On 20-02-18 18:41, Stefan Günther via Users wrote:
after running a couple of days, the ciphermail system at a customers
site complains about a mail forwarding loop. The customers says that
they didn't change anything, which seems to be true according to the
timestamp of the configuration files.
Even by running the smtpd daemon in verbose mode, I cannot figure
ouut, what causes the problem. It seems to occur, when the email is
reinjected by ciphermail (Version 3.3.1-0):
Hard to tell from the logs. It looks like this system is configured to
accept local email, i.e., user mailboxes are stored in the system. The
email is delivered to the mailboxes using the local daemon process.
according to http://www.postfix.org/local.8.html the local delivery
daemon has a loop detection mechanism using a Delivered-To header.
Perhaps the message already contains a Delivered-To header?
"In order to stop mail forwarding loops early, the software adds an
optional Delivered-To: header with the final envelope recipient
address. If mail arrives for a recipient that is already listed in a
Delivered-To: header, the message is bounced."
Is the email forwarded from some mailbox (for example with Fetchmail?)
Kind regards,
Martijn Brinkers
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250
2.1.5 Ok
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: DATA
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 354 End data with
<CR><LF>.<CR><LF>
Feb 20 18:15:27 ciphermail postfix/cleanup[1268]: B3E8440CE9:
message-id=<597517347.2.1519146791208.JavaMail.javamailuser@localhost>
Feb 20 18:15:27 ciphermail postfix/qmgr[1231]: B3E8440CE9:
from=<edi_n...@xxxxxxxxxxx.de>, size=12829, nrcpt=1 (queue active)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted
attribute: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: 0
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted
attribute: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted
attribute: (list terminator)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250
2.0.0 Ok: queued as B3E8440CE9
Feb 20 18:15:27 ciphermail postfix/smtp[1269]: B3E8440CE9:
to=<edif...@domain.ag>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.18,
delays=0.07/0.01/0.05/0.05, dsn=2.6.0, status=sent (250 2.6.0 Message received)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: QUIT
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 221
2.0.0 Bye
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostname:
smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostaddr:
smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: master_notify: status 1
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: connection closed
Feb 20 18:15:28 ciphermail postfix/smtpd[1270]: 3462140CEC:
client=localhost[127.0.0.1], orig_client=localhost[127.0.0.1]
Feb 20 18:15:28 ciphermail postfix/cleanup[1271]: 3462140CEC:
message-id=<597517347.2.1519146791208.JavaMail.javamailuser@localhost>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3462140CEC:
from=<edi_n...@sxxxxxxxxx.de>, size=10553, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/local[1272]: 3462140CEC:
to=<edif...@domain.ag>, relay=local, delay=0.04, delays=0.03/0.01/0/0.01,
dsn=5.4.6, status=bounced (mail forwarding loop for edif...@domain.ag)
Feb 20 18:15:28 ciphermail postfix/cleanup[1268]: 3CCA940CF3:
message-id=<20180220171528.3cca940...@ciphermail.domain.ag>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3CCA940CF3: from=<>, size=12508,
nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/bounce[1273]: 3462140CEC: sender
non-delivery notification: 3CCA940CF3
Feb 20 18:15:28 ciphermail postfix/smtp[1275]: 3CCA940CF3:
to=<edi_n...@xxxxxx.de>, relay=smtp.mailbox.org[80.241.60.196]:465, delay=0.33,
delays=0/0.01/0.17/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 83ACD11F9)
/etc/postfix/main.cf
djigzo_myhostname = ciphermail.DOMAIN.ag
djigzo_mydestination = DOMAIN.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = DOMAIN.ag
djigzo_before_filter_message_size_limit = 102400000
djigzo_after_filter_message_size_limit = 102400000
djigzo_mailbox_size_limit = 102400000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
myhostname = ${djigzo_myhostname}
mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1,
localhost.localdomain, localhost, ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, 91.206.61.238/32, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
#relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relayhost = smtp.mailbox.org:465
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_invalid_hostname reject_unknown_sender_domain
reject_unknown_recipient_domain
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
compatibility_level=2
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
mydomain = gpg.ag
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_transport = cyrus
content_filter = djigzo:[127.0.0.1]:10025
recipient_delimiter = +
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
inet_interfaces = all
inet_protocols = ipv4
/etc/postfix/master.cf
smtp inet n - y - - smtpd -v
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
-o smtp_tls_wrappermode=no
-o smtp_tls_security_level=none
# cleanup for reinject so we can set the hopcount_limit differently for the
reinjection port
cleanup_reinject unix n - - - 0 cleanup
-o hopcount_limit=100
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
Thanks for any hints & suggestions,
Stefan
_______________________________________________
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
https://www.ciphermail.com
Twitter: http://twitter.com/CipherMail
_______________________________________________
Users mailing list
Users@lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users