postfix/smtp: certificate verification failed for gmail

We host our emails at gmail and on our new server keep getting the following message in /var/log/mail.err:

Apr 9 21:08:16 xxxxxx postfix/smtp[nnnnn]: certificate verification failed for gmail-smtp-in.l.google.com[173.194.70.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
I tried downloading and rehashing the certificates, but it didn’t make this error disappear until I figured out the solution to this problem was much simpler:

/etc/ssl/certs/ca-certificates.crt (or actually the file referenced by this link) contains all the CA certificates of root CAs and intermediate CA certificates. And all I needed to do was to tell postfix to load this file, by adding the following line to /etc/postfix/main.cf

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
And restarting postfix:

# service postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.

And when sending a new email, no error message !

postfix/smtp: invalid sender domain (misconfigured dns?) (in reply to RCPT TO command)

A few days ago, we switched a newsletter function on our new server and got the following error messages in syslog:

Mar 28 18:17:50 xxxxxx postfix/smtp[29479]: 65EA137AE460:
host xxx.xxx.com[nnn.nnn.nnn.nnn] said: 421 invalid sender domain
‘yyy.yyy.com’ (misconfigured dns?) (in reply to RCPT TO command)


Mar 28 18:17:50 xxxxxx postfix/smtp[29479]: 65EA137AE460:
to=<zzz@zzzzzz.com>,
relay=xxx.xxx.com[nnn.nnn.nnn.nnn]:25, delay=0.51,
delays=0/0/0.26/0.24, dsn=4.0.0, status=deferred (host
xxx.xxx.com[nnn.nnn.nnn.nnn] said: 421 invalid sender domain
‘yyy.yyy.com’ (misconfigured dns?) (in reply to RCPT TO
command))

The problem was that when our server was installed the mail name (in /etc/mailname) was set to some defaults (in our case debian.vaultronserver.de) which doesn’t match our hostname or any DNS entry related to our server. It should actually have been the fully qualified name of our server.


The problem was quickly solved by updating /etc/mailname:

hostname -A > /etc/mailname

And restarting postfix:

/etc/init.d/postfix restart