1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix DSN Support </title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
11<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
12
13</head>
14
15<body>
16
17<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
18DSN Support </h1>
19
20<hr>
21
22<h2>Introduction</h2>
23
24<p> Postfix version 2.3 introduces support for Delivery Status
25Notifications as described in RFC 3464. This gives senders control
26over successful and failed delivery notifications.  </p>
27
28<p> Specifically, DSN support gives an email sender the ability to
29specify: </p>
30
31<ul>
32
33<li> <p> What notifications are sent: success, failure, delay, or
34none. Normally, Postfix informs the sender only when mail delivery
35is delayed or when delivery fails.  </p>
36
37<li> <p> What content is returned in case of failure: only the
38message headers, or the full message. </p>
39
40<li> <p> An envelope ID that is returned as part of delivery status
41notifications. This identifies the message <i>submission</i>
42transaction, and must not be confused with the message ID, which
43identifies the message <i>content</i>. </p>
44
45</ul>
46
47<p> The implementation of DSN support involves extra parameters to
48the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
49sendmail command line options that provide a sub-set of the functions
50of the extra SMTP command parameters. </p>
51
52<p> This document has information on the following topics: </p>
53
54<ul>
55
56<li> <a href="#scope">Restricting the scope of "success" notifications</a>
57
58<li> <a href="#cli">Postfix sendmail command-line interface</a>
59
60<li> <a href="#compat">Postfix VERP support compatibility</a>
61
62</ul>
63
64<h2> <a name="scope">Restricting the scope of "success" notifications</a> </h2>
65
66<p> Just like reports of undeliverable mail, DSN reports of
67<i>successful</i> delivery can give away more information about the
68internal infrastructure than desirable.  Unfortunately, disallowing
69"success" notification requests requires disallowing other DSN
70requests as well. The RFCs do not offer the option to negotiate
71feature subsets. </p>
72
73<p> This is not as bad as it sounds. When you turn off DSN for
74remote inbound mail, remote senders with DSN support will still be
75informed that their mail reached your Postfix gateway successfully;
76they just will not get successful delivery notices from your internal
77systems. Remote senders lose very little: they can no longer specify
78how Postfix should report delayed or failed delivery.  </p>
79
80<p> Use the smtpd_discard_ehlo_keyword_address_maps feature if you
81wish to allow DSN requests from trusted clients but not from random
82strangers (see below for how to turn this off for all clients):
83</p>
84
85<blockquote>
86<pre>
87/etc/postfix/main.cf:
88    smtpd_discard_ehlo_keyword_address_maps = 
89        cidr:/etc/postfix/esmtp_access
90
91/etc/postfix/esmtp_access:
92    # Allow DSN requests from local subnet only
93    192.168.0.0/28      silent-discard
94    0.0.0.0/0           silent-discard, dsn
95    ::/0                silent-discard, dsn
96</pre>
97</blockquote>
98
99<p> If you want to disallow all use of DSN requests from the network,
100use the smtpd_discard_ehlo_keywords feature: </p>
101
102<blockquote>
103<pre>
104/etc/postfix/main.cf:
105    smtpd_discard_ehlo_keywords = silent-discard, dsn
106</pre>
107</blockquote>
108
109<h2> <a name="cli">Postfix sendmail command-line interface</a> </h2>
110
111<p> Postfix has two Sendmail-compatible command-line options for
112DSN support. </p>
113
114<ul>
115
116<li> <p>  The first option specifies what notifications are sent
117for mail that is submitted via the Postfix sendmail(1) command line:
118</p>
119
120<blockquote>
121<pre>
122$ <b>sendmail -N success,delay,failure ...</b> (one or more of these)
123$ <b>sendmail -N never ...</b>                 (or just this by itself)
124</pre>
125</blockquote>
126
127<p> The built-in default corresponds with "delay,failure". </p>
128
129<li> <p> The second option specifies an envelope ID which is reported
130in delivery status notifications for mail that is submitted via the
131Postfix sendmail(1) command line: </p>
132
133<blockquote>
134<pre>
135$ <b>sendmail -V <i>envelope-id</i> ...</b>
136</pre>
137</blockquote>
138
139<p> Note: this conflicts with VERP support in older Postfix versions,
140as discussed in the next section. </p>
141
142</ul>
143
144<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
145
146<p> With Postfix versions before 2.3, the sendmail(1) command uses
147the -V command-line option to request VERP-style delivery.  In order
148to request VERP style delivery with Postfix 2.3 and later, you must
149specify -XV instead of -V. </p>
150
151<p> The Postfix 2.3 sendmail(1) command will recognize if you try
152to use -V for VERP-style delivery.  It will do the right thing and
153will remind you of the new syntax. </p>
154
155</body>
156
157</html>
158