We host our emails at gmail and on our new server keep getting the following message in /var/log/mail.err:
Apr 9 21:08:16 xxxxxx postfix/smtp[nnnnn]: certificate verification failed for gmail-smtp-in.l.google.com[220.127.116.11]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
I tried downloading and rehashing the certificates, but it didn’t make this error disappear until I figured out the solution to this problem was much simpler:
/etc/ssl/certs/ca-certificates.crt (or actually the file referenced by this link) contains all the CA certificates of root CAs and intermediate CA certificates. And all I needed to do was to tell postfix to load this file, by adding the following line to /etc/postfix/main.cf
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
And restarting postfix:
# service postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
And when sending a new email, no error message !