Good evening,
after running a couple of days, the ciphermail system at a customers site complains about a mail forwarding loop. The customers says that they didn't change anything, which seems to be true according to the timestamp of the configuration files.
Even by running the smtpd daemon in verbose mode, I cannot figure ouut, what causes the problem. It seems to occur, when the email is reinjected by ciphermail (Version 3.3.1-0):
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 2.1.5 Ok
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: DATA
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 354 End data with <CR><LF>.<CR><LF>
Feb 20 18:15:27 ciphermail postfix/cleanup[1268]: B3E8440CE9: message-id=<597517347.2.1519146791208.JavaMail.javamailuser(a)localhost>
Feb 20 18:15:27 ciphermail postfix/qmgr[1231]: B3E8440CE9: from=<edi_netz(a)xxxxxxxxxxx.de>, size=12829, nrcpt=1 (queue active)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: 0
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: (list terminator)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 2.0.0 Ok: queued as B3E8440CE9
Feb 20 18:15:27 ciphermail postfix/smtp[1269]: B3E8440CE9: to=<edifact(a)DOMAIN.ag>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.18, delays=0.07/0.01/0.05/0.05, dsn=2.6.0, status=sent (250 2.6.0 Message received)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: QUIT
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 221 2.0.0 Bye
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostaddr: smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: master_notify: status 1
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: connection closed
Feb 20 18:15:28 ciphermail postfix/smtpd[1270]: 3462140CEC: client=localhost[127.0.0.1], orig_client=localhost[127.0.0.1]
Feb 20 18:15:28 ciphermail postfix/cleanup[1271]: 3462140CEC: message-id=<597517347.2.1519146791208.JavaMail.javamailuser(a)localhost>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3462140CEC: from=<edi_netz(a)sxxxxxxxxx.de>, size=10553, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/local[1272]: 3462140CEC: to=<edifact(a)DOMAIN.ag>, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for edifact(a)DOMAIN.ag)
Feb 20 18:15:28 ciphermail postfix/cleanup[1268]: 3CCA940CF3: message-id=<20180220171528.3CCA940CF3(a)ciphermail.DOMAIN.ag>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3CCA940CF3: from=<>, size=12508, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/bounce[1273]: 3462140CEC: sender non-delivery notification: 3CCA940CF3
Feb 20 18:15:28 ciphermail postfix/smtp[1275]: 3CCA940CF3: to=<edi_netz(a)xxxxxx.de>, relay=smtp.mailbox.org[80.241.60.196]:465, delay=0.33, delays=0/0.01/0.17/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 83ACD11F9)
/etc/postfix/main.cf
djigzo_myhostname = ciphermail.DOMAIN.ag
djigzo_mydestination = DOMAIN.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = DOMAIN.ag
djigzo_before_filter_message_size_limit = 102400000
djigzo_after_filter_message_size_limit = 102400000
djigzo_mailbox_size_limit = 102400000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
myhostname = ${djigzo_myhostname}
mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1, localhost.localdomain, localhost, ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, 91.206.61.238/32, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
#relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relayhost = smtp.mailbox.org:465
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_hostname reject_unknown_sender_domain reject_unknown_recipient_domain
${djigzo_rbl_clients}
${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
compatibility_level=2
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
mydomain = gpg.ag
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_transport = cyrus
content_filter = djigzo:[127.0.0.1]:10025
recipient_delimiter = +
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
inet_interfaces = all
inet_protocols = ipv4
/etc/postfix/master.cf
smtp inet n - y - - smtpd -v
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=
-o smtp_tls_wrappermode=no
-o smtp_tls_security_level=none
# cleanup for reinject so we can set the hopcount_limit differently for the reinjection port
cleanup_reinject unix n - - - 0 cleanup
-o hopcount_limit=100
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o cleanup_service_name=cleanup_reinject
Thanks for any hints & suggestions,
Stefan