Certificates and DynDNS

Discussion in 'Server Operation' started by usuee, Oct 15, 2006.

  1. usuee

    usuee New Member

    Another noob trying hard to learn the art of Linux web hosting. After three tries I finally got my web server and ftp server working correctly and then started working on the mail server. Another few reloads and I still can't get it working but I think I am getting closer.

    The current problem is I don't have the GeoTRUST ssl certificate loading on my local machine and the mail log is giving me this...

    Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=20:unable to get local issuer certificate
    Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=27:certificate not trusted
    Oct 15 08:42:05 rich postfix/smtp[3361]: certificate verification failed for outbound.mailhop.org: num=21:unable to verify the first certificate
    Oct 15 08:42:06 rich postfix/smtp[3361]: Server certificate could not be verified

    I asked the people at DynDNS and they said it was the certificate that I needed loaded. Here is the link they sent..


    I went there and I don't have a clue what to do.

    Will anyone help me out?

    Thanks for any help I can get.

  2. usuee

    usuee New Member


    Well I found a web page talking about how to install the root certificate. I downloaded it, moved it to the /etc/postfix/ssl directory, renamed it to .pem and then did the command c_rehash /etc/postfix/ssl. Tried to send mail again and nothing changed. Then I added it to my main.cf by adding the line smtp_tls_CAfile = /etc/postfix/ssl/GeoTrust_Global_CA.pem. Tried again and still no go.

    Here is my main.cf...

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    append_dot_mydomain = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    myhostname = server1.example.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = server1.example.com, localhost.example.com, localhost
    relayhost = outbound.mailhop.org
    mynetworks =,
    mailbox_command =
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    #smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtp_tls_CAfile = /etc/postfix/ssl/GeoTrust_Global_CA.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    (changed the host name to server1.example.com)

    Here is my ssl directory...
    [email protected]:/etc/postfix/ssl# ls
    4dd18fdb.0 7999be0d.0 cacert.pem cakey.pem GeoTrust_Global_CA.cer GeoTrust_Global_CA.pem smtpd.crt smtpd.csr smtpd.key

    Is it just me or are mail servers tricky beasts? :)
  3. falko

    falko Super Moderator ISPConfig Developer

Share This Page