Postfix is responsible for the MTA part. Postfix contains a check which checks whether the hostname (fqdn) of the server is the same as the hostname of the server it connects to and if so it reports "mail for ... loops back to myself".
since you anonymized the logs, I cannot check whether this is the case in your setup. From the config it appears that you did not configure "Internal relay host" and therefore MX lookup is done for your internal domains. Could it be that you want the CipherMail gateway to first receive email for your domain and then have it forward using MX lookups to the final server? If so, since the MX records point to the CipherMail gateway, it will connect to itself because it will lookup the next server via MX lookup. You can solve this by explicitly specifying the "Internal relay host" or by telling the gateway what the external IP address (See proxy_interfaces http://www.postfix.org/postconf.5.html#proxy_interfaces) Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger On Sat, 2021-05-15 at 00:38 -0700, Jeremy Hansen via Users wrote: > I’m attempting to evaluate Ciphermail and I’m running info this "mail > for domain.corp loops back to myself” > > My goal is to set up Ciphermail as an internal mail server just for > testing. > > So, I have > > testmail.mx.domain.corp > > domain.corp’s MX record is set to: > > dig @192.168.10.10 mx domain.corp > > ; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> @192.168.10.10 mx > domain.corp > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59536 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: > 2 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ; COOKIE: 3c201885a57bfe1393fbf7a2609f79469962e84c4c0b267e (good) > ;; QUESTION SECTION: > ;domain.corp. IN MX > > ;; ANSWER SECTION: > domain.corp. 300 IN MX 0 > testmail.mx.domain.corp. > > ;; AUTHORITY SECTION: > domain.corp. 300 IN NS 192.168.10.10. > > ;; ADDITIONAL SECTION: > testmail.mx.domain.corp. 300 IN A 192.168.100.2 > 0 > > ;; Query time: 1 msec > ;; SERVER: 192.168.10.10#53(192.168.10.10) > ;; WHEN: Sat May 15 00:33:26 PDT 2021 > ;; MSG SIZE rcvd: 136 > > > My main.cf looks like this: > > > > # postfix main config for CipherMail > > # setting starting with djigzo_ will be overwritten when applying the > MTA settings > djigzo_myhostname = testmail.mx.domain.corp > djigzo_mydestination = $myhostname, localhost.$mydomain, localhost, > $mydomain > djigzo_mynetworks = 192.168.10.0/24, 192.168.100.0/24, 127.0.0.0/8 > djigzo_relayhost = > djigzo_relayhost_mx_lookup = > djigzo_relayhost_port = 25 > djigzo_relay_domains = domain.corp, mx.domain.corp, > testmail.mx.domain.corp > djigzo_before_filter_message_size_limit = 10240000 > djigzo_calculated_after_filter_message_size_limit = 30720000 > djigzo_after_filter_message_size_limit = > ${djigzo_calculated_after_filter_message_size_limit} > djigzo_mailbox_size_limit = 512000000 > djigzo_smtp_helo_name = testmail.mx.domain.corp > djigzo_relay_transport_host = > djigzo_relay_transport_host_mx_lookup = > djigzo_relay_transport_host_port = 25 > djigzo_reject_unverified_recipient = > djigzo_unverified_recipient_reject_code = 450 > djigzo_parent_domain_matches_subdomains = relay_domains > djigzo_rbl_clients = > djigzo_calculated_queue_minfree = 92160000 > > # The internet hostname of this mail system > myhostname = ${djigzo_myhostname} > > # The list of domains that are delivered via the $local_transport > mail delivery transport > mydestination = ${djigzo_mydestination} > > # The list of "trusted" remote SMTP clients that have more privileges > than "strangers". > mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks} > > # What destination domains (and subdomains thereof) this system will > relay mail to. > relay_domains = ${djigzo_relay_domains} > > # What Postfix features match subdomains of "domain.tld" > automatically, instead of requiring an explicit ".domain.tld" > pattern. > parent_domain_matches_subdomains = > ${djigzo_parent_domain_matches_subdomains} > > # The hostname to send in the SMTP EHLO or HELO command. > smtp_helo_name = > ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_nam > e:${myhostname}} > > # The default mail delivery transport and next-hop destination for > remote delivery to domains listed with $relay_domains > relay_transport = > relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_ > lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_ > mx_lookup:]}:${djigzo_relay_transport_host_port}} > > # The next-hop destination of non-local mail > relayhost = > ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost > }${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhos > t?:${djigzo_relayhost_port}} > > # Optional restrictions that the Postfix SMTP server applies in the > context of a client RCPT TO command > smtpd_recipient_restrictions = permit_mynetworks > reject_unauth_destination > ${djigzo_rbl_clients} > ${djigzo_reject_unverified_recipient? > reject_unverified_recipient} > > # The numerical Postfix SMTP server response when a recipient address > is rejected by the reject_unverified_recipient restriction > unverified_recipient_reject_code = > ${djigzo_unverified_recipient_reject_code} > > # disable DSN and ETRN ESMTP announce > smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn > > # reject all ETRN > smtpd_etrn_restrictions = reject > > # disable local delivery > local_transport = error:local mail delivery is disabled > local_recipient_maps = > > # forward local system accounts > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > #virtual_alias_maps = hash:/etc/postfix/virtual-aliases > > # The maximal size in bytes of a message, including envelope > information. > message_size_limit = ${djigzo_after_filter_message_size_limit} > > # The maximal size of any local(8) individual mailbox or maildir file > mailbox_size_limit = ${djigzo_mailbox_size_limit} > > # The minimal amount of free space in bytes in the queue file system > that is needed to receive mail > queue_minfree = ${djigzo_calculated_queue_minfree} > > # What remote SMTP clients are allowed to use the XFORWARD feature > smtpd_authorized_xforward_hosts = 127.0.0.1/32 > > # forward incoming email to the Mail Processing Agent (MPA) > content_filter = djigzo:[127.0.0.1]:10025 > > # filter email headers > #header_checks = pcre:/etc/postfix/header-checks > > # server side TLS configuration > #smtpd_tls_cert_file = /etc/postfix/tls.pem > #smtpd_tls_key_file = $smtpd_tls_cert_file > #smtpd_tls_security_level = may > #smtpd_tls_loglevel = 1 > # disable low grade ciphers to prevent FREAK attack > #smtpd_tls_exclude_ciphers = aNULL, EXPORT, LOW > > # client side TLS configuration > #smtp_tls_CApath = /etc/ssl/certs > #smtp_tls_security_level = may > #smtp_tls_loglevel = 1 > > #smtp_sasl_auth_enable = yes > #smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd > #smtp_sasl_type = cyrus > #smtp_sasl_security_options = > > # The mail system name that is displayed in Received: headers, in the > SMTP greeting banner, and in bounced mail. > mail_name = CipherMail > > # The text that follows the 220 status code in the SMTP greeting > banner. > # You MUST specify $myhostname at the start of the text. This is > required by the SMTP protocol. > smtpd_banner = $myhostname ESMTP $mail_name > > # The time after which the sender receives a copy of the message > headers of mail that is still queued. > # Uncomment the next line to generate "delayed mail" warnings > #delay_warning_time = 4h > > # With locally submitted mail, append the string ".$mydomain" to > addresses that have no ".domain" information. > # appending .domain is the MUA's job. > append_dot_mydomain = no > > biff = no > recipient_delimiter = + > > # list of error classes that are reported to the postmaster. Set to > empty by default as it can be result in mail floods > # if there is some Postfix error. > notify_classes = > > # enable long, non-repeating, queue IDs. The benefit of non-repeating > names is simpler logfile analysis > enable_long_queue_ids = yes > > # the address type ("ipv6", "ipv4" or "any") that the Postfix SMTP > client will try first, when a destination has > # IPv6 and IPv4 addresses with equal MX preference. > smtp_address_preference = ipv4 > > > > > > When I send mail from an internal machine: > > May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: connect > from macbook-pro.adifferentdomain.intra[192.168.10.95] > May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: > 4Fhxz26x1wz59DQp: client=macbook- > pro.adifferentdomain.intra[192.168.10.95] > May 15 00:36:14 testmail.mx.domain.corp postfix/cleanup[39461]: > 4Fhxz26x1wz59DQp: message-id=< > [email protected]> > May 15 00:36:14 testmail.mx.domain.corp postfix/qmgr[39375]: > 4Fhxz26x1wz59DQp: from=<[email protected]>, > size=560, nrcpt=1 (queue active) > May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: > disconnect from macbook-pro.adifferentdomain.intra[192.168.10.95] > ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 > May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39462]: > 4Fhxz26x1wz59DQp: to=<[email protected]>, > relay=127.0.0.1[127.0.0.1]:10025, delay=0.09, > delays=0.01/0/0.04/0.04, dsn=2.6.0, status=sent (250 2.6.0 Message > received) > May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: > 4Fhxz26x1wz59DQp: removed > May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: connect > from localhost[127.0.0.1] > May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: > 4Fhxz31K2Fz59DQp: client=localhost[127.0.0.1], orig_client=macbook- > pro.adifferentdomain.intra[192.168.10.95] > May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39464]: > 4Fhxz31K2Fz59DQp: message-id=< > [email protected]> > May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: > 4Fhxz31K2Fz59DQp: from=<[email protected]>, > size=773, nrcpt=1 (queue active) > May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: > disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 > data=1 quit=1 commands=6 > May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39449]: > 4Fhxz31K2Fz59DQp: to=<[email protected]>, relay=none, delay=0.02, > delays=0.01/0/0.01/0, dsn=5.4.6, status=bounced (mail for domain.corp > loops back to myself) > May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39461]: > 4Fhxz31TYhz59DR5: message-id=< > [email protected]> > May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: > 4Fhxz31TYhz59DR5: from=<>, size=2701, nrcpt=1 (queue active) > May 15 00:36:15 testmail.mx.domain.corp postfix/bounce[39465]: > 4Fhxz31K2Fz59DQp: sender non-delivery notification: 4Fhxz31TYhz59DR5 > May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: > 4Fhxz31K2Fz59DQp: removed > May 15 00:36:15 testmail.mx.domain.corp postfix/error[39466]: > 4Fhxz31TYhz59DR5: to=<[email protected]>, > relay=none, delay=0.01, delays=0/0/0/0, dsn=4.4.1, status=deferred > (delivery temporarily suspended: connect to macbook- > pro.adifferentdomain.intra[192.168.10.95]:25: Connection refused) > > > > I’m not sure what I’m doing wrong. I basically want mail to be > delivered to the Ciphermail host for user jeremy. > > > > Thanks > -jeremy > > > >
