Thank you for the response. The MX is set to the gateway’s address. I don’t want to relay mail. I want to gateway to be the destination and I want <[email protected]> to be delivered to <user> on the ciphermail gateway.
It works fine if I set up the relay to go to another MTA, but I was hoping to not relay at all. Thanks > On May 17, 2021, at 6:21 AM, Martijn Brinkers <[email protected]> wrote: > > Postfix is responsible for the MTA part. Postfix contains a check which > checks whether the hostname (fqdn) of the server is the same as the > hostname of the server it connects to and if so it reports "mail for ... > loops back to myself". > > since you anonymized the logs, I cannot check whether this is the case > in your setup. From the config it appears that you did not configure > "Internal relay host" and therefore MX lookup is done for your internal > domains. Could it be that you want the CipherMail gateway to first > receive email for your domain and then have it forward using MX lookups > to the final server? If so, since the MX records point to the > CipherMail gateway, it will connect to itself because it will lookup > the next server via MX lookup. > > You can solve this by explicitly specifying the "Internal relay host" > or by telling the gateway what the external IP address (See > proxy_interfaces > http://www.postfix.org/postconf.5.html#proxy_interfaces) > > Kind regards, > > Martijn Brinkers > > -- > CipherMail email encryption > Email encryption with support for S/MIME, > OpenPGP, PDF Messenger and Webmail Messenger > >> On Sat, 2021-05-15 at 00:38 -0700, Jeremy Hansen via Users wrote: >> I’m attempting to evaluate Ciphermail and I’m running info this "mail >> for domain.corp loops back to myself” >> >> My goal is to set up Ciphermail as an internal mail server just for >> testing. >> >> So, I have >> >> testmail.mx.domain.corp >> >> domain.corp’s MX record is set to: >> >> dig @192.168.10.10 mx domain.corp >> >> ; <<>> DiG 9.11.13-RedHat-9.11.13-3.el8 <<>> @192.168.10.10 mx >> domain.corp >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59536 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: >> 2 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ; COOKIE: 3c201885a57bfe1393fbf7a2609f79469962e84c4c0b267e (good) >> ;; QUESTION SECTION: >> ;domain.corp. IN MX >> >> ;; ANSWER SECTION: >> domain.corp. 300 IN MX 0 >> testmail.mx.domain.corp. >> >> ;; AUTHORITY SECTION: >> domain.corp. 300 IN NS 192.168.10.10. >> >> ;; ADDITIONAL SECTION: >> testmail.mx.domain.corp. 300 IN A 192.168.100.2 >> 0 >> >> ;; Query time: 1 msec >> ;; SERVER: 192.168.10.10#53(192.168.10.10) >> ;; WHEN: Sat May 15 00:33:26 PDT 2021 >> ;; MSG SIZE rcvd: 136 >> >> >> My main.cf looks like this: >> >> >> >> # postfix main config for CipherMail >> >> # setting starting with djigzo_ will be overwritten when applying the >> MTA settings >> djigzo_myhostname = testmail.mx.domain.corp >> djigzo_mydestination = $myhostname, localhost.$mydomain, localhost, >> $mydomain >> djigzo_mynetworks = 192.168.10.0/24, 192.168.100.0/24, 127.0.0.0/8 >> djigzo_relayhost = >> djigzo_relayhost_mx_lookup = >> djigzo_relayhost_port = 25 >> djigzo_relay_domains = domain.corp, mx.domain.corp, >> testmail.mx.domain.corp >> djigzo_before_filter_message_size_limit = 10240000 >> djigzo_calculated_after_filter_message_size_limit = 30720000 >> djigzo_after_filter_message_size_limit = >> ${djigzo_calculated_after_filter_message_size_limit} >> djigzo_mailbox_size_limit = 512000000 >> djigzo_smtp_helo_name = testmail.mx.domain.corp >> djigzo_relay_transport_host = >> djigzo_relay_transport_host_mx_lookup = >> djigzo_relay_transport_host_port = 25 >> djigzo_reject_unverified_recipient = >> djigzo_unverified_recipient_reject_code = 450 >> djigzo_parent_domain_matches_subdomains = relay_domains >> djigzo_rbl_clients = >> djigzo_calculated_queue_minfree = 92160000 >> >> # The internet hostname of this mail system >> myhostname = ${djigzo_myhostname} >> >> # The list of domains that