 Postfix
DSN Support
Introduction
Postfix version 2.3 introduces support for Delivery Status
Notifications as described in RFC 3464. This gives senders control
over successful and failed delivery notifications.
Specifically, DSN support gives an email sender the ability to
specify:
-
What notifications are sent: success, failure, delay, or
none.
-
What content is returned in case of failure: only the
message headers, or the full message.
-
An envelope ID that is returned as part of delivery status
notifications. This identifies the message submission
transaction, and must not be confused with the message ID, which
identifies the message content.
The implementation of DSN support involves extra parameters to
the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters.
This document has information on the following topics:
Just like reports of undeliverable mail, DSN reports of
successful delivery can give away more information about the
internal infrastructure than desirable. Unfortunately, disallowing
"success" notification requests requires disallowing other DSN
requests as well. The RFCs do not offer the option to negotiate
feature subsets.
This is not as bad as it sounds. Remote senders with DSN support
will still be informed that their mail reached your Postfix gateway
successfully; they just will not get successful delivery notices
from your internal systems.
Use the smtpd_discard_ehlo_keyword_address_maps feature if you
wish to allow DSN requests from trusted clients but not from random
strangers (see below for how to turn this off for all clients):
/etc/postfix/main.cf:
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/esmtp_access
/etc/postfix/esmtp_access:
# Allow DSN requests from local subnet only
192.168.0.0/28 silent-discard
0.0.0.0/0 silent-discard, dsn
::/0 silent-discard, dsn
If you want to disallow all use of DSN requests from the network,
use the smtpd_discard_ehlo_keywords feature:
/etc/postfix/main.cf:
smtpd_discard_ehlo_keywords = silent-discard, dsn
Postfix has two Sendmail-compatible command-line options for
DSN support.
-
The first option specifies what notifications are sent
for mail that is submitted via the Postfix sendmail(1) command line:
$ sendmail -N success,delay,failure ... (one or more of these)
$ sendmail -N never ... (or just this by itself)
The built-in default corresponds with "delay,failure".
-
The second option specifies an envelope ID which is reported
in delivery status notifications for mail that is submitted via the
Postfix sendmail(1) command line:
$ sendmail -V envelope-id ...
Note: this conflicts with VERP support in older Postfix versions,
as discussed in the next section.
With Postfix versions before 2.3, the sendmail(1) commands uses
the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V.
The Postfix 2.3 sendmail(1) command will recognize if you try
to use -V for VERP-style delivery. It will do the right thing and
will remind you of the new syntax.
|
