Hence I would only get bounce mails instead of the actual mails. Since this is no good, I set up fetchmail and msmtp on my root server to do the forwarding for me. First, fetchmail will get all mail on GMX via POP3 and pass it on to msmtp, which will in turn pass it on to the iCloud mx server.
At first I tried to deliver it via authenticated SMTP, but iCloud refuses mails sent this way, if the header from field does not contain any of your own iCloud aliases. This will most of the time be a problem, since we are trying to forward emails that were sent to you, not sent from you.
So first let's see the ~/.fetchmailrc (make sure to chmod 0600 it):
poll pop.gmx.net with proto POP3 user "firstname.lastname@example.org" there with password "secretpassword" mda "/usr/bin/msmtp -- email@example.com" options no keep ssl sslcertck sslcertpath /etc/ssl/certs set daemon 300
This will poll GMX every 300 seconds and pass the received mails to msmtp for delivery to firstname.lastname@example.org.
The corresponding ~/.msmtprc looks like this:
account default host mx6.mail.icloud.com port 25 auto_from off from "user@localdomain" tls on tls_starttls on tls_trust_file /etc/ssl/certs/ca-certificates.crt logfile ~/.msmtp.log domain mx.of.localdomain
You can find out the valid mx entries for iCloud by running nslookup -type=mx icloud.com.
The settings above are assuming Debian stable. Other distributions or operating systems may have the SSL certs at different places in the file system.