i get the following error after testing (./xsibackup --firstname.lastname@example.org --use-smtp=N) SMTP Server:
verify error:num=20:unable to get local issuer certificate
Firewall rule SMTPout-587 closed.
Mail is not send.
If you are using your own SMTP server, you might need to disable strict full check of certificate chain. XSIBackup's is a self generated key pair. Even if you used the ESXi server's key pair, which is BTW generated on every reboot, it is impossible that the SMTP server can check the full certificate chain up to the issuer's, as there isn't any issuer certificate.
If you are getting this from an ISP, you should call them so that they disable that strict check. Most e-mail users don't have a proper certificate and that check is out of place.
If you are in a corporative environment with strict security measures, you might simply need to just use a different SMTP server. GMail will do it for you.
If you are interested in how certificate chains are built and checked, this is a nice post: https://movingpackets.net/2015/03/16/fi … -commands/
xsi-dir/xsibackup_id_rsa doesnt exists so last call coundnt be performed
O.K., that doesn't really matter. Forget the first part of our answer, we will correct it now.
Your problem is strict certificate chain check, which is incompatible with a tipicall ESXi server, especially in the SME world, where very little people will set up a proper certificate structure up to the issuer (Verisign, Thawte, etc...)
So get your mailmaster to remove that check, or swap to a different SMTP server.
how do i do this on postfix?
Registered an Gmail account
Configuring an SMTP server with encryption is not a trivial task, you need to know, not only the basics of the SMTP protocol and its most used extensions, but also OpenSSL, the hierarchy of an SSL certificate and how to configure the SMTP options in regards to checking the integrity of that nested hierarchy. Not to say anti-spam software and setting up filters.
Unless you are going to have some kind of return, setting up and maintaining a full featured SMTP server is not worth the time. Maybe a dummy SMTP with no encryption and a Smart Host relay to be used inside a LAN, like many of our Sysadmin users do, could be worth.