Outgoing mail delivery to Gmail (or other server which has SSL enabled and configured with valid certificate) accounts fails with error in
from=<email@example.com>, size=666, nrcpt=1 (queue active)
certificate verification failed for gmail-smtp-in.l.google.com: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Note: There may be another address of Gmail's SMTP server, like
aspmx.l.google.com . This solution is valid for any cases where messages contain
untrusted issuer string.
Certificate Authority (CA) certificate is missing in
The server does not trust valid CAs.
Make sure that file
/etc/pki/tls/certs/ca-bundle.crtexists (it contains information about valid CAs).
Update OpenSSL package if possible in order to get fresh version of CA bundle.
/etc/postfix/main.cffile as shown below:
# grep smtp_tls_CAfile /etc/postfix/main.cf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
Restart postfix daemon to apply the changes:
# /etc/init.d/postfix restart
Stopping postfix: [ OK ]
Starting postfix: [ OK ]