Patrick: I tried manually sending a test message using the -CAfile argument to openssl. I do not get a complaint about the self signed certificate, but I still get the no valid recipients error, so it looks like the problem lies somewhere in my configuration of postfix, not the SSL certificate.
I am going to investigate, but appreciate if you have any suggestions. Thanks, Neil -- Neil Aggarwal, (972)834-1565, http://UnmeteredVPS.net/centos Virtual private server with CentOS 6 preinstalled Unmetered bandwidth = no overage charges -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Neil Aggarwal Sent: Saturday, June 23, 2012 8:11 AM To: postfix-users@postfix.org Subject: RE: Trouble using StartSSL certificate for tls Patrick: > openssl s_client -connect mail.nsa-lp.com:25 -starttls smtp -CAfile > /etc/ssl/ca-bundle.cer The complaint about the self signed certificate disappears when I do that. So, it seems the problem is that openssl does not recognize the CA cert. > The SMTP server is dispassionate about your certificates state. It simply > sends it. It's the client that complains, because it has to decide whether it > is willing to accept what the server sends or not. Hmmm. I was testing this because Outlook is not able to send a test message through my server. It was able to get email using pop3s which uses the same certificate so Outlook does know about the root CA. I am not sure how to fix what is going on. Any suggestions? Thanks, Neil -- Neil Aggarwal, (972)834-1565, http://UnmeteredVPS.net/centos Virtual private server with CentOS 6 preinstalled Unmetered bandwidth = no overage charges
