Postfix TLS Errors

Ive been seeing this in my local postfix log:

Dec 10 08:46:50 totoro.local postfix/smtp[59905]: Untrusted TLS connection established to smtp.gmail.com[74.125.142.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits

It wasn't harmful, mail still is sent. But annoying, yes! The fix is simple, I'm on OS X Mountain Lion but the fix is fairly universal.

$ wget https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority_DER.cer
$ openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer -out Equifax_Secure_Certificate_Authority.pem
$ sudo cp Equifax_Secure_Certificate_Authority.pem  /etc/postfix/CAcert.pem

Next you want to check to make sure you have a line in your /etc/postfix/main.cf that points to the CAcert.pem file

smtp_tls_CAfile = /etc/postfix/CAcert.pem

once this is done, you should just need to reload postfix using "sudo postfix reload" and the error should go away!

Show Comments