Seperate ciphermail from mailserver

Gateway
1

Hi,

I would like to seperate ciphermail from mailserver via docker, one
container with postfix/dovecot and one container with
ciphermail/ciphermailWebClient.

How do I config postfix and ciphermail?

I changed main.cf to:
content_filter = djigzo:[ip_of_ciphermailContainer]:10025

I think this was the easy part, but how to setup master.cf at this
point:
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=

127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8

And how to tell ciphermail at which ip to find postfix and must
ciphermail setup to accepte connections not coming from localhost?

Thank you.

···

-------------
Best Regards,
Lars

2

Hi,

I would like to seperate ciphermail from mailserver via docker, one
container with postfix/dovecot and one container with
ciphermail/ciphermailWebClient.

How do I config postfix and ciphermail?

I changed main.cf to:
content_filter = djigzo:[ip_of_ciphermailContainer]:10025

I think this was the easy part, but how to setup master.cf at this point:
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=

No need to change the above setting. The IP address to connect to is
configured in the content_filter setting

127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8

Port 10026 is the "reinjection port", i.e., it is used to send email
from the back-end back to postfix. Since in your setup the back-end uses
a different IP, you need to bind to the external IP instead of
localhost. So instead of using 127.0.0.1:10026 use :10026

mynetworks, smtpd_authorized_xforward_hosts and
smtpd_authorized_xclient_hosts should be set to the IP address of the
back-end system.

The 10026 settings should look like: (Warning not tested)

:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=******
-o smtpd_authorized_xforward_hosts=******
-o smtpd_authorized_xclient_hosts=******

Where ****** should be the IP of the back-end system

And how to tell ciphermail at which ip to find postfix and must
ciphermail setup to accepte connections not coming from localhost?

This requires a number of changes to different config files

The back-end should be bound to the external IP instead of 127.0.0.1.
This can be configured by editing the file

/usr/share/djigzo/conf/james/SAR-INF/less smtp_server_config.xml

Remove or uncomment the <bind> 127.0.0.1 </bind> line to make the system
bind to all IP addresses.

To enable the back-end server to accept connections not coming from
localhost, edit the file

/usr/share/djigzo/conf/james/SAR-INF/config.xml

Add the IP of the postfix server to the authorizedAddresses

<authorizedAddresses> 127.0.0.0/8, ****** </authorizedAddresses>

Where ****** is the IP of the postfix server

To tell to back-end to send email after handling back to the postfix
reinjection port 10026 edit the file

/usr/share/djigzo/conf/james/SAR-INF/smtp_transport_config.xml

Change the gateway IP address from 127.0.0.1 t0 the IP of postfix

<gateway> ****** </gateway>

Where ****** is the IP of the postfix server

I have not tested these changes so it might be that I missed something.
Let me know how it goes.

Kind regards,

Martijn Brinkers

···

On 11/09/2015 09:00 PM, Lars wrote:

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail

3

Thank you.

It's working in the test environment.

···

--------------
Best Regards,
Lars

Am 09.11.2015 21:43, schrieb Martijn Brinkers:

On 11/09/2015 09:00 PM, Lars wrote:

Hi,

I would like to seperate ciphermail from mailserver via docker, one
container with postfix/dovecot and one container with
ciphermail/ciphermailWebClient.

How do I config postfix and ciphermail?

I changed main.cf to:
content_filter = djigzo:[ip_of_ciphermailContainer]:10025

I think this was the easy part, but how to setup master.cf at this
point:
djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=

No need to change the above setting. The IP address to connect to is
configured in the content_filter setting

127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8

Port 10026 is the "reinjection port", i.e., it is used to send email
from the back-end back to postfix. Since in your setup the back-end
uses
a different IP, you need to bind to the external IP instead of
localhost. So instead of using 127.0.0.1:10026 use :10026

mynetworks, smtpd_authorized_xforward_hosts and
smtpd_authorized_xclient_hosts should be set to the IP address of the
back-end system.

The 10026 settings should look like: (Warning not tested)

:10026 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,
no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=******
-o smtpd_authorized_xforward_hosts=******
-o smtpd_authorized_xclient_hosts=******

Where ****** should be the IP of the back-end system

And how to tell ciphermail at which ip to find postfix and must
ciphermail setup to accepte connections not coming from localhost?

This requires a number of changes to different config files

The back-end should be bound to the external IP instead of 127.0.0.1.
This can be configured by editing the file

/usr/share/djigzo/conf/james/SAR-INF/less smtp_server_config.xml

Remove or uncomment the <bind> 127.0.0.1 </bind> line to make the
system
bind to all IP addresses.

To enable the back-end server to accept connections not coming from
localhost, edit the file

/usr/share/djigzo/conf/james/SAR-INF/config.xml

Add the IP of the postfix server to the authorizedAddresses

<authorizedAddresses> 127.0.0.0/8, ****** </authorizedAddresses>

Where ****** is the IP of the postfix server

To tell to back-end to send email after handling back to the postfix
reinjection port 10026 edit the file

/usr/share/djigzo/conf/james/SAR-INF/smtp_transport_config.xml

Change the gateway IP address from 127.0.0.1 t0 the IP of postfix

<gateway> ****** </gateway>

Where ****** is the IP of the postfix server

I have not tested these changes so it might be that I missed something.
Let me know how it goes.

Kind regards,

Martijn Brinkers