mail forwarding loop

Good evening,

after running a couple of days, the ciphermail system at a customers site complains about a mail forwarding loop. The customers says that they didn't change anything, which seems to be true according to the timestamp of the configuration files.

Even by running the smtpd daemon in verbose mode, I cannot figure ouut, what causes the problem. It seems to occur, when the email is reinjected by ciphermail (Version 3.3.1-0):

Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 2.1.5 Ok
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: DATA
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 354 End data with <CR><LF>.<CR><LF>
Feb 20 18:15:27 ciphermail postfix/cleanup[1268]: B3E8440CE9: message-id=<597517347.2.1519146791208.JavaMail.javamailuser(a)localhost>
Feb 20 18:15:27 ciphermail postfix/qmgr[1231]: B3E8440CE9: from=<edi_netz(a)xxxxxxxxxxx.de>, size=12829, nrcpt=1 (queue active)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: status
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: 0
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: reason
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute value: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: public/cleanup socket: wanted attribute: (list terminator)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: input attribute name: (end)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 250 2.0.0 Ok: queued as B3E8440CE9
Feb 20 18:15:27 ciphermail postfix/smtp[1269]: B3E8440CE9: to=<edifact(a)DOMAIN.ag>, relay=127.0.0.1[127.0.0.1]:10025, delay=0.18, delays=0.07/0.01/0.05/0.05, dsn=2.6.0, status=sent (250 2.6.0 Message received)
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: < localhost[127.0.0.1]: QUIT
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: > localhost[127.0.0.1]: 221 2.0.0 Bye
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: match_hostaddr: smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: master_notify: status 1
Feb 20 18:15:27 ciphermail postfix/smtpd[1265]: connection closed
Feb 20 18:15:28 ciphermail postfix/smtpd[1270]: 3462140CEC: client=localhost[127.0.0.1], orig_client=localhost[127.0.0.1]
Feb 20 18:15:28 ciphermail postfix/cleanup[1271]: 3462140CEC: message-id=<597517347.2.1519146791208.JavaMail.javamailuser(a)localhost>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3462140CEC: from=<edi_netz(a)sxxxxxxxxx.de>, size=10553, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/local[1272]: 3462140CEC: to=<edifact(a)DOMAIN.ag>, relay=local, delay=0.04, delays=0.03/0.01/0/0.01, dsn=5.4.6, status=bounced (mail forwarding loop for edifact(a)DOMAIN.ag)
Feb 20 18:15:28 ciphermail postfix/cleanup[1268]: 3CCA940CF3: message-id=<20180220171528.3CCA940CF3(a)ciphermail.DOMAIN.ag>
Feb 20 18:15:28 ciphermail postfix/qmgr[1231]: 3CCA940CF3: from=<>, size=12508, nrcpt=1 (queue active)
Feb 20 18:15:28 ciphermail postfix/bounce[1273]: 3462140CEC: sender non-delivery notification: 3CCA940CF3
Feb 20 18:15:28 ciphermail postfix/smtp[1275]: 3CCA940CF3: to=<edi_netz(a)xxxxxx.de>, relay=smtp.mailbox.org[80.241.60.196]:465, delay=0.33, delays=0/0.01/0.17/0.14, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 83ACD11F9)

/etc/postfix/main.cf
djigzo_myhostname = ciphermail.DOMAIN.ag
djigzo_mydestination = DOMAIN.ag
djigzo_mynetworks = 127.0.0.1/32
djigzo_relayhost = smtp.mailbox.org
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_relay_domains = DOMAIN.ag
djigzo_before_filter_message_size_limit = 102400000
djigzo_after_filter_message_size_limit = 102400000
djigzo_mailbox_size_limit = 102400000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 127.0.0.1
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
myhostname = ${djigzo_myhostname}
mydestination = ciphermail, $myhostname, ubuntu-2gb-nbg1-dc3-1, localhost.localdomain, localhost, ${djigzo_mydestination}
mynetworks = 127.0.0.0/8, 91.206.61.238/32, ${djigzo_mynetworks}
relay_domains = ${djigzo_relay_domains}
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
#relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relayhost = smtp.mailbox.org:465
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_hostname reject_unknown_sender_domain reject_unknown_recipient_domain
    ${djigzo_rbl_clients}
    ${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_discard_ehlo_keywords = silent-discard VRFY ETRN DSN
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}
compatibility_level=2
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
mydomain = gpg.ag
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mailbox_transport = cyrus
content_filter = djigzo:[127.0.0.1]:10025
recipient_delimiter = +
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
inet_interfaces = all
inet_protocols = ipv4

/etc/postfix/master.cf
smtp inet n - y - - smtpd -v
smtps inet n - - - - smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
cyrus unix - n n - - pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
djigzo unix - - n - 4 smtp
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
            -o smtp_generic_maps=
            -o smtp_tls_wrappermode=no
            -o smtp_tls_security_level=none

# cleanup for reinject so we can set the hopcount_limit differently for the reinjection port
cleanup_reinject unix n - - - 0 cleanup
            -o hopcount_limit=100

127.0.0.1:10026 inet n - n - 10 smtpd
            -o content_filter=
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
            -o smtpd_helo_restrictions=
            -o smtpd_client_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o smtpd_authorized_xforward_hosts=127.0.0.0/8
            -o smtpd_authorized_xclient_hosts=127.0.0.0/8
            -o cleanup_service_name=cleanup_reinject

Thanks for any hints & suggestions,

Stefan

after running a couple of days, the ciphermail system at a customers
site complains about a mail forwarding loop. The customers says that
they didn't change anything, which seems to be true according to the
timestamp of the configuration files.

Even by running the smtpd daemon in verbose mode, I cannot figure
ouut, what causes the problem. It seems to occur, when the email is
reinjected by ciphermail (Version 3.3.1-0):

Hard to tell from the logs. It looks like this system is configured to
accept local email, i.e., user mailboxes are stored in the system. The
email is delivered to the mailboxes using the local daemon process.

according to Postfix manual - local(8) the local delivery
daemon has a loop detection mechanism using a Delivered-To header.
Perhaps the message already contains a Delivered-To header?

"In order to stop mail forwarding loops early, the software adds an
optional Delivered-To: header with the final envelope recipient
address. If mail arrives for a recipient that is already listed in a
Delivered-To: header, the message is bounced."

Is the email forwarded from some mailbox (for example with Fetchmail?)

Kind regards,

Martijn Brinkers