Postfix: Untrusted TLS connection established

How to link the ca-certificates in your Postfix configuration.


By. Jacob

Edited: 2023-08-09 00:26

Untrusted TLS connection established

By randomness I discovered I had misconfigured my TLS certificate settings on my postfix server. A command you can use to check for this is:

grep -ri "Untrusted TLS connection" /var/log/mail.log

1. To fix this issue you may need to load the CA-Certificates in Postfix configuration:

sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
sudo postfix reload

Alternatively, open up the /etc/postfix/ file and add it to the end of the file manually. E.g:

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

2. After doing this you can try to grep for trusted TLS... in the mail.log:

grep -ri "Trusted TLS connection" /var/log/mail.log

It should output Trusted TLS connection established in the terminal, which means the ca-certs were linked successfully.

If this is not working, repeat the last step after installing the CA-Certificates:

sudo apt install ca-certificates

Tell us what you think:

  1. We can find out if Postfix was hacked by reading the mail and syslog files, learn what to look for in this article.
  2. Configure Postfix to check SPF records and fight e-mail spoofing.
  3. How to use SPF records to increase the likelihood that your e-mails will be received and not go to spam.
  4. How to block sender e-mail addresses and domains in Postfix to effectively eliminate marketing spam.

More in: Postfix