On 11/09/2015 09:00 PM, Lars wrote: > Hi, > > I would like to seperate ciphermail from mailserver via docker, one > container with postfix/dovecot and one container with > ciphermail/ciphermailWebClient. > > How do I config postfix and ciphermail? > > I changed main.cf to: > content_filter = djigzo:[ip_of_ciphermailContainer]:10025 > > I think this was the easy part, but how to setup master.cf at this point: > djigzo unix - - n - 4 smtp > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o smtp_generic_maps=
No need to change the above setting. The IP address to connect to is configured in the content_filter setting > 127.0.0.1:10026 inet n - n - 10 smtpd > -o content_filter= > -o receive_override_options=no_unknown_recipient_checks, > no_header_body_checks,no_milters > -o smtpd_helo_restrictions= > -o smtpd_client_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o mynetworks=127.0.0.0/8 > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > -o smtpd_authorized_xclient_hosts=127.0.0.0/8 Port 10026 is the "reinjection port", i.e., it is used to send email from the back-end back to postfix. Since in your setup the back-end uses a different IP, you need to bind to the external IP instead of localhost. So instead of using 127.0.0.1:10026 use :10026 mynetworks, smtpd_authorized_xforward_hosts and smtpd_authorized_xclient_hosts should be set to the IP address of the back-end system. The 10026 settings should look like: (Warning not tested) :10026 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks, no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=****** -o smtpd_authorized_xforward_hosts=****** -o smtpd_authorized_xclient_hosts=****** Where ****** should be the IP of the back-end system > And how to tell ciphermail at which ip to find postfix and must > ciphermail setup to accepte connections not coming from localhost? This requires a number of changes to different config files The back-end should be bound to the external IP instead of 127.0.0.1. This can be configured by editing the file /usr/share/djigzo/conf/james/SAR-INF/less smtp_server_config.xml Remove or uncomment the <bind> 127.0.0.1 </bind> line to make the system bind to all IP addresses. To enable the back-end server to accept connections not coming from localhost, edit the file /usr/share/djigzo/conf/james/SAR-INF/config.xml Add the IP of the postfix server to the authorizedAddresses <authorizedAddresses> 127.0.0.0/8, ****** </authorizedAddresses> Where ****** is the IP of the postfix server To tell to back-end to send email after handling back to the postfix reinjection port 10026 edit the file /usr/share/djigzo/conf/james/SAR-INF/smtp_transport_config.xml Change the gateway IP address from 127.0.0.1 t0 the IP of postfix <gateway> ****** </gateway> Where ****** is the IP of the postfix server I have not tested these changes so it might be that I missed something. Let me know how it goes. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