are delivered via the $local_transport >> mail delivery transport >> mydestination = ${djigzo_mydestination} >> >> # The list of "trusted" remote SMTP clients that have more privileges >> than "strangers". >> mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks} >> >> # What destination domains (and subdomains thereof) this system will >> relay mail to. >> relay_domains = ${djigzo_relay_domains} >> >> # What Postfix features match subdomains of "domain.tld" >> automatically, instead of requiring an explicit ".domain.tld" >> pattern. >> parent_domain_matches_subdomains = >> ${djigzo_parent_domain_matches_subdomains} >> >> # The hostname to send in the SMTP EHLO or HELO command. >> smtp_helo_name = >> ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_nam >> e:${myhostname}} >> >> # The default mail delivery transport and next-hop destination for >> remote delivery to domains listed with $relay_domains >> relay_transport = >> relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_ >> lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_ >> mx_lookup:]}:${djigzo_relay_transport_host_port}} >> >> # The next-hop destination of non-local mail >> relayhost = >> ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost >> }${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhos >> t?:${djigzo_relayhost_port}} >> >> # Optional restrictions that the Postfix SMTP server applies in the >> context of a client RCPT TO command >> smtpd_recipient_restrictions = permit_mynetworks >> reject_unauth_destination >> ${djigzo_rbl_clients} >> ${djigzo_reject_unverified_recipient? >> reject_unverified_recipient} >> >> # The numerical Postfix SMTP server response when a recipient address >> is rejected by the reject_unverified_recipient restriction >> unverified_recipient_reject_code = >> ${djigzo_unverified_recipient_reject_code} >> >> # disable DSN and ETRN ESMTP announce >> smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn >> >> # reject all ETRN >> smtpd_etrn_restrictions = reject >> >> # disable local delivery >> local_transport = error:local mail delivery is disabled >> local_recipient_maps = >> >> # forward local system accounts >> alias_maps = hash:/etc/aliases >> alias_database = hash:/etc/aliases >> #virtual_alias_maps = hash:/etc/postfix/virtual-aliases >> >> # The maximal size in bytes of a message, including envelope >> information. >> message_size_limit = ${djigzo_after_filter_message_size_limit} >> >> # The maximal size of any local(8) individual mailbox or maildir file >> mailbox_size_limit = ${djigzo_mailbox_size_limit} >> >> # The minimal amount of free space in bytes in the queue file system >> that is needed to receive mail >> queue_minfree = ${djigzo_calculated_queue_minfree} >> >> # What remote SMTP clients are allowed to use the XFORWARD feature >> smtpd_authorized_xforward_hosts = 127.0.0.1/32 >> >> # forward incoming email to the Mail Processing Agent (MPA) >> content_filter = djigzo:[127.0.0.1]:10025 >> >> # filter email headers >> #header_checks = pcre:/etc/postfix/header-checks >> >> # server side TLS configuration >> #smtpd_tls_cert_file = /etc/postfix/tls.pem >> #smtpd_tls_key_file = $smtpd_tls_cert_file >> #smtpd_tls_security_level = may >> #smtpd_tls_loglevel = 1 >> # disable low grade ciphers to prevent FREAK attack >> #smtpd_tls_exclude_ciphers = aNULL, EXPORT, LOW >> >> # client side TLS configuration >> #smtp_tls_CApath = /etc/ssl/certs >> #smtp_tls_security_level = may >> #smtp_tls_loglevel = 1 >> >> #smtp_sasl_auth_enable = yes >> #smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd >> #smtp_sasl_type = cyrus >> #smtp_sasl_security_options = >> >> # The mail system name that is displayed in Received: headers, in the >> SMTP greeting banner, and in bounced mail. >> mail_name = CipherMail >> >> # The text that follows the 220 status code in the SMTP greeting >> banner. >> # You MUST specify $myhostname at the start of the text. This is >> required by the SMTP protocol. >> smtpd_banner = $myhostname ESMTP $mail_name >> >> # The time after which the sender receives a copy of the message >> headers of mail that is still queued. >> # Uncomment the next line to generate "delayed mail" warnings >> #delay_warning_time = 4h >> >> # With locally submitted mail, append the string ".