----- Original Message -----
From: rei <reinl...@gmail.com>
To: postfix-users@postfix.org
Sent: Tuesday, September 6, 2016 10:30 AM
Subject: Re: SSL3 alert read:fatal:unknown CA
>Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
> connect from xxx.com[159.203.103.xxx]
1) smtpd
2) connect from
This is an inbound connexion to your server. Your server is not sending mail,
it is receiving mail from xxx.com
> Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 read client hello A
client greets your server (read)
> Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL_accept:SSLv3 write server hello A
your server greets back the client (write)
> Sep 4 14:29:00 centos-512mb-nyc3-01 postfix/smtpd[6605]:
SSL3 alert read:fatal:unknown CA
Your client (read) don't recognize the CA of your server's certificate, because
it is self-signed. If you are sending mail from a mail client, configure it to
1) trust certificates
2) or not verifying them
3) or find a way to install your CA certificate on the client.
Obviously, you need to do this for all the clients...
An alternative would be to get a letsencrypt certificate instead. That would
work for most clients.
