1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix DSN Support </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 11<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 12 13</head> 14 15<body> 16 17<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix 18DSN Support </h1> 19 20<hr> 21 22<h2>Introduction</h2> 23 24<p> Postfix version 2.3 introduces support for Delivery Status 25Notifications as described in RFC 3464. This gives senders control 26over successful and failed delivery notifications. </p> 27 28<p> Specifically, DSN support gives an email sender the ability to 29specify: </p> 30 31<ul> 32 33<li> <p> What notifications are sent: success, failure, delay, or 34none. Normally, Postfix informs the sender only when mail delivery 35is delayed or when delivery fails. </p> 36 37<li> <p> What content is returned in case of failure: only the 38message headers, or the full message. </p> 39 40<li> <p> An envelope ID that is returned as part of delivery status 41notifications. This identifies the message <i>submission</i> 42transaction, and must not be confused with the message ID, which 43identifies the message <i>content</i>. </p> 44 45</ul> 46 47<p> The implementation of DSN support involves extra parameters to 48the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix 49sendmail command line options that provide a sub-set of the functions 50of the extra SMTP command parameters. </p> 51 52<p> This document has information on the following topics: </p> 53 54<ul> 55 56<li> <a href="#scope">Restricting the scope of "success" notifications</a> 57 58<li> <a href="#cli">Postfix sendmail command-line interface</a> 59 60<li> <a href="#compat">Postfix VERP support compatibility</a> 61 62</ul> 63 64<h2> <a name="scope">Restricting the scope of "success" notifications</a> </h2> 65 66<p> Just like reports of undeliverable mail, DSN reports of 67<i>successful</i> delivery can give away more information about the 68internal infrastructure than desirable. Unfortunately, disallowing 69"success" notification requests requires disallowing other DSN 70requests as well. The RFCs do not offer the option to negotiate 71feature subsets. </p> 72 73<p> This is not as bad as it sounds. When you turn off DSN for 74remote inbound mail, remote senders with DSN support will still be 75informed that their mail reached your Postfix gateway successfully; 76they just will not get successful delivery notices from your internal 77systems. Remote senders lose very little: they can no longer specify 78how Postfix should report delayed or failed delivery. </p> 79 80<p> Use the smtpd_discard_ehlo_keyword_address_maps feature if you 81wish to allow DSN requests from trusted clients but not from random 82strangers (see below for how to turn this off for all clients): 83</p> 84 85<blockquote> 86<pre> 87/etc/postfix/main.cf: 88 smtpd_discard_ehlo_keyword_address_maps = 89 cidr:/etc/postfix/esmtp_access 90 91/etc/postfix/esmtp_access: 92 # Allow DSN requests from local subnet only 93 192.168.0.0/28 silent-discard 94 0.0.0.0/0 silent-discard, dsn 95 ::/0 silent-discard, dsn 96</pre> 97</blockquote> 98 99<p> If you want to disallow all use of DSN requests from the network, 100use the smtpd_discard_ehlo_keywords feature: </p> 101 102<blockquote> 103<pre> 104/etc/postfix/main.cf: 105 smtpd_discard_ehlo_keywords = silent-discard, dsn 106</pre> 107</blockquote> 108 109<h2> <a name="cli">Postfix sendmail command-line interface</a> </h2> 110 111<p> Postfix has two Sendmail-compatible command-line options for 112DSN support. </p> 113 114<ul> 115 116<li> <p> The first option specifies what notifications are sent 117for mail that is submitted via the Postfix sendmail(1) command line: 118</p> 119 120<blockquote> 121<pre> 122$ <b>sendmail -N success,delay,failure ...</b> (one or more of these) 123$ <b>sendmail -N never ...</b> (or just this by itself) 124</pre> 125</blockquote> 126 127<p> The built-in default corresponds with "delay,failure". </p> 128 129<li> <p> The second option specifies an envelope ID which is reported 130in delivery status notifications for mail that is submitted via the 131Postfix sendmail(1) command line: </p> 132 133<blockquote> 134<pre> 135$ <b>sendmail -V <i>envelope-id</i> ...</b> 136</pre> 137</blockquote> 138 139<p> Note: this conflicts with VERP support in older Postfix versions, 140as discussed in the next section. </p> 141 142</ul> 143 144<h2> <a name="compat">Postfix VERP support compatibility</a> </h2> 145 146<p> With Postfix versions before 2.3, the sendmail(1) command uses 147the -V command-line option to request VERP-style delivery. In order 148to request VERP style delivery with Postfix 2.3 and later, you must 149specify -XV instead of -V. </p> 150 151<p> The Postfix 2.3 sendmail(1) command will recognize if you try 152to use -V for VERP-style delivery. It will do the right thing and 153will remind you of the new syntax. </p> 154 155</body> 156 157</html> 158