I’m attempting to evaluate Ciphermail and I’m running info this "mail for domain.corp loops back to myself”
My goal is to set up Ciphermail as an internal mail server just for testing.
So, I have
testmail.mx.domain.corp
domain.corp’s MX record is set to:
dig @192.168.10.10 mx domain.corp
; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> @192.168.10.10 mx domain.corp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59536
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 3c201885a57bfe1393fbf7a2609f79469962e84c4c0b267e (good)
;; QUESTION SECTION:
;domain.corp. IN MX
;; ANSWER SECTION:
domain.corp. 300 IN MX 0 testmail.mx.domain.corp.
;; AUTHORITY SECTION:
domain.corp. 300 IN NS 192.168.10.10.
;; ADDITIONAL SECTION:
testmail.mx.domain.corp. 300 IN A 192.168.100.20
;; Query time: 1 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Sat May 15 00:33:26 PDT 2021
;; MSG SIZE rcvd: 136
My main.cf looks like this:
# postfix main config for CipherMail
# setting starting with djigzo_ will be overwritten when applying the MTA
settings
djigzo_myhostname = testmail.mx.domain.corp
djigzo_mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
djigzo_mynetworks = 192.168.10.0/24, 192.168.100.0/24, 127.0.0.0/8
djigzo_relayhost =
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = domain.corp, mx.domain.corp, testmail.mx.domain.corp
djigzo_before_filter_message_size_limit = 10240000
djigzo_calculated_after_filter_message_size_limit = 30720000
djigzo_after_filter_message_size_limit =
${djigzo_calculated_after_filter_message_size_limit}
djigzo_mailbox_size_limit = 512000000
djigzo_smtp_helo_name = testmail.mx.domain.corp
djigzo_relay_transport_host =
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains = relay_domains
djigzo_rbl_clients =
djigzo_calculated_queue_minfree = 92160000
# The internet hostname of this mail system
myhostname = ${djigzo_myhostname}
# The list of domains that are delivered via the $local_transport mail delivery
transport
mydestination = ${djigzo_mydestination}
# The list of "trusted" remote SMTP clients that have more privileges than
"strangers".
mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks}
# What destination domains (and subdomains thereof) this system will relay mail
to.
relay_domains = ${djigzo_relay_domains}
# What Postfix features match subdomains of "domain.tld" automatically, instead
of requiring an explicit ".domain.tld" pattern.
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
# The hostname to send in the SMTP EHLO or HELO command.
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
# The default mail delivery transport and next-hop destination for remote
delivery to domains listed with $relay_domains
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
# The next-hop destination of non-local mail
relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
# Optional restrictions that the Postfix SMTP server applies in the context of
a client RCPT TO command
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
# The numerical Postfix SMTP server response when a recipient address is
rejected by the reject_unverified_recipient restriction
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
# disable DSN and ETRN ESMTP announce
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
# reject all ETRN
smtpd_etrn_restrictions = reject
# disable local delivery
local_transport = error:local mail delivery is disabled
local_recipient_maps =
# forward local system accounts
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#virtual_alias_maps = hash:/etc/postfix/virtual-aliases
# The maximal size in bytes of a message, including envelope information.
message_size_limit = ${djigzo_after_filter_message_size_limit}
# The maximal size of any local(8) individual mailbox or maildir file
mailbox_size_limit = ${djigzo_mailbox_size_limit}
# The minimal amount of free space in bytes in the queue file system that is
needed to receive mail
queue_minfree = ${djigzo_calculated_queue_minfree}
# What remote SMTP clients are allowed to use the XFORWARD feature
smtpd_authorized_xforward_hosts = 127.0.0.1/32
# forward incoming email to the Mail Processing Agent (MPA)
content_filter = djigzo:[127.0.0.1]:10025
# filter email headers
#header_checks = pcre:/etc/postfix/header-checks
# server side TLS configuration
#smtpd_tls_cert_file = /etc/postfix/tls.pem
#smtpd_tls_key_file = $smtpd_tls_cert_file
#smtpd_tls_security_level = may
#smtpd_tls_loglevel = 1
# disable low grade ciphers to prevent FREAK attack
#smtpd_tls_exclude_ciphers = aNULL, EXPORT, LOW
# client side TLS configuration
#smtp_tls_CApath = /etc/ssl/certs
#smtp_tls_security_level = may
#smtp_tls_loglevel = 1
#smtp_sasl_auth_enable = yes
#smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
#smtp_sasl_type = cyrus
#smtp_sasl_security_options =
# The mail system name that is displayed in Received: headers, in the SMTP
greeting banner, and in bounced mail.
