diff options
Diffstat (limited to 'proto/DSN_README.html')
-rw-r--r-- | proto/DSN_README.html | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/proto/DSN_README.html b/proto/DSN_README.html new file mode 100644 index 0000000..4ff152e --- /dev/null +++ b/proto/DSN_README.html @@ -0,0 +1,157 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + +<head> + +<title>Postfix DSN Support </title> + +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel='stylesheet' type='text/css' href='postfix-doc.css'> + +</head> + +<body> + +<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix +DSN Support </h1> + +<hr> + +<h2>Introduction</h2> + +<p> Postfix version 2.3 introduces support for Delivery Status +Notifications as described in RFC 3464. This gives senders control +over successful and failed delivery notifications. </p> + +<p> Specifically, DSN support gives an email sender the ability to +specify: </p> + +<ul> + +<li> <p> What notifications are sent: success, failure, delay, or +none. Normally, Postfix informs the sender only when mail delivery +is delayed or when delivery fails. </p> + +<li> <p> What content is returned in case of failure: only the +message headers, or the full message. </p> + +<li> <p> An envelope ID that is returned as part of delivery status +notifications. This identifies the message <i>submission</i> +transaction, and must not be confused with the message ID, which +identifies the message <i>content</i>. </p> + +</ul> + +<p> The implementation of DSN support involves extra parameters to +the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix +sendmail command line options that provide a sub-set of the functions +of the extra SMTP command parameters. </p> + +<p> This document has information on the following topics: </p> + +<ul> + +<li> <a href="#scope">Restricting the scope of "success" notifications</a> + +<li> <a href="#cli">Postfix sendmail command-line interface</a> + +<li> <a href="#compat">Postfix VERP support compatibility</a> + +</ul> + +<h2> <a name="scope">Restricting the scope of "success" notifications</a> </h2> + +<p> Just like reports of undeliverable mail, DSN reports of +<i>successful</i> delivery can give away more information about the +internal infrastructure than desirable. Unfortunately, disallowing +"success" notification requests requires disallowing other DSN +requests as well. The RFCs do not offer the option to negotiate +feature subsets. </p> + +<p> This is not as bad as it sounds. When you turn off DSN for +remote inbound mail, remote senders with DSN support will still be +informed that their mail reached your Postfix gateway successfully; +they just will not get successful delivery notices from your internal +systems. Remote senders lose very little: they can no longer specify +how Postfix should report delayed or failed delivery. </p> + +<p> Use the smtpd_discard_ehlo_keyword_address_maps feature if you +wish to allow DSN requests from trusted clients but not from random +strangers (see below for how to turn this off for all clients): +</p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + smtpd_discard_ehlo_keyword_address_maps = + cidr:/etc/postfix/esmtp_access + +/etc/postfix/esmtp_access: + # Allow DSN requests from local subnet only + 192.168.0.0/28 silent-discard + 0.0.0.0/0 silent-discard, dsn + ::/0 silent-discard, dsn +</pre> +</blockquote> + +<p> If you want to disallow all use of DSN requests from the network, +use the smtpd_discard_ehlo_keywords feature: </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + smtpd_discard_ehlo_keywords = silent-discard, dsn +</pre> +</blockquote> + +<h2> <a name="cli">Postfix sendmail command-line interface</a> </h2> + +<p> Postfix has two Sendmail-compatible command-line options for +DSN support. </p> + +<ul> + +<li> <p> The first option specifies what notifications are sent +for mail that is submitted via the Postfix sendmail(1) command line: +</p> + +<blockquote> +<pre> +$ <b>sendmail -N success,delay,failure ...</b> (one or more of these) +$ <b>sendmail -N never ...</b> (or just this by itself) +</pre> +</blockquote> + +<p> The built-in default corresponds with "delay,failure". </p> + +<li> <p> The second option specifies an envelope ID which is reported +in delivery status notifications for mail that is submitted via the +Postfix sendmail(1) command line: </p> + +<blockquote> +<pre> +$ <b>sendmail -V <i>envelope-id</i> ...</b> +</pre> +</blockquote> + +<p> Note: this conflicts with VERP support in older Postfix versions, +as discussed in the next section. </p> + +</ul> + +<h2> <a name="compat">Postfix VERP support compatibility</a> </h2> + +<p> With Postfix versions before 2.3, the sendmail(1) command uses +the -V command-line option to request VERP-style delivery. In order +to request VERP style delivery with Postfix 2.3 and later, you must +specify -XV instead of -V. </p> + +<p> The Postfix 2.3 sendmail(1) command will recognize if you try +to use -V for VERP-style delivery. It will do the right thing and +will remind you of the new syntax. </p> + +</body> + +</html> |