Hi all, I've been scouring the internet trying to find someone who's done this before, and am at a loss.
I've got Postfix set up as a Smart Host for sending SMTP email from Exchange 2010 (Small Business Server 2011). My problem is that I can't get TLS to work. The error message I get back in Exchange is: [451 4.4.0 Primary target IP address responded with: "454 4.7.5 Certificate validation failure." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.] Postfix doesn't seem to be reporting any errors. I am using self-signed certs on both the Exchange server and the Postfix server, and have added both signed-cert.crt and ca.crt to the trusted certificate store in Exchange. Below are key areas of main.cf: # SASL smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = no smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = # TLS parameters smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_cert_file = /etc/postfix/certs/signed-cert.crt smtpd_tls_key_file = /etc/postfix/certs/cert.key smtp_tls_CAfile = /etc/postfix/certs/ca.crt Any thoughts? Anything else I can post to aid in debug? Thanks, Ben
