postfix to gmail error
Solution 1:
These two errors are unrelated.
- The first is an indication that you don't have installed the necessary root certificates to reliable check the identity of Google's servers, but are nevertheless trying to use SSL encrypted SMTP. You have two options, the first being to deactivate SSL for mail delivery, which is IMHO an acceptable solution if you don't use Google's server as a mail relay. The second would be to install the certificate chain for Google's servers, or even better a full stack of SSL root certificates and tell Postfix where to find them. How this is done is a little bit dependent on the system you are using Postfix on, which you don't name.
- The second error is an indication that your mail system is badly configured and Google's spam filter just consider mails from your system as spam. This might have multiple reasons, among them that you might be an open relay, that your DNS entries are incorrect or you might listed in some DNSBL lists (for being an open relay or for sending out spam). You will find a multitude of questions on ServerFault that deals with those topics.
Solution 2:
Google switched the Certificate to Equifax.
You can download the certificate from: https://www.geotrust.com/resources/root-certificates/index.html (download the Root 1 - Equifax Secure Certificate Authority as DER encoded X.509)
After downloading it you have to convert it to a pem:
openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer -out Equifax_Secure_Certificate_Authority_DER.pem
Now you can verfiy the certificate:
openssl verify Equifax_Secure_Certificate_Authority_DER.pem
Last you have to add the pem to your certificate folder. In Debian this is /etc/ssl/certs
I also added it to /etc/ssl/certs/ca-certificates.crt with
cat Equifac_Secure_Certificate_Authority_DER.pem >> /etc/ssl/certs/ca-certificates.crt
and include this crt in my postfix configuration:
smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt