Join Log in
Score:2
taumeister avatar Server

fetchmail through Ciphermail Gateway to separate Postfix+Dovecot server

gb flag
taumeister

My constellation is as follows:

fetchmail on cmdgateway receives from the internet and pushes to postfix on mailserver, in turn pushing mail to dovecot also on mailserver

  1. server 1: cmgateway.domain.de, later is cmgateway Ciphermail encryption gateway appliance version with integrated postfix + fetchmail.
  2. server 2: mailserver.domain.de, later is mailserver postfix + dovecot . Postfix is configured to send mails over my smarthost.

What I want to achieve: cmgateway:fetchmail should pass to cmgateway:postfix should pass to mailserver:postfix.

What works: Over my mailserver:postfix I can send mails with a mail Client (thunderbird, outlook) via IMAP over Dovecot wonderfully.

What does not work and i want to archive is: cmgateway:postfix transfers found mails ( from fetchmail ) to my mailserver:postfix ( I can see this in the logs ),

BUT ( and here comes the problem )mailserver:postfix forwards these mails directly back out through my smarthost. It is supposed to deliver the mails locally though.

If I install a fetchmail directly on mailserver and tell it smtpaddress localhost, the fun works and it delivers to my local mailbox. But the mails should come from cmgateway:fetchmail.

I hope I could make my problem understandable. Are configs needed or is this a logical/basic understanding problem?

Thanks for your help in advance. Greetings Thomas

![pictuer-quick-check][1]

cmgateway:Fetchmail

# /etc/fetchmailrc for system-wide daemon mode
# This file must be chmod 0600, owner fetchmail

# log through syslog facility
set syslog

# Direct error mail to the local postmaster
set no bouncemail

# Defaults 
defaults:
timeout 300
antispam -1
batchlimit 100

# !!! DON'T CHANGE ANYTHING BETWEEN START-AUTO-CONFIG AND END-AUTO-CONFIG BECAUSE IT WILL BE OVERWRITTEN !!!   
### START-AUTO-CONFIG ###
set daemon 20
set postmaster "[email protected]"
poll "sslin.df.eu" service 993 proto IMAP no uidl user "[email protected]" password "password" is "[email protected]" folder "INBOX" options ssl no idle keep
### END-AUTO-CONFIG ###

mailserver:Postifx

myhostname                              = mailserver.mydomain.de 
mydomain                                = mydomain.de 
myorigin                                = mydomain.de 
smtpd_banner                            = $myhostname ESMTP $mail_name (Debian/GNU) 
biff                                    = no 
append_dot_mydomain                     = no 
readme_directory                        = no 
compatibility_level                     = 2 
mydestination                           = mailserver.mydomain.de, localhost.localdomain, localhost
relayhost                               = sslout.df.eu:465 
mynetworks                              = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 
home_mailbox                            = Maildir/ 
mailbox_command                         = 

alias_maps                              = hash:/etc/aliases 
alias_database                          = hash:/etc/aliases 
mailbox_size_limit                      = 0 
recipient_delimiter                     = + 
inet_interfaces                         = all 
inet_protocols                          = ipv4 

# TLS parameters 
smtpd_tls_auth_only                     = no 
smtpd_use_tls                           = yes 
smtpd_tls_cert_file                     = /etc/ssl/certs/mailserver.mydomain.de.crt 
smtpd_tls_key_file                      = /etc/ssl/private/mailserver.mydomain.de.key 
smtpd_tls_CAfile                        = /etc/ssl/certs/cacert.pem 
smtpd_tls_loglevel                      = 1 
smtpd_tls_received_header               = yes 
smtpd_tls_session_cache_timeout         = 3600s 
smtpd_tls_session_cache_database        = btree:${data_directory}/smtpd_scache 
smtpd_relay_restrictions                = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 
 
smtpd_sasl_type                         = dovecot 
smtpd_sasl_path                         = private/auth 
smtpd_sasl_auth_enable                  = yes 

smtp_tls_session_cache_database         = btree:${data_directory}/smtp_scache 
smtp_tls_note_starttls_offer            = yes 
smtp_use_tls                            = yes 
smtp_tls_wrappermode                    = yes 
smtp_tls_security_level                 = encrypt 
smtp_sasl_auth_enable                   = yes 
smtp_sasl_security_options              = noanonymous 

smtp_sasl_password_maps                 = hash:/etc/postfix/sasl_password
sender_canonical_maps                   = hash:/etc/postfix/sender_canonical
#smtp_generic_maps          = hash:/etc/postfix/generic

mailserver:dovecot

disable_plaintext_auth  = no 
mail_privileged_group   = mail 
mail_location           = maildir:~/Maildir 
auth_mechanisms         = plain login 
ssl                     = required 
ssl_cert                = </etc/ssl/certs/mailserver.mydomain.de.crt 
ssl_key                 = </etc/ssl/private/mailserver.mydomain.de.key 

userdb { 
        driver = passwd 
} 
passdb  { 
        driver = pam 
} 
protocols               = imap 
 
service auth { 
        unix_listener /var/spool/postfix/private/auth { 
        mode = 0660 
        user=postfix 
        group=postfix 
} 
}

First Part solved

I would like to describe a follow-up problem and am unsure if I should have opened another post for this. The whole story is a connection of a postfix to a ciphermail encryption gateway, where the gateway (cmgateway) is hooked into an existing postfix as a content filter.

Thanks to your help I can now deliver mails locally with my mailserver:postfix and receive them via client using dovecot. What works is: When I send out mails via mailserver:postfix, the mail is actually sent to cmgateway:content-filter before, the mail is signed or encrypted, sent back and postfix sends it over my smarthost. Works great.

What does not work is: Since I RECEIVE mails via fetchmail and give them to my mailserver:postfix, these mails unfortunately don't go through my cmgateway:content-filter, which is totally stupid, since the mails are then not automatically checked and decrypted.

So my question is, what do I have to do that mails that go to my postfix via fetchmail are too processed trough my cmgateway:content-filter?

cmgateway - Ciphermail Gateway Appliance Postfix Settings and extra Djigzo Vars comes from the appliance, that I configured via GUI.

cmgateway:postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
content_filter = djigzo:[127.0.0.1]:10025
djigzo_after_filter_message_size_limit = ${djigzo_calculated_after_filter_message_size_limit}
djigzo_before_filter_message_size_limit = 10240000
djigzo_calculated_after_filter_message_size_limit = 30720000
djigzo_calculated_queue_minfree = 92160000
djigzo_mailbox_size_limit = 512000000
djigzo_mydestination =
djigzo_myhostname = cmgateway.unixuser.de
djigzo_mynetworks = 192.168.1.0/24
djigzo_parent_domain_matches_subdomains =
djigzo_rbl_clients =
djigzo_reject_unverified_recipient =
djigzo_relay_domains =
djigzo_relay_transport_host =
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_relayhost =
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_smtp_helo_name = cmgateway.unixuser.de
djigzo_unverified_recipient_reject_code = 450
enable_long_queue_ids = yes
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_name = CipherMail
mailbox_size_limit = ${djigzo_mailbox_size_limit}
message_size_limit = ${djigzo_after_filter_message_size_limit}
mydestination = ${djigzo_mydestination}
myhostname = ${djigzo_myhostname}
mynetworks = 127.0.0.0/8, [::1]/128, ${djigzo_mynetworks}
notify_classes =
parent_domain_matches_subdomains = ${djigzo_parent_domain_matches_subdomains}
queue_minfree = ${djigzo_calculated_queue_minfree}
recipient_delimiter = +
relay_domains = ${djigzo_relay_domains}
relay_transport = relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}${djigzo_relay_transport_host}${djigzo_relay_transport_host_mx_lookup:]}:${djigzo_relay_transport_host_port}}
relayhost = ${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
smtp_address_preference = ipv4
smtp_helo_name = ${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:${myhostname}}
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_client_passwd
smtp_sasl_security_options =
smtp_sasl_type = cyrus
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = may
smtpd_authorized_xforward_hosts = 127.0.0.1/32
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ${djigzo_rbl_clients} ${djigzo_reject_unverified_recipient? reject_unverified_recipient}
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh2048.pem
smtpd_tls_exclude_ciphers = AESCCM8, aNULL, ARIA, DES, DSS, eNULL, EXPORT, IDEA, MD5, PSK, RC4, SEED
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = $smtpd_tls_protocols
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes
unverified_recipient_reject_code = ${djigzo_unverified_recipient_reject_code}

cmgateway:postconf -M

smtp       inet  n       -       n       -       -       smtpd -o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup     fifo  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       fifo  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o smtp_fallback_relay=
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
djigzo     unix  -       -       n       -       4       smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps=
cleanup_reinject unix n  -       n       -       0       cleanup -o hopcount_limit=100
127.0.0.1:10026 inet n   -       n       -       10      smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_authorized_xclient_hosts=127.0.0.0/8 -o cleanup_service_name=cleanup_reinject
127.0.0.1:10027 inet n   -       n       -       10      smtpd -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level= -o mynetworks=127.0.0.0/8 -o syslog_name=postfix/10027 -o message_size_limit=${djigzo_before_filter_message_size_limit}

