On Thu, Aug 03, 2017 at 12:19:55PM +0530, hyndavirap...@bel.co.in wrote:
> > He's not posted the configuration of the sending system or
> > its logs. This is a waste of everyone's time.
The relevant logging is the TLS-related logging from the sending
postfix/smtp client process that happens *before* the message is
finally deferred and is enabled via smtp_tls_loglevel=1.
> smtp_enforce_tls = yes
Instead, "smtp_tls_security_level = encrypt".
> smtp_tls_loglevel = 1
> smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
Post the relevant tls policy table entry.
> smtp_use_tls = yes
This is unnecessary.
> transport_maps = hash:/etc/postfix/transportmap
>
> Aug 3 12:11:54 AHQ postfix/smtp[8325]: 4B68168543FC:
> to=<cdr.1cor...@1corphq.tcs.mil.in>, orig_to=<cdr.1cor...@tcs.mil.in>,
> relay=201.123.1.4[201.123.1.4]:25, delay=34, delays=34/0/0/0, dsn=4.7.5,
> status=deferred (Server certificate not verified)
The server certificate failed to verify. Perhaps expired, perhaps
not issued by the CA you've configured, or a missing intermediate
certificate, or the certificate is not suitable for TLS (maybe it
has some other extended key usage), or ...
> Can you help me to solve this problem
Not without the requested logging, and copy of the server and CA
certificates.
--
Viktor.
