solution to certificate verification failed for smtp.gmail.com via update Equifax Secure Certificate Authority

copyright (C) qingfeng Xia 2011-2020 CC-BY-NC 4.0

===================================
solution to certificate verification failed for smtp.gmail.com
via update Equifax Secure Certificate Authority
====================================
Error: in  /var/log/mail.log
May 28 12:39:10 services@iesensor.com postfix/smtp[10839]:
Untrusted TLS connection established to smtp.gmail.com
[209.85.143.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits)
certificate verification failed for smtp.gmail.com[209.85.143.109]:587:
untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
--------------------

No matter you Setup the Gmail certification using the any turial,
just look up smtpd_tls_CAfile= in main.cf
# there is no dash/undersocre  between `CA` and `file` for :  `CAfile`
smtpd_tls_CAfile = /etc/postfix/cacert.pem

https://www.geotrust.com/resources/root-certificates/index.html
#Download the first Root CA 1;   and use the DER version
openssl x509 -inform der -in Equifax_Secure_Certificate_Authority_DER.cer
-out Equifax_Secure_Certificate_Authority.pem

#also yo can test the certificate by typing at the command promt
openssl verify Equifax_Secure_Certificate_Authority.pem

#append this file content pem to the end of your file:  cacert.pem

sudo postfix reload

test with your mail/script
for example:
===================================================
#!/usr/bin/python
import smtplib

sender = 'services@iesensor.com'
receivers = ['services@iesensor.com']

message = """From: From Person <services@iesensor.com>
To: To Person <services@iesensor.com>
Subject: SMTP e-mail test from services@iesensor.com

This is a test e-mail message from services@iesensor.com.
"""

try:
   smtpObj = smtplib.SMTP('localhost')
   smtpObj.sendmail(sender, receivers, message)
   print "Successfully sent email"
except SMTPException:
   print "Error: unable to send email"
==============================================



CC-BY-NC 4.0 licensed free for non-commercial usage
Author: Qingfeng XIA
copyright (C) 2011-2020
http://www.iesensor.com
please keep the original link in your reference.
http://www.iesensor.com/blog/2011/05/28/solution-to-certificate-verification-failed-for-smtp-gmail-com-via-update-equifax-secure-certificate-authority/
This entry was posted in Uncategorized. Bookmark the permalink.