Jeremy Hansen: > > On May 21, 2022, at 4:26 PM, Wietse Venema <wie...@porcupine.org> wrote: > > > > Yes, you ave a mailer loop. > > > > mx1 Receive 7B34152BBDB (2326 bytes) from macbook > > mx1 Deliver 7B34152BBDB to content filter, receive as B8C5452BBDF (4004 > > bytes). > > mx1 Deliver B8C5452BBDF to cmx01 as 4L4tdt0Fk8z2SSLv > > > > cmx01 Receive 4L4tdt0Fk8z2SSLv (4998 bytes) from localhost which was sent > > to 8.10.12.14. > > cmx01 Deliver 4L4tdt0Fk8z2SSLv to NON-POSTFIX SMTP SERVER with UNKNOWN > > QUEUE ID. > > > > There is no logging how the non-postfix smtp server received the message. > > There is no logging how the non-postfix mta forwarded the message to mx1. > > All MTAs involved is postfix. The ciphermail stuff is just basically filters > on top of postfix to encrypt an incoming email if a gpg key exists for the > recipient. > > > > > > mx1 receive 7C32952BBDB (4155 bytes) from cmx01 (NOTE MESSAGE HAS SHRUNK) > > mx1 deliver 7C32952BBDB to content filter, receive as 5918E52BBDF (5537 > > bytes) > > mx1 Deliver 5918E52BBDF to cmx01 as 4L4tdy3tg5z2SSLv > > > > cm01 receive 4L4tdy3tg5z2SSLv (6531 bytes) from localhost which was sent to > > 8.10.12.14 > > cmx01 Deliver 4L4tdy3tg5z2SSLv to NON-POSTFIX SMTP SERVER with UNKNOWN > > QUEUE ID. > > > > And so on. > > > > Where should the message be stored? Then THAT MTA should be configured > > to store email for the recipient. > > client -> ciphermail (gpg or not?) -> final MTA where the user retrieves mail > via imap. All postfix.
You mention two Postfix MTAs, but the logging shows a third, non-Postfix SMTP server, that is also is part of the loop. In any case the "final MTA" must be configured to store the messge. It currently is sending email elsewhere. > > If the problem is with the non-Postfix Postfix MTA, then I can't > > make specific recommendations, other that "don't do what you're > > doing now." > > > > If the problem is with one of the Postfix MTAs, then look at > > https://www.postfix.org/ADDRESS_CLASS_README.html#classes and > > configure the recipient's domain in the appropriate address class > > (local domain class, virtual alias domain class, or virtual mailbox > > domain class). > > I'll take a look at this doc. Thank you. I feel like if I simple > drop mail matching domain *.compute.amazonaws.com or even the fqdn > of the aws instance, that would be enough to break the chain, but > I?m not exactly sure how to do that. Configure the recipient's domain in (text after the '@') following https://www.postfix.org/ADDRESS_CLASS_README.html#classes If a domain name is non-deterministic, use a regular-expression map. Wietse
