Another noob trying hard to learn the art of Linux web hosting. After three tries I finally got my web server and ftp server working correctly and then started working on the mail server. Another few reloads and I still can't get it working but I think I am getting closer.

The current problem is I don't have the GeoTRUST ssl certificate loading on my local machine and the mail log is giving me this...

Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=20:unable to get local issuer certificate
Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=27:certificate not trusted
Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=21:unable to verify the first certificate
Oct 15 08:42:06 rich postfix/smtp[3361]: Server certificate could not be verified

I asked the people at DynDNS and they said it was the certificate that I needed loaded. Here is the link they sent..

http://www.dyndns.com/support/services/mailhop/faq.html#q153

I went there and I don't have a clue what to do.

Will anyone help me out?

Thanks for any help I can get.

usuee

Well I found a web page talking about how to install the root certificate. I downloaded it, moved it to the /etc/postfix/ssl directory, renamed it to .pem and then did the command c_rehash /etc/postfix/ssl. Tried to send mail again and nothing changed. Then I added it to my main.cf by adding the line smtp_tls_CAfile = /etc/postfix/ssl/GeoTrust_Global_CA.pem. Tried again and still no go.

Here is my main.cf...

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost
relayhost = outbound.mailhop.org
mynetworks = 192.168.2.0/28, 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
#smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_CAfile = /etc/postfix/ssl/GeoTrust_Global_CA.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
(changed the host name to server1.example.com)

Here is my ssl directory...
root@server1.example.com:/etc/postfix/ssl# ls
4dd18fdb.0 7999be0d.0 cacert.pem cakey.pem GeoTrust_Global_CA.cer GeoTrust_Global_CA.pem smtpd.crt smtpd.csr smtpd.key

Is it just me or are mail servers tricky beasts? :)

Have a look here: http://wiki.cacert.org/wiki/PostfixConfiguration?highlight=%28postfix%29