I was remodeling my e-mail infrastructure and I ran into an issue about my PfSense TLS emailing.I had this error :
My configuration looks nice
PfSense isn't that good for providing email logs, so I decided to go deeper with a packet analysis. In Diagnotics => Packet Capture
Focusing on LAN interface and HOST 10.0.0.43 (my internal email server)
I pressed start, tested the email notification and stopped, then opened the downloaded .cap with wireshard.
"Unknow CA", PfSense was rejecting my certificate because the CA is unknow, first I was like : how is it possible, I imported it in the Cert manager and then I remembered that it doesn't help for OS checking.
I added the CA this way :