I'm having a hard time with verifying certificates of remote servers
when trying to encrypt and verify using TLS.
I'm using ubuntu. Here are the relevant entries in main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
For instance, if I set gmail.com as follows in tls_policy:
gmail.com encrypt
that works fine
However, if I set it to:
gmail.com secure
I get the following error:
Nov 21 12:52:19 smtp postfix/smtp[17859]: 9277043E30:
to=<some...@gmail.com>,
relay=alt4.gmail-smtp-in.l.google.com[74.125.136.26]:25, delay=5.7,
delays=0.05/0.02/5.7/0, dsn=4.7.5, status=deferred (Server certificate
not verified)
I've tried this with two other domains that use 3rd party CAs with the
exact same results.
I would appreciate some help on this
Thanks
