- 10:00 AM
- 2 Comments
So I just spent a couple of hours last night knocking my head wondering why my postfix configuration on my server stopped working. I currently use Google Apps email services (which are free btw) for the email on this server and I have postfix setup to relay any mail the server has through Google Apps.
It’s been running great for the past 2 months but suddenly I noticed it was acting up. I got several errors like this:
May 6 05:53:46 kwasik postfix/smtp: certificate verification failed for smtp.gmail.com[126.96.36.199]:587:
untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
May 6 05:53:46 kwasik postfix/smtp: 25CF63C05A: to=, relay=smtp.gmail.com[188.8.131.52]:587, delay=2509, delays=2509/0.16/0.26/0, dsn=4.7.5, status=deferred (Server certificate not trusted)
At first, I thought something went wrong with my SSL certificates, so I tried re-doing those. No luck. Several hours later, I stumbled upon this:
Seems Google decided to change their Certificate Authority.. instead of using Thawte, they’re now using Equifax (no wonder Equifax kept popping up in my log).
Anyways the simple fix (run as root):
cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem
Mind you, the above applies to Debian 5.0, but it should at least help you on your way to fixing the problem.