Mail routing, when external & internal relay host are the same

What about Option 3: TCP/IP communication between postfix on UCS and Ciphermail in the virtual machine?

Instead of using

content_filter=djigzo:[127.0.0.1]:10025

I defined

content_filter=djigzo:[192.168.0.229]:10025

In master.cf I defined the djigzo transport and told postfix to listen on 192.168.0.9:10025 instead of 127.0.0.1:10025, configured Ciphermail to listen on 192.168.0.229:10025 and forward emails to 192.168.0.9:10025.
Finally I deactivated all firewall rules for testing.

Then I send an email from the command line of the UCS:

Mar 29 13:50:14 ucs postfix/qmgr[26618]: A40FF481158: from=<root(a)ucs.ciphermail.intranet>, size=327, nrcpt=1 (queue active)
Mar 29 13:50:14 ucs postfix/smtp[26689]: A40FF481158: to=<m.mustermann(a)in-put.solutions>, relay=192.168.0.229[192.168.0.229]:10025, delay=0.28, delays=0.11/0.04/0.06/0.06, dsn=5.7.1, status=bounced (host 192.168.0.229[192.168.0.229] said: 550 5.7.1 Requested action not taken: relaying denied (in reply to RCPT TO command))

As we can see, the email is forwarded to Ciphermail and according to netstat, a java process is listening on 192.168.0.229:10025. But this connection attempt is not recorded in /var/log/djigzo.log.

Is the some line in the configuration of Ciphermail that limits connections only to ip 127.0.0.1?

I guess this setup, with a separation of postfix and Ciphermail on two different hosts would solve my problem.

Thanks for any hints/suggestions,

Stefan

···

On 22-03-18 18:23, Stefan Günther via Users wrote:
> we just installed Ciphermail as virtual machine on a Univention Corporate Server (UCS).
>
> The idea is that UCS grabs emails via fetchmail, sends them to the Ciphermail VM and finally stores them in the local Kopano installation.
>
> In the configuration of postfix(a)UCS I have defined the following transport map:
>
> in-put.cm smtp:[192.168.0.229]
>
> in-put.cm is defined as a relay domain in Ciphermail.
>
> The problem now is, that the email loops between UCS and Ciphermail: Everytime Ciphermail returns the email to postfix(a)UCS the email is forwarded to Ciphermail due to the transport map.
>
> I have no idea, whether we could change anything in the Ciphermail configuration, so that postfix(a)UCS recognizes that the email already has been forwarded once or do we have to change the configuration of postfix(a)UCS?
>
> Thanks for any hint or suggestion,

I do not completely understand your setup but I might have some suggestions.

Option 1. rewrite the recipients domain to some internal name after the
message has been handled by CipherMail.

For example rewrite from input.cm to input.cm.handled. The postfix(a)UCS
should be configured to also handle the domain input.cm.handled and not
only forward email to CipherMail if the recipient domain is input.cm
(and not input.cm.internal)

Option 2. Add an additional smtpd handler (on a different port) to
master.cf of postfix(a)UCS and set transport_maps for that port to an
empty value (note I have not tested whether you can override
transport_maps for an smtpd service). Then tell CipherMail to deliver to
that special port.