mail_name = CipherMail
# The text that follows the 220 status code in the SMTP greeting banner.
# You MUST specify $myhostname at the start of the text. This is required by
the SMTP protocol.
smtpd_banner = $myhostname ESMTP $mail_name
# The time after which the sender receives a copy of the message headers of
mail that is still queued.
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# With locally submitted mail, append the string ".$mydomain" to addresses that
have no ".domain" information.
# appending .domain is the MUA's job.
append_dot_mydomain = no
biff = no
recipient_delimiter = +
# list of error classes that are reported to the postmaster. Set to empty by
default as it can be result in mail floods
# if there is some Postfix error.
notify_classes =
# enable long, non-repeating, queue IDs. The benefit of non-repeating names is
simpler logfile analysis
enable_long_queue_ids = yes
# the address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will
try first, when a destination has
# IPv6 and IPv4 addresses with equal MX preference.
smtp_address_preference = ipv4
When I send mail from an internal machine:
May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: connect from
macbook-pro.adifferentdomain.intra[192.168.10.95]
May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: 4Fhxz26x1wz59DQp:
client=macbook-pro.adifferentdomain.intra[192.168.10.95]
May 15 00:36:14 testmail.mx.domain.corp postfix/cleanup[39461]:
4Fhxz26x1wz59DQp:
message-id=<[email protected]>
May 15 00:36:14 testmail.mx.domain.corp postfix/qmgr[39375]: 4Fhxz26x1wz59DQp:
from=<[email protected]>, size=560, nrcpt=1 (queue
active)
May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: disconnect from
macbook-pro.adifferentdomain.intra[192.168.10.95] ehlo=1 mail=1 rcpt=1 data=1
quit=1 commands=5
May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39462]: 4Fhxz26x1wz59DQp:
to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.09,
delays=0.01/0/0.04/0.04, dsn=2.6.0, status=sent (250 2.6.0 Message received)
May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: 4Fhxz26x1wz59DQp:
removed
May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: connect from
localhost[127.0.0.1]
May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: 4Fhxz31K2Fz59DQp:
client=localhost[127.0.0.1],
orig_client=macbook-pro.adifferentdomain.intra[192.168.10.95]
May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39464]:
4Fhxz31K2Fz59DQp:
message-id=<[email protected]>
May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: 4Fhxz31K2Fz59DQp:
from=<[email protected]>, size=773, nrcpt=1 (queue
active)
May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: disconnect from
localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 quit=1 commands=6
May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39449]: 4Fhxz31K2Fz59DQp:
to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0/0.01/0,
dsn=5.4.6, status=bounced (mail for domain.corp loops back to myself)
May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39461]:
4Fhxz31TYhz59DR5: message-id=<[email protected]>
May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: 4Fhxz31TYhz59DR5:
from=<>, size=2701, nrcpt=1 (queue active)
May 15 00:36:15 testmail.mx.domain.corp postfix/bounce[39465]:
4Fhxz31K2Fz59DQp: sender non-delivery notification: 4Fhxz31TYhz59DR5
May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: 4Fhxz31K2Fz59DQp:
removed
May 15 00:36:15 testmail.mx.domain.corp postfix/error[39466]: 4Fhxz31TYhz59DR5:
to=<[email protected]>, relay=none, delay=0.01,
delays=0/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended:
connect to macbook-pro.adifferentdomain.intra[192.168.10.95]:25: Connection
refused)
I’m not sure what I’m doing wrong. I basically want mail to be delivered to
the Ciphermail host for user jeremy.
Thanks
-jeremy
signature.asc
Description: Message signed with OpenPGP
