1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix DSN Support </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 17DSN Support </h1> 18 19<hr> 20 21<h2>Introduction</h2> 22 23<p> Postfix version 2.3 introduces support for Delivery Status 24Notifications as described in RFC 3464. This gives senders control 25over successful and failed delivery notifications. </p> 26 27<p> Specifically, DSN support gives an email sender the ability to 28specify: </p> 29 30<ul> 31 32<li> <p> What notifications are sent: success, failure, delay, or 33none. Normally, Postfix informs the sender only when mail delivery 34is delayed or when delivery fails. </p> 35 36<li> <p> What content is returned in case of failure: only the 37message headers, or the full message. </p> 38 39<li> <p> An envelope ID that is returned as part of delivery status 40notifications. This identifies the message <i>submission</i> 41transaction, and must not be confused with the message ID, which 42identifies the message <i>content</i>. </p> 43 44</ul> 45 46<p> The implementation of DSN support involves extra parameters to 47the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix 48sendmail command line options that provide a sub-set of the functions 49of the extra SMTP command parameters. </p> 50 51<p> This document has information on the following topics: </p> 52 53<ul> 54 55<li> <a href="#scope">Restricting the scope of "success" notifications</a> 56 57<li> <a href="#cli">Postfix sendmail command-line interface</a> 58 59<li> <a href="#compat">Postfix VERP support compatibility</a> 60 61</ul> 62 63<h2> <a name="scope">Restricting the scope of "success" notifications</a> </h2> 64 65<p> Just like reports of undeliverable mail, DSN reports of 66<i>successful</i> delivery can give away more information about the 67internal infrastructure than desirable. Unfortunately, disallowing 68"success" notification requests requires disallowing other DSN 69requests as well. The RFCs do not offer the option to negotiate 70feature subsets. </p> 71 72<p> This is not as bad as it sounds. When you turn off DSN for 73remote inbound mail, remote senders with DSN support will still be 74informed that their mail reached your Postfix gateway successfully; 75they just will not get successful delivery notices from your internal 76systems. Remote senders lose very little: they can no longer specify 77how Postfix should report delayed or failed delivery. </p> 78 79<p> Use the smtpd_discard_ehlo_keyword_address_maps feature if you 80wish to allow DSN requests from trusted clients but not from random 81strangers (see below for how to turn this off for all clients): 82</p> 83 84<blockquote> 85<pre> 86/etc/postfix/main.cf: 87 smtpd_discard_ehlo_keyword_address_maps = 88 cidr:/etc/postfix/esmtp_access 89 90/etc/postfix/esmtp_access: 91 # Allow DSN requests from local subnet only 92 192.168.0.0/28 silent-discard 93 0.0.0.0/0 silent-discard, dsn 94 ::/0 silent-discard, dsn 95</pre> 96</blockquote> 97 98<p> If you want to disallow all use of DSN requests from the network, 99use the smtpd_discard_ehlo_keywords feature: </p> 100 101<blockquote> 102<pre> 103/etc/postfix/main.cf: 104 smtpd_discard_ehlo_keywords = silent-discard, dsn 105</pre> 106</blockquote> 107 108<h2> <a name="cli">Postfix sendmail command-line interface</a> </h2> 109 110<p> Postfix has two Sendmail-compatible command-line options for 111DSN support. </p> 112 113<ul> 114 115<li> <p> The first option specifies what notifications are sent 116for mail that is submitted via the Postfix sendmail(1) command line: 117</p> 118 119<blockquote> 120<pre> 121$ <b>sendmail -N success,delay,failure ...</b> (one or more of these) 122$ <b>sendmail -N never ...</b> (or just this by itself) 123</pre> 124</blockquote> 125 126<p> The built-in default corresponds with "delay,failure". </p> 127 128<li> <p> The second option specifies an envelope ID which is reported 129in delivery status notifications for mail that is submitted via the 130Postfix sendmail(1) command line: </p> 131 132<blockquote> 133<pre> 134$ <b>sendmail -V <i>envelope-id</i> ...</b> 135</pre> 136</blockquote> 137 138<p> Note: this conflicts with VERP support in older Postfix versions, 139as discussed in the next section. </p> 140 141</ul> 142 143<h2> <a name="compat">Postfix VERP support compatibility</a> </h2> 144 145<p> With Postfix versions before 2.3, the sendmail(1) command uses 146the -V command-line option to request VERP-style delivery. In order 147to request VERP style delivery with Postfix 2.3 and later, you must 148specify -XV instead of -V. </p> 149 150<p> The Postfix 2.3 sendmail(1) command will recognize if you try 151to use -V for VERP-style delivery. It will do the right thing and 152will remind you of the new syntax. </p> 153 154</body> 155 156</html> 157