mailserver:postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
content_filter = djigzo:[<ip:cmgateway:content-filter>]:10025
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command =
mailbox_size_limit = 0
mydestination = mydomain.de, mailserver.mydomain.de, localhost.localdomain, localhost
mydomain = mydomain.de
myhostname = mailserver.mydomain.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24
myorigin = mydomain.de
readme_directory = no
recipient_delimiter = +
relayhost = sslout.df.eu:465
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.mydomain.de.crt
smtpd_tls_key_file = /etc/ssl/private/mailserver.mydomain.de.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes

mailserver:postconf -M

smtp       inet  n       -       y       -       -       smtpd
pickup     unix  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
djigzo     unix  -       -       n       -       4       smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o smtp_generic_maps= -o smtp_tls_wrappermode=no -o smtp_tls_security_level=none
:10026     inet  n       -       n       -       10      smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8,<ip-cmgateway:content-scanner>/32 -o smtpd_authorized_xforward_hosts=127.0.0.0/8,<ip-cmgateway:content-filter>/32 -o smtpd_authorized_xclient_hosts=127.0.0.0/8,<ip-cmgateway:content-filter>/32

Mailflow from [email protected] to [email protected]

Return-Path: <[email protected]>
X-Original-To: vorname.nachname@localhost
Delivered-To: vorname.nachname@localhost
Received: from cmgateway.mydomain.de (unknown [192.168.1.100])
    by mailserver.mydomain.de (Postfix) with ESMTP id 300A69FE83
    for <vorname.nachname@localhost>; Thu, 30 Sep 2021 15:18:51 +0200 (CEST)
Received: from mailserver.mydomain.de (mailserver.mydomain.de [127.0.0.1])
    by mailserver.mydomain.de (Postfix) with ESMTP id B1F629FE83
    for <vorname.nachname@localhost>; Thu, 30 Sep 2021 15:18:50 +0200 (CEST)
Delivery-date: Thu, 30 Sep 2021 15:18:47 +0200
Received: from sslin.df.eu
    by mailserver.mydomain.de with IMAP (fetchmail-6.4.16)
    for <vorname.nachname@localhost> (single-drop); Thu, 30 Sep 2021 15:18:50 +0200 (CEST)
Received: from [80.67.18.23] (helo=mx14.ispgateway.de)
    by mailcluster2-1.ispgateway.de with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1mVvxX-0002n4-8A; Thu, 30 Sep 2021 15:18:47 +0200
X-Envelope-to: [email protected]
Received: from [209.85.221.53] (helo=mail-wr1-f53.google.com)
    by mx14.ispgateway.de with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1mVvxX-0008N2-1L
    for [email protected]; Thu, 30 Sep 2021 15:18:47 +0200
Received: by mail-wr1-f53.google.com with SMTP id i23so10058684wrb.2
        for <[email protected]>; Thu, 30 Sep 2021 06:18:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:subject:date:message-id:mime-version;
        ...
        ...
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        ...
        ...
X-Gm-Message-State: AOAM532Mi+9hBhIeKRyxZ8mrv7KD20yvxc3VONKwCkqsWH/ogS2KhbUd
    YN1oqMrTf1snf3apkNSFnIF8nwfvud4bZw==
X-Google-Smtp-Source: ABdhPJyqHVpnPTv0v+vEPth75iFBs6gHSDH8GkXrc84pQMoafAT6UZKwGe7ezuW6Mz2MZrbtyx/vTQ==
X-Received: by 2002:a5d:4e8e:: with SMTP id e14mr6075326wru.280.1633007926486;
        Thu, 30 Sep 2021 06:18:46 -0700 (PDT)
Received: from zero.localnet (b2b-37-24-59-146.unitymedia.biz. [37.24.59.146])
        by smtp.gmail.com with ESMTPSA id t16sm5297571wmi.33.2021.09.30.06.18.45
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 Sep 2021 06:18:45 -0700 (PDT)
From: taumeister <[email protected]>
To: [email protected]
Subject: test
Date: Thu, 30 Sep 2021 15:18:44 +0200
Message-ID: <12963307.VfqQIOsWLq@zero>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3105979.8Fo9iPulqY"; micalg="sha256"; protocol="application/pkcs7-signature"
X-Received-SPF: pass ( mx14.ispgateway.de: domain of gmail.com designates 209.85.221.53 as permitted sender )
X-DKIM: DKIM passed: ([email protected] domain=gmail.com), signature is good.
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
    spamfilter06.ispgateway.de
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=9999.0 tests=BAYES_50 autolearn=disabled
    version=3.4.0
X-Spam-CMAETAG: v=2.2 cv=Vb6HBBh9 c=1 sm=1 tr=0
    a=f3DIsCLYdJ36Iz1841r7JQ==:17 a=7QKq2e-ADPsA:10 a=nPLt57aK5UoA:10
    a=nS36O97Bj3wUElCrIrAA:9 a=CjuIK1q_8ugA:10 a=nlHNP32c2GOG8w8F970A:9
    a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10
X-Spam-CMAECATEGORY: 
X-Spam-CMAESUBCATEGORY: 
X-Spam-CMAESCORE: 

