So I just spent a couple of hours last night knocking my head wondering why my postfix configuration on my server stopped working. I currently use Google Apps email services (which are free btw) for the email on this server and I have postfix setup to relay any mail the server has through Google Apps.

It’s been running great for the past 2 months but suddenly I noticed it was acting up. I got several errors like this:

May 6 05:53:46 kwasik postfix/smtp[20753]: certificate verification failed for smtp.gmail.com[74.125.113.109]:587:
untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority


May 6 05:53:46 kwasik postfix/smtp[20753]: 25CF63C05A: to=, relay=smtp.gmail.com[74.125.113.109]:587, delay=2509, delays=2509/0.16/0.26/0, dsn=4.7.5, status=deferred (Server certificate not trusted)


At first, I thought something went wrong with my SSL certificates, so I tried re-doing those. No luck. Several hours later, I stumbled upon this:

http://www.google.com/support/forum/p/gmail/thread?tid=7e4a679f5917149e&hl=en

Seems Google decided to change their Certificate Authority.. instead of using Thawte, they’re now using Equifax (no wonder Equifax kept popping up in my log).

Anyways the simple fix (run as root):

cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem

Mind you, the above applies to Debian 5.0, but it should at least help you on your way to fixing the problem.

This is just to note to transition from CuteNews to WordPress. I didn’t bother with transferring over the old news items, so it’ll be a fresh start!

The custom theme I made for WordPress so it would integrate with the rest of the site is still incomplete so let me know if you notice any bugs. Thanks!