You're getting that message because you're using a self-signed SSL certificate, which is the default for iRedMail. You have three options:

1. Don't use SSL (not recommended)

2. Make an exception for your self-signed certificate in Outlook. Every person who uses email on your server will need to do this. http://support.microsoft.com/kb/2006728 - Doing this will not get rid of the message when accessing webmail though.

3. Purchase an SSL certificate. They're only $9.99/year at name.com and easy to set up, you just need to replace iRedMail's certificate file with the paid one. This is best option. (StartSSL actually offers free certificates, but I'm not sure how good they are... I'd rather just pay $10/yr to a reputable company)

Thank you for your answer.

One more thing, in first I thought that because of this windows people from IP get banned (they press no or ignore it) but I finally figure out why they get banned. Fail2ban keep ban this IP because two people had in their outbox email to the incorrect email address and while Windows Live synchronize it keep trying to send this messages (I have no idea how they were able to work like this and it was not pissing them off). They are in other office and I was not able to just check their mail program. Finally I found this wrong address in logs at the server.

One of the email was in the server domain for example maail@mydomain.com (double letters befor @) an other was mail@otherdomain.co (missing m at the end). And finally my question why fail2ban keep banning this IP ? It was because of mistake at mydomain.com ?

I know that it was over one month but i have to get back to this problem with banning IP.

Today I had the same situation aaa@mydomain.com try to send e-mail to bbb@mydomain.com (bbb@mydomian.com does not exist) and after couple tryouts IP of aaa@mydomain.com get banned by Fail2Ban-Postfix.

What can I check more?

Is it possible to set some kind of delivery error, because employes don't check the outgoing folder and just keeping sending next e-mails which don't get send because of the problem with this first one. Maybe the message could be just send and in sometime send some error e-mail to the sender?

I have to go back for this old thread, sorry.

I've used hdco tip number 2 (i use windows live so it looks a little bit different), I've extracted .crt file from iRedMail_CA.pem, i've added this .crt to windows live but now I get:

"The server you are connect to is using a security certificate that could not be verified.
The certificate's CN name does not match the passed value.
Do you want to continue using this server? YES or NO?"

CN in my .crt is the name of the server and I have couple of domains so I'm not able to set one fixed CN