> From: Odhiambo Washington
> Of late I am having difficulties delivering mail to users on Yahoo who are
> subscribed to a mailing list that I run for the community.
> The following error fills my log:
>
> 2015-12-08 18:58:29 Start queue run: pid=7681
> 2015-12-08 18:58:31 1a4rOm-000Cmj-TP [188.125.69.79] SSL verify error:
> depth=2 error=unable to get local issuer certificate cert=/
> C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc.
> - For authorized use only/CN=VeriSign Class 3 Public Pr
> imary Certification Authority - G5
> root@gw:/var/spool/exim/db # exim -bV
> OpenSSL Content_Scanning DKIM Old_Demime DNSSEC PRDR OCSP
> From: Graeme Fowler
> That shouldn't be causing you delivery problems, that's just Exim
> logging certificate validation errors
For less such warnings logged, openssl should be given root certificate file.
In case of FreeBSD install the ca_root_nss port
(it installs /usr/local/openssl/cert.pem ) and restart Exim.
In FreeBSD if Exim uses openssl from base (not from ports) then
in `make config` make sure the option is checked:
"add symlink to /etc/ssl/cert.pem".
Unrelated to this error (or rather warning) message:
for better delivery to yahoo I use:
begin routers
remote_domains_throttled:
driver = dnslookup
domains = \N^yahoo\.\N : rocketmail.com : ymail.com : y7mail.com : \
btinternet.com : btopenworld.com : att.net : sbcglobal.net : rogers.com
retry_use_local_part
transport = throttled_smtp
...
begin transports
throttled_smtp:
driver = smtp
serialize_hosts = *
connection_max_messages = 5
max_rcpt = 9
retry_use_local_part
Also, set up SPF (with ?all at the end), DMARC with p=none,
sign all messages with DKIM (using any domain).
