SMTP Untrusted TLS connection still sending emails

postfix smtp mac-osx-server amazon-ses smtp-auth

In TLS the term “untrusted” is not the same as “not encrypted“. As you can see from the subsequent cipher and key strength in your log the communication is encrypted.

In TLS the trust relates to how to verify that the certificates used actually belong to the entity that presents them.
You can still use a certificate when you don’t verify it or when verification fails (if you want to).

————————

The postfix TLS manual: http://www.postfix.org/TLS_README.html excerpt :

To verify a remote SMTP client certificate, the Postfix SMTP server needs to trust the certificates of the issuing Certification Authorities. These certificates in "PEM" format can be stored in a single $smtpd_tls_CAfile or in multiple files, one CA per file in the $smtpd_tls_CApathdirectory. If you use a directory, don't forget to create the necessary "hash" links with:

# $OPENSSL_HOME/bin/c_rehash /path/to/directory

The $smtpd_tls_CAfile contains the CA certificates of one or more trusted CAs. The file is opened (with root privileges) before Postfix enters the optional chroot jail and so need not be accessible from inside the chroot jail.

Additional trusted CAs can be specified via the $smtpd_tls_CApath directory

Related

how to disable run via search on Windows 10?
Are we still limited by TCP Window Size when we want to fully utilize bandwidth from far away servers? [closed]
Deploying nodejs app using npx http-server and Nginx
How to handle a pretty URL in nginx that is not calling index.php from the root folder?
Cannot upgrade Debian Jessie to Stable because of deb.sury PHP PPA
Don't accept RDNSS from router announcements in Linux
How does TLD DNS server find the specific authoritative nameserver containing required information?
Dozens of <defunct> processes [closed]
How can I set the source port for an SSH command-line client? [closed]
How to set static ip on Hyper-V vm when host has one network card? [closed]
Set gateway per interface in DNSMasq
how to limit traffic usage per user?