From b5896ba9f6047e7031e2bdee0622d543e11a6734 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 03:46:30 +0200 Subject: Adding upstream version 3.4.23. Signed-off-by: Daniel Baumann --- proto/DSN_README.html | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 proto/DSN_README.html (limited to 'proto/DSN_README.html') diff --git a/proto/DSN_README.html b/proto/DSN_README.html new file mode 100644 index 0000000..456862b --- /dev/null +++ b/proto/DSN_README.html @@ -0,0 +1,156 @@ + + + + + + +Postfix DSN Support + + + + + + + +

Postfix +DSN Support

+ +
+ +

Introduction

+ +

Postfix version 2.3 introduces support for Delivery Status +Notifications as described in RFC 3464. This gives senders control +over successful and failed delivery notifications.

+ +

Specifically, DSN support gives an email sender the ability to +specify:

+ + + +

The implementation of DSN support involves extra parameters to +the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix +sendmail command line options that provide a sub-set of the functions +of the extra SMTP command parameters.

+ +

This document has information on the following topics:

+ + + +

Restricting the scope of "success" notifications

+ +

Just like reports of undeliverable mail, DSN reports of +successful delivery can give away more information about the +internal infrastructure than desirable. Unfortunately, disallowing +"success" notification requests requires disallowing other DSN +requests as well. The RFCs do not offer the option to negotiate +feature subsets.

+ +

This is not as bad as it sounds. When you turn off DSN for +remote inbound mail, remote senders with DSN support will still be +informed that their mail reached your Postfix gateway successfully; +they just will not get successful delivery notices from your internal +systems. Remote senders lose very little: they can no longer specify +how Postfix should report delayed or failed delivery.

+ +

Use the smtpd_discard_ehlo_keyword_address_maps feature if you +wish to allow DSN requests from trusted clients but not from random +strangers (see below for how to turn this off for all clients): +

+ +
+
+/etc/postfix/main.cf:
+    smtpd_discard_ehlo_keyword_address_maps = 
+        cidr:/etc/postfix/esmtp_access
+
+/etc/postfix/esmtp_access:
+    # Allow DSN requests from local subnet only
+    192.168.0.0/28      silent-discard
+    0.0.0.0/0           silent-discard, dsn
+    ::/0                silent-discard, dsn
+
+
+ +

If you want to disallow all use of DSN requests from the network, +use the smtpd_discard_ehlo_keywords feature:

+ +
+
+/etc/postfix/main.cf:
+    smtpd_discard_ehlo_keywords = silent-discard, dsn
+
+
+ +

Postfix sendmail command-line interface

+ +

Postfix has two Sendmail-compatible command-line options for +DSN support.

+ + + +

Postfix VERP support compatibility

+ +

With Postfix versions before 2.3, the sendmail(1) command uses +the -V command-line option to request VERP-style delivery. In order +to request VERP style delivery with Postfix 2.3 and later, you must +specify -XV instead of -V.

+ +

The Postfix 2.3 sendmail(1) command will recognize if you try +to use -V for VERP-style delivery. It will do the right thing and +will remind you of the new syntax.

+ + + + -- cgit v1.2.3