Paul's Programming Notes     Archive     Feed     Github

Sendmail/STARTTLS verify=FAIL



Oct 19 14:04:34 Billing sm-mta[17583]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-RC4-SHA, bits=128/128

If you see those errors in your mail.log and your emails are failing to send, you need to add your ssl cert from apache to the sendmail config in /etc/mail/sendmail.cf:
# CA directory
O CACertPath=/etc/apache2/ssl
# CA file
O CACertFile=/etc/apache2/ssl/example.ca-bundle
# Server Cert
O ServerCertFile=/etc/apache2/ssl/example.cert
# Server private key
O ServerKeyFile=/etc/apache2/ssl/example.key