I'm trying to set up postfix to send mail through Gmail's SMTP server on port 587. Here's what I've put in my /etc/postfix/main.cf:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
However, I'm running into TLS problem since /etc/postfix/cacert.pem, which seems to be suggested everywhere online, doesn't really exist on my system (OS X 10.9.3).
Therefore, what is the right CAfile to use? Any help is greatly appreciated.
On a side note, for now I'm using the workaround
smtp_tls_security_level = may
which works. However, I suppose this is a cheap fix, and I'm worried about the security.
Best Answer
The option specifies where the root certificates of the trusted issuers are located.
On OS X they are stored in the Keychain.
You can extract them with
And then
Edit Keep in mind that when Apple updates the root certificates in the Keychain you will have to export them again.