Hi -
I am running Postfix 3.6.4 with Dovecot 2.3.17.1 (476cd46418). I have a multi-signed cert from Entrust. The cert works fine on port 25. However, on Port 587 I get an error: c [root@mcq wbs]# openssl s_client -connect mcq.sbanetweb.com:993 -servername mcq.sbanetweb.com CONNECTED(00000003) depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN = mcq.sbanetweb.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN = mcq.sbanetweb.com verify error:num=21:unable to verify the first certificate verify return:1 depth=0 C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN = mcq.sbanetweb.com verify return:1 --- Certificate chain 0 s:C = US, ST = New York, L = Bellmore, O = SBA Consulting LTD, CN = mcq.sbanetweb.com i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms <http://www.entrust.net/legal-terms> , OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K [root@mcq wbs]# dovecot -n # 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf # OS: Linux 5.16.5-200.fc35.x86_64 x86_64 Fedora release 35 (Thirty Five) # Hostname: mcq.sbanetweb.com auth_mechanisms = plain login disable_plaintext_auth = no mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service submission-login { inet_listener submission { port = 587 } } ssl = required ssl_cert = </etc/postfix/tls/ServerCertificate.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-G CM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AE S128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA25 6:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE- ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES1 28-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE -DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES12 8-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNUL L:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-D ES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_client_ca_dir = /etc/postfix/tls/ ssl_client_ca_file = ChainBundle.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes userdb { driver = passwd } protocol imap { mail_max_userip_connections = 15 } Any ideas? Wayne Spivak SBANETWEB.com