postfix to gmail error

postfix gmail

Solution 1:

These two errors are unrelated.

  • The first is an indication that you don't have installed the necessary root certificates to reliable check the identity of Google's servers, but are nevertheless trying to use SSL encrypted SMTP. You have two options, the first being to deactivate SSL for mail delivery, which is IMHO an acceptable solution if you don't use Google's server as a mail relay. The second would be to install the certificate chain for Google's servers, or even better a full stack of SSL root certificates and tell Postfix where to find them. How this is done is a little bit dependent on the system you are using Postfix on, which you don't name.
  • The second error is an indication that your mail system is badly configured and Google's spam filter just consider mails from your system as spam. This might have multiple reasons, among them that you might be an open relay, that your DNS entries are incorrect or you might listed in some DNSBL lists (for being an open relay or for sending out spam). You will find a multitude of questions on ServerFault that deals with those topics.

Solution 2:

Google switched the Certificate to Equifax.

You can download the certificate from: https://www.geotrust.com/resources/root-certificates/index.html (download the Root 1 - Equifax Secure Certificate Authority as DER encoded X.509)

After downloading it you have to convert it to a pem:

openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer -out Equifax_Secure_Certificate_Authority_DER.pem

Now you can verfiy the certificate:

openssl verify Equifax_Secure_Certificate_Authority_DER.pem

Last you have to add the pem to your certificate folder. In Debian this is /etc/ssl/certs

I also added it to /etc/ssl/certs/ca-certificates.crt with

cat Equifac_Secure_Certificate_Authority_DER.pem >> /etc/ssl/certs/ca-certificates.crt

and include this crt in my postfix configuration:

smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt

Related

Count elements in a cyclic group of given order
Apache ServerName uses AlternativeName instead of CommonName
Equivalence of two characterizations of the norm of a quadratic integer.
Does Memcached support IPv6
Path connectedness of the set $\{(x,y):(x+1)^{2}+y^{2}\leq 1\}\cup\{(x,y):y=x\sin(\frac{1}{x}),x>0\}$
PowerCLI: Run commands in virtual-machine
separately continuous functions $f: \mathbb{R}^2 \rightarrow \mathbb{R}$ but nowhere continuous
IIS slows down at 1000 concurrent connections
Number of roots of a sequence of a uniformly convergent holomorphic functions implies an upper bound for the number of roots of their limit
Remote desktop for Mac, over internet
Pseudo metric spaces are not Hausdorff.
Speed of copying files on a remote server