Sign in Subscribe
By Ray Slakinski in Software

Postfix TLS Errors

Ive been seeing this in my local postfix log:

Dec 10 08:46:50 totoro.local postfix/smtp[59905]: Untrusted TLS connection established to smtp.gmail.com[74.125.142.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits

It wasn't harmful, mail still is sent. But annoying, yes! The fix is simple, I'm on OS X Mountain Lion but the fix is fairly universal.

$ wget https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority_DER.cer
$ openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer -out Equifax_Secure_Certificate_Authority.pem
$ sudo cp Equifax_Secure_Certificate_Authority.pem  /etc/postfix/CAcert.pem

Next you want to check to make sure you have a line in your /etc/postfix/main.cf that points to the CAcert.pem file

smtp_tls_CAfile = /etc/postfix/CAcert.pem

once this is done, you should just need to reload postfix using "sudo postfix reload" and the error should go away!

Subscribe to The Slakinski Log

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe