You forgot to add a couple of important Postfix settings on the Mailcow server:
In main.cf:
content_filter = smtp:[172.30.30.231]:25
This tells Postfix on the Mailcow server to forward all incoming email to CipherMail on 172.30.30.231.
The CipherMail appliance should allow relaying from the Mailcow IP address (i.e., add 172.30.30.230 to My networks)
The CipherMail gateway will receive every email from Mailcow and do it’s thing (encrypt, decrypt etc.). After handling, the email should be sent back to Mailcow for further delivery.
If the CipherMail gateway would send the email back to Mailcow on port 25 the email will be sent back again to the CipherMail gateway, resulting in a mail loop.
You therefore need to add a ‘reinjection’ port configuration to the Postfix configuration of Mailcow which disables sending the email to CipherMail.
Add the following reinjection port on the Mailcow server (master.cf)
# injection port for mail handled by the back-end
:10026 inet n - - - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=172.30.30.231/32
After changing master.cf, you need to restart Postfix.
There should now be an extra SMTP daemon listening on port 10026.
You should now configure the CipherMail appliance to send all email to Mailcow on port 10026, i.e., set Internal relay host and External relay host to 172.30.30.230.
Note: I have not tested the above setup but in principle this should work. The Postfix config files provided by the CipherMail appliance contain some additional settings which are strictly not required.