[SOLVED] Untrusted Certificate Error

[RthuR]

Hello,

First I'd like to thank everybody here for the wonderfull product that is Zimbra.

I am running Zimbra Opensource 7.1.0 GA on Centos 5.6 x64. After blundering through the install process, I hit a couple of hicups but nothing the wiki couldn't help me with. Everything is now working except for my mail relay which is smtp.googlemail.com

I ran the following commands to set smtp.googlemail.com as a mail relay: (PASSWORD was replaced with the correct password to the account)

Code:

zmprov ms mail.sensero.org zimbraMtaRelayHost smtp.googlemail.com:587
echo smtp.googlemail.com sensero.org@gmail.com:PASSWORD > /opt/zimbra/conf/relay_password
postmap hash:/opt/zimbra/conf/relay_password
postmap -q smtp.googlemail.com /opt/zimbra/conf/relay_password
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
postconf -e smtp_sasl_auth_enable=yes
postconf -e smtp_cname_overrides_servername=no
postfix reload
postconf -e smtp_use_tls=yes
postconf -e smtp_tls_security_level=may
postfix reload
zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmlocalconfig -e postfix_smtp_sasl_security_options=noanonymous
zmlocalconfig -e postfix_smtp_use_tls=yes
zmlocalconfig -e postfix_smtp_cname_overrides_servername=no
zmcontrol restart

But my mails were deffered due to "sasl authentication failed..." By running:

Code:

debug_eer_list=smtphm.sympatico.ca
debug_peer_level=3

I log the following error messages:

Code:

May 17 20:39:02 mail postfix/qmgr[18048]: AA0A616407F0: from=<arthur@sensero.org>, size=2763, nrcpt=1 (queue active)

May 17 20:39:02 mail postfix/smtp[20618]: certificate verification failed for smtp.googlemail.com[209.85.229.16]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

May 17 20:39:02 mail postfix/smtp[20618]: warning: SASL authentication failure: No worthy mechs found

May 17 20:39:02 mail postfix/smtp[20618]: AA0A616407F0: to=<XXX@XXX.com>, relay=smtp.googlemail.com[209.85.229.16]:587, delay=0.62, delays=0.35/0.04/0.22/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.googlemail.com[209.85.229.16]: no mechanism available)

So far I have found that google does not require plaintext authentication, that my /etc/hosts file is correct and that my split DNS functions correctly.

From what I have read, I need to append the Equifax certificate to my cacert.pem file, ecept I cannot find this. I have tried using postconf -e postfix_smtp_tls_CAfile= and set it to a file that contained the Equifax security certificate but that hasnt worked...

Any help would greatly be appreciated!

Arthur

[RthuR]

Does no one know the answer to this? Please help!

[RthuR]

EDIT: Nevermind, the problem apparently wasnt the certificate but the authentication mechanism which was set to no plain text.
Changing it to only noanonymous solved the issue.
See this link: http://wiki.zimbra.com/wiki/Outgoing...roubleshooting