certificate error
in [Postfix]
|
From: "Davy Leon" on 7 Jan 2010 08:51 Hi folks I'm getting this message in my /var/log/maillog everytime postfix delivers a message. The message is delivered, but it logs this message. How can I solve this? Thanks Davy Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed for smarthost.example.com: num=20:unable to get local issuer certificate Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed for smarthost.example.com: num=27:certificate not trusted Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed for smarthost.example.com: num=21:unable to verify the first certificate
From: Barney Desmond on 7 Jan 2010 09:44 2010/1/8 Davy Leon <davy(a)scu.escambray.com.cu>: > I'm getting this message in my /var/log/maillog everytime postfix delivers a > message. The message is delivered, but it logs this message. How can I solve > this? > > Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed > for smarthost.example.com: num=20:unable to get local issuer certificate > Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed > for smarthost.example.com: num=27:certificate not trusted > Jan 6 18:17:25 centrino postfix/smtp[3699]: certificate verification failed > for smarthost.example.com: num=21:unable to verify the first certificate I'm not certain, but it sounds like your Postfix is setup to do opportunistic TLS in the SMTP client, which is fine. I believe it's saying that the certificate-signer's identity (the CA) can't be verified, which is expected if smarthost.example.com has a self-signed cert (just one explanation). This may clarify things for you: http://www.postfix.org/postconf.5.html#smtp_tls_CAfile I wouldn't worry too much though, hardly any public SMTP servers out there have "proper" signed certificates. Correctly configured and verifiable chains of trust on the internet are pretty rare, and offer little real value unless you have a defined policy and enforce the use of TLS accordingly.
|
Pages: 1 Prev: ssh tunnel triggered on usage? Next: Tie a mail with log files? |