Thanks to @gamartin for posting their problem and their fix
This is additionally the case for External Account Downloads to pop.gmail.comWe ran into an issue yesterday of getting "TCPConnection - TLS/SSL handshake failed. Session Id: 151, Remote IP: 209.85.147.109, Error code: 336134278, Message: certificate verify failed" when using the stmp.gmail.com and stmp-relay.gmail.com on ports 465 and 587.
The easy fix (unsecure) is to deselect the checkbox 'Verify remote server SSL/TLS certificates' check box in SSL/TLS in the hMailserver Admin GUI. This stops ALL certificate verification and could open your server up for a man-in-the-middle attack.
The correct fix (much more secure) is to leave hmailserver to 'verify remote server SSL/TLS certificates' and to install all of the root CA and Subordinate CA certificates individually that are detailed on this page https://pki.goog/
Google have created their own (self signed) CAs, and I can't see that Microsoft has installed them automatically yet, but that may happen in a future windows update.
To install the certificates manually, download the PEM certs, and then double click on them and let the windows certificate installer handle the installation.
Currently there are 15 PEM certs that need to ALL be installed - but this number may change.
In the Windows Certificate installer select that all certificates get installed for 'local machine' as opposed to 'current user', but other wise defaults are fine.
Took me about 30 seconds each to download and install these certificates, so should take less than 10 minutes all up.