I've had TLS working great on my Postfix servers for years, and I recently tried switching one of my boxes to a Let's Encrypt certificate. A Gmail test account using TLS on port 587 works fine, but the iOS mail client complains about the certificate being untrusted. Further digging shows it doesn't like the CA.
I added the fullchain.pem file to the '/etc/postfix/ssl/cacert.pem' I use for 'smtpd_tls_CAfile' but that doesn't fix anything. Has anyone been able to get an iOS mail client to use a Postfix SMTP server with TLS? Here are my current (working) TLS-related entries in main.cf: # postconf -n | grep tls smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt smtpd_tls_key_file = /etc/pki/tls/private/example.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may It breaks (on iOS) if I change the smtpd_tls_cert_file and smtpd_tls_key_file to the Let's Encrypt cert and key. Thanks, SteveJ
