mail forwarding loop

> Von:Martijn Brinkers via Users <users(a)>
> Gesendet: Mittwoch 21 Februar 2018 09:07
> An: users(a)
> Betreff: Re: mail forwarding loop
> > after running a couple of days, the ciphermail system at a customers
> > site complains about a mail forwarding loop. The customers says that
> > they didn't change anything, which seems to be true according to the
> > timestamp of the configuration files.
> >
> > Even by running the smtpd daemon in verbose mode, I cannot figure
> > ouut, what causes the problem. It seems to occur, when the email is
> > reinjected by ciphermail (Version 3.3.1-0):
> Hard to tell from the logs. It looks like this system is configured to
> accept local email, i.e., user mailboxes are stored in the system. The
> email is delivered to the mailboxes using the local daemon process.
> according to the local delivery
> daemon has a loop detection mechanism using a Delivered-To header.
> Perhaps the message already contains a Delivered-To header?
> "In order to stop mail forwarding loops early, the software adds an
> optional Delivered-To: header with the final envelope recipient
> address. If mail arrives for a recipient that is already listed in a
> Delivered-To: header, the message is bounced."
> Is the email forwarded from some mailbox (for example with Fetchmail?)
yes, we use fetchmail to get the email via pop3 from Since
this has been working for a couple of days, I have the suspicion that changed something.

You should check whether the email stored at already has the
Delivered-To header.

I already used virtual_maps to map edifact(a) to
edifact(a)localhost, but this mapping obviuosly occur before the email is
forwarded to Ciphermail. It doesn't get decrypted because the email
address doesn't match.

CipherMail by default does not use the recipient address to find the
decryption key. It tries to find the correct decryption key based on the
public certificate used for encryption (with strict mode enabled, which
is disabled by default, not all keys will be acceptable for a
recipient). Could it be that the domain localhost is not an internal
domain (and therefore email to localhost is not decrypted)?

Kind regards,

Martijn Brinkers


On 21-02-18 12:24, Stefan Günther wrote:

-----Ursprüngliche Nachricht-----
> On 20-02-18 18:41, Stefan Günther via Users wrote:

CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.