 
--nextPart3105979.8Fo9iPulqY
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

test
--nextPart3105979.8Fo9iPulqY
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCDVcw
...
..
iWw4PiXyoxYAdifS9anajXimDWcgUfY/ps+VEgAAAAAAAA==


--nextPart3105979.8Fo9iPulqY--
171
0 + 0
anx avatar
fr flag
anx
Style note: If you edit or ask new questions, please [use these instructions on obfuscation](https://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts). It is usually easier to read if all servers are referred to by exactly one (possibly fully qualified) domain name. Where really necessary, only replace the domain part with standard reserved names (you currently use "server 2", "mailserver.domain.de" and "mailserver.mydomain.de").
0
Reply
taumeister avatar
gb flag
taumeister
You are right. I tried to clean up the text a little bit and replaced Mailserver2 thing with cmgateway, ect.
0
Reply
anx avatar
fr flag
anx
I think you quoted a mail from your diagnostic run, where you run fetchmail on "mailserver", which was not your original plan. Look at the Received: line inserted by fetchmail, and the next line from postfix noting a mail inserted via a loopback - they say "mailserver", not "cmgateway".
0
Reply
taumeister avatar
gb flag
taumeister
you are right. My actual configuration is fetchmail on mailserver, because I had the same problem with fetchmail on cmgateway and I didnt want to change the whole Question to make it overcomplex. I think it is my same logic failuren, no matter I run fetchmail on cmgateway or mailserver.
0
Reply
Score:0
anx avatar Server
fr flag
anx

I don't see anything in your Postfix@Server2 configuration saying that it should deliver those mails locally. You have to tell Postfix that it is the "final destination" for a mail domain.

I recommend you add your domain to mydestination (the non-virtual setup, best suited for local users, which your Dovecot setting driver=pam indicates). That will fix the mail looping back out from the Postfix instance not knowing it is the destination for those.

About processing the mail from fetchmail through your gateway: I think that would happen, or at least produce meaningful diagnostic logs/headers, as soon as you actually try it. The headers you currently show do not seem to be a mail that was inserted to cmgateway by fetchmail, but rather a mail that was pulled by fetchmail running on mailserver.

Unrelated, but will improve some behaviour of your IMAP server: I would also recommend you deliver the mail via Dovecot LMTP (the default steps in the documentation should be fine), that way Dovecot will be the only program changing the mailbox.

0 + 0
taumeister avatar
gb flag
taumeister
Thank you for the information, adding mydomain to mydestination was definitely the solution. Postfix now delivers the mails it gets from the other postfix. On the second part, I don't know yet in detail what you mean exactly, but will have a look at the link you provided. Thanks for now.
0
Reply
taumeister avatar
gb flag
taumeister
anx, would you be so kind to have a look at my additions? thanks a lot for helping in advance.
0
Reply
anx avatar
fr flag
anx
I do not know. Maybe the headers of a mail would help figure out what is going on. That would trace the mail how it was received from the internet, downloaded by fetchmail, passed to postfix on server 1, (not) content_filter-ed by server 1 and then received by server 2. In any case, use `postconf -n` and `postconf -M` to dump configuration as it was parsed by postfix (right now I do not see the effective smtpd options for postfix on server 1).
0
Reply
anx avatar
fr flag
anx
I dont think any of the other details matter for the specific question "Why does my mail, submitted by fetchmail, not traverse through my configured content_filter?", so consider asking a separate question, this time quoting only (but this time fully) configurations relevant for the specific fetchmail & postfix instance you are trying to fix.
0
Reply
taumeister avatar
gb flag
taumeister
Thanks for not giving up here yet. I know it's incredibly hard to think about someone else's work, especially when there's only a few poorly formatted texts. I really appreciate your analysis here.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.