CipherMail as Gateway with real IP to ContentFilter

Hey Guys,

I recently set up my ciphermail for my small family mail server and own IT knownledge.
Right now I’m able to encrypt/decrypt my mails. What is not working well, at least right now because of the lack of my knownledge:

SPF checks on my ProxmoxMailGateway that is one hop after the CipherMail. It is always telling me that the local IP adress of my CipherMail is not allowed to send in the name of my domain what is absolutly true.

So how can I fix this?
my ciphermail ip adress is: and the proxmoxmailgatway is

At least I think that CipherMail can’t do the SPF/DMARC/DKIM Checks right?

You need to configure Proxmox to whitelist the IP address of the CipherMail gateway, i.e., Proxmox should not do any SPF/DKIM check for email received from the CipherMail gateway.

A better setup is where you configure the content scanner (Proxmox in your case) to always send email to the gateway for decryption/encryption except if the email comes from the gateway


With this setup, the content scanner can do SPF/DKIM checks. The hardest part is telling the content scanner to skip sending it back to the CipherMail gateway if the email comes from the CipherMail IP address and to skip SPF/DKIM checks for email which is received from the CipherMail gateway.

1 Like