Instructions for configuring mail transfer via ciphermail

Gateway
1

Hello, I’m a student and I was assigned to research mail configuration via ciphermail gateway. Currently, I have installed a mail server using dovecot, postfix and configured ciphermail gateway. but I don’t know how the message can go through the ciphermail gateway to encrypt/decrypt and return to the user. Please help me configure mail transfer. thank you!

2

CipherMail gateway should be configured as a “postfix after queue filter”, i.e., the first time postfix receives an email, postfix will deliver the email to the CipherMail back-end. After handling, the back-end will then send the email back to postfix for further delivery.

For details on how to configure a postfix after queue filter, see Postfix After-Queue Content Filter

Basically what you need to configure is:

  1. In master.cf add a service (for example name it ciphermail)

    ciphermail unix -       -       n       -       4      smtp
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
            -o smtp_generic_maps=

  2. in main.cf configure content_filter to point to the IP of the CIpherMail back-end

    content_filter = ciphermail:[127.0.0.1]:10025

    this will send email to the back-end on localhost:10025

  3. Add a “reinjection” port to postfix for email sent by the back-end back to postfix

    In master.cf add a service

    # injection port for mail handled by the back-end
127.0.0.1:10026 inet  n       -       -       -       10      smtpd
        -o content_filter= 
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_tls_security_level=
        -o mynetworks=127.0.0.0/8
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
        -o smtpd_authorized_xclient_hosts=127.0.0.0/8
        -o cleanup_service_name=cleanup_reinject

    What is important is that content_filter is set to an empty value to prevent a mail loop

I would suggest you have a look at the Virtual Appliance because that is already a configured and working system.

3

Hi team,

nice that you are here :slight_smile:

I have the very same question, although not a student any longer…

From the discussion - it is NOT clear, which master.cf are you talking about, there will be two: one from the original postfix and one from the ciphermail postfix. This is not clear in your answer.

I setup the Virtual Appliance, still I need to change main.cf/master.cf of the original postfix, otherwise ciphermail will be totally ignored.

Question is: do I need to change name, IP of the original postfix to make ciphermail work?

There need to be more changes than installing and configuring ciphermail, there MUST be changes to the config files of the original postfix, too.

I am lost here as well.
Unfortunately the documentiation does not mention at all. HOWTO, integrate ciphermail, into an existin mail system with one mail server (postfix).

Glad for any help,

Martin.

4

Well, it is all in the net… :slight_smile:

This post opened my eyes, got everything working, including amavis content filter

5

Good to hear you got it working :slight_smile: