Google Apps Email and Postfix ... the ultimate headache

Filed Under: android (tips)

May 06 2010

So I just spent a couple of hours last night knocking my head wondering why my postfix configuration on my server stopped working. I currently use Google Apps email services (which are free btw) for the email on this server and I have postfix setup to relay any mail the server has through Google Apps. It's been running great for the past 2 months but suddenly I noticed it was acting up. I got several errors like this: May 6 05:53:46 kwasik postfix/smtp[20753]: certificate verification failed for smtp.gmail.com[74.125.113.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority May 6 05:53:46 kwasik postfix/smtp[20753]: 25CF63C05A: to=, relay=smtp.gmail.com[74.125.113.109]:587, delay=2509, delays=2509/0.16/0.26/0, dsn=4.7.5, status=deferred (Server certificate not trusted)

At first, I thought something went wrong with my SSL certificates, so I tried re-doing those. No luck. Several hours later, I stumbled upon this: http://www.google.com/support/forum/p/gmail/thread?tid=7e4a679f5917149e&hl=en

Seems Google decided to change their Certificate Authority.. instead of using Thawte, they're now using Equifax (no wonder Equifax kept popping up in my log). Anyways the simple fix (run as root):

cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem

Mind you, the above applies to Debian 5.0, but it should at least help you on your way to fixing the problem.

Comments

SG: where's the vidz!?!?

Ventz: Hey -- Thanks for posting this!