$mydomain" to >> addresses that have no ".domain" information. >> # appending .domain is the MUA's job. >> append_dot_mydomain = no >> >> biff = no >> recipient_delimiter = + >> >> # list of error classes that are reported to the postmaster. Set to >> empty by default as it can be result in mail floods >> # if there is some Postfix error. >> notify_classes = >> >> # enable long, non-repeating, queue IDs. The benefit of non-repeating >> names is simpler logfile analysis >> enable_long_queue_ids = yes >> >> # the address type ("ipv6", "ipv4" or "any") that the Postfix SMTP >> client will try first, when a destination has >> # IPv6 and IPv4 addresses with equal MX preference. >> smtp_address_preference = ipv4 >> >> >> >> >> >> When I send mail from an internal machine: >> >> May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: connect >> from macbook-pro.adifferentdomain.intra[192.168.10.95] >> May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: >> 4Fhxz26x1wz59DQp: client=macbook- >> pro.adifferentdomain.intra[192.168.10.95] >> May 15 00:36:14 testmail.mx.domain.corp postfix/cleanup[39461]: >> 4Fhxz26x1wz59DQp: message-id=< >> [email protected]> >> May 15 00:36:14 testmail.mx.domain.corp postfix/qmgr[39375]: >> 4Fhxz26x1wz59DQp: from=<[email protected]>, >> size=560, nrcpt=1 (queue active) >> May 15 00:36:14 testmail.mx.domain.corp postfix/smtpd[39460]: >> disconnect from macbook-pro.adifferentdomain.intra[192.168.10.95] >> ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 >> May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39462]: >> 4Fhxz26x1wz59DQp: to=<[email protected]>, >> relay=127.0.0.1[127.0.0.1]:10025, delay=0.09, >> delays=0.01/0/0.04/0.04, dsn=2.6.0, status=sent (250 2.6.0 Message >> received) >> May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: >> 4Fhxz26x1wz59DQp: removed >> May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: connect >> from localhost[127.0.0.1] >> May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: >> 4Fhxz31K2Fz59DQp: client=localhost[127.0.0.1], orig_client=macbook- >> pro.adifferentdomain.intra[192.168.10.95] >> May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39464]: >> 4Fhxz31K2Fz59DQp: message-id=< >> [email protected]> >> May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: >> 4Fhxz31K2Fz59DQp: from=<[email protected]>, >> size=773, nrcpt=1 (queue active) >> May 15 00:36:15 testmail.mx.domain.corp postfix/smtpd[39463]: >> disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 >> data=1 quit=1 commands=6 >> May 15 00:36:15 testmail.mx.domain.corp postfix/smtp[39449]: >> 4Fhxz31K2Fz59DQp: to=<[email protected]>, relay=none, delay=0.02, >> delays=0.01/0/0.01/0, dsn=5.4.6, status=bounced (mail for domain.corp >> loops back to myself) >> May 15 00:36:15 testmail.mx.domain.corp postfix/cleanup[39461]: >> 4Fhxz31TYhz59DR5: message-id=< >> [email protected]> >> May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: >> 4Fhxz31TYhz59DR5: from=<>, size=2701, nrcpt=1 (queue active) >> May 15 00:36:15 testmail.mx.domain.corp postfix/bounce[39465]: >> 4Fhxz31K2Fz59DQp: sender non-delivery notification: 4Fhxz31TYhz59DR5 >> May 15 00:36:15 testmail.mx.domain.corp postfix/qmgr[39375]: >> 4Fhxz31K2Fz59DQp: removed >> May 15 00:36:15 testmail.mx.domain.corp postfix/error[39466]: >> 4Fhxz31TYhz59DR5: to=<[email protected]>, >> relay=none, delay=0.01, delays=0/0/0/0, dsn=4.4.1, status=deferred >> (delivery temporarily suspended: connect to macbook- >> pro.adifferentdomain.intra[192.168.10.95]:25: Connection refused) >> >> >> >> I’m not sure what I’m doing wrong. I basically want mail to be >> delivered to the Ciphermail host for user jeremy. >> >> >> >> Thanks >> -jeremy >> >> >> >> >
