Another email server issue.

Coincidentally, I noticed an error in the maillog when sending to my email address.

Mar 2 15:13:40 mail postfix/smtp[28811]: certificate verification failed for mail.xxxxx.ca[144.217.111.73]:25: untrusted issuer /O=Digital Signature Trust Co./CN=DST Root CA X3

As it turned out, there was nothing wrong with the certificate or the issuer on the receiving end.

It was the sender (client) which didn’t have the certificate authority (CA) data loaded.

All I needed to do was to add a smtp_tls_CAfile directive within postfix’s main.cf file.

In addition to adding smtp_tls_CAfile to the Postfix configuration, it also might be worthwhile to ensure that your CA bundle file is up-to-date on your machine you are sending from. On CentOS 6, Poking around in /etc/ssl/certs, I noticed that the file ca-bundle.crt was from 2015, with a ca-bundle.crt.rpmnew from 2018 beside it, via the package manager.