On 2010-09-14 07:24, Richard Chapman wrote: >> >> Sep 13 23:18:48 C5 postfix/smtpd[15614]: connect from unknown[192.168.0.166] >> Sep 13 23:18:48 C5 postfix/smtpd[15614]: 2CA8A1D2145A: >> client=unknown[192.168.0.166], sasl_method=PLAIN, sasl_username=richard >> Sep 13 23:18:48 C5 postfix/cleanup[15617]: 2CA8A1D2145A: >> message-id=<4c8e40d7.6050...@aardvark.com.au> >> Sep 13 23:18:48 C5 postfix/qmgr[12588]: 2CA8A1D2145A: >> from=<rchap...@aardvark.com.au>, size=665, nrcpt=1 (queue active) >> Sep 13 23:18:48 C5 postfix/smtpd[15614]: disconnect from >> unknown[192.168.0.166] >> Sep 13 23:18:51 C5 postfix/smtp[15618]: certificate verification failed for >> smtp.gmail.com: num=20:unable to get local issuer certificate >> Sep 13 23:18:51 C5 postfix/smtp[15618]: certificate verification failed for >> smtp.gmail.com: num=27:certificate not trusted >> Sep 13 23:18:58 C5 postfix/smtp[15618]: 2CA8A1D2145A: >> to=<chapman.rich...@gmail.com>, relay=smtp.gmail.com[74.125.155.109]:587, >> delay=10, delays=0.06/0.02/5.5/4.5, dsn=2.0.0, status=sent (250 2.0.0 OK >> 1284391138 x9sm12249437waj.15) >> Sep 13 23:18:58 C5 postfix/qmgr[12588]: 2CA8A1D2145A: removed >> >> > > As discussed earlier - postfix is completely innocent here. The > problem is with my google apps relay configuration. > >> BTW: Do you know how to fix the "Certificate verification failed" >> warnings above - though they don't seem to have any averse affect on >> mail delivery? I assume I need to establish some root certificate >> trust somehow. >> > > I would still appreciate any advice on this one...
Not sure; I guess Google doesn't send the full verification chain and expects you to have the right CA certs loaded, check http://www.postfix.org/TLS_README.html for more information. You can use "openssl s_client -CApath /some/where -showcerts -starttls -connect smtp.gmail.com:587" to show and test the verification chain.
