You need to be more clear here. When you say Gmail account on port 587 I don’t entirely understand what you are doing. Are you using Gmail as upstream smarthost?
This does not then have any bearing on what clients see or react to, as your server acts as a proxy to Gmail. If the iOS mail client complains about certificate being untrusted, its because the Let’s encrypt root is not imported or trusted, or that the entire chain excluding the root certificate, is not sent. Note that Let’s encrypt is a pretty new actor so if your iOS device is old, it will always untrust. Try visiting a site that has Let’s encrypt deployed. If you get cert errors, this is the case. Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Steve Jenkins Skickat: den 15 november 2016 03:08 Till: postfix users <postfix-users@postfix.org> Ämne: Let's Encrypt + Postfix TLS + iOS Mail I've had TLS working great on my Postfix servers for years, and I recently tried switching one of my boxes to a Let's Encrypt certificate. A Gmail test account using TLS on port 587 works fine, but the iOS mail client complains about the certificate being untrusted. Further digging shows it doesn't like the CA. I added the fullchain.pem file to the '/etc/postfix/ssl/cacert.pem' I use for 'smtpd_tls_CAfile' but that doesn't fix anything. Has anyone been able to get an iOS mail client to use a Postfix SMTP server with TLS? Here are my current (working) TLS-related entries in main.cf <http://main.cf> : # postconf -n | grep tls smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/example.com.crt smtpd_tls_key_file = /etc/pki/tls/private/example.com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may It breaks (on iOS) if I change the smtpd_tls_cert_file and smtpd_tls_key_file to the Let's Encrypt cert and key. Thanks, SteveJ
smime.p7s
Description: S/MIME Cryptographic Signature
