/server.crt
-tls_privatekey = /etc/exim/db/server.key
+tls_certificate = /etc/exim/ssl/server.crt
+tls_privatekey = /etc/exim/ssl/server.key
 
 
 # acl_smtp_connect = acl_connect