Loading ...
Sorry, an error occurred while loading the content.

Can postfix smtp client request DSN from remote server?

Expand Messages
  • Erik Logtenberg
    Hi, If I request a (success) DSN from my Postfix server, my server responds as expected. Usually my mail server has to deliver the mail remotely and I would
    Message 1 of 7 , Apr 23, 2014
    • 0 Attachment
      Hi,

      If I request a (success) DSN from my Postfix server, my server responds
      as expected. Usually my mail server has to deliver the mail remotely and
      I would like Postfix to request a DSN from the remote server as well if
      the user asked for one. Is that possible?

      Kind regards,

      Erik.
    • Wietse Venema
      ... This is not defined in the DSN protocol, therefore not supported officially. You may use the Postfix smtpd_command_filter feature to add DSN options while
      Message 2 of 7 , Apr 23, 2014
      • 0 Attachment
        Erik Logtenberg:
        > If I request a (success) DSN from my Postfix server, my server responds
        > as expected. Usually my mail server has to deliver the mail remotely and
        > I would like Postfix to request a DSN from the remote server as well if
        > the user asked for one. Is that possible?

        This is not defined in the DSN protocol, therefore not supported
        officially.

        You may use the Postfix smtpd_command_filter feature to add DSN
        options while Postfix receives mail via SMTP. With this, Postfix
        pretends that the client always requests DSN=SUCCESS.

        Untested example follows:

        /etc/postfix/main.cf:
        smtpd_command_filter = pcre:/etc/postfix/command_filter

        /etc/postfix/command_filter:
        /^(RCPT\s+TO:<.*>.*\s+NOTIFY=NEVER.*)/ $1
        /^(RCPT\s+TO:<.*>.*)\s+NOTIFY=(.*)/ $1 NOTIFY=SUCCESS,$2
        /^(RCPT\s+TO:.*)/ $1 NOTIFY=SUCCESS

        There is no equivalent for mail received via non-SMTP.

        Wietse
      • Michael Storz
        ... Do you mean, - you are sending to a remote address or - you are sending to a local address which is then forwarded to a remote address? In the first case
        Message 3 of 7 , Apr 23, 2014
        • 0 Attachment
          Am 2014-04-23 13:39, schrieb Erik Logtenberg:
          > Hi,
          >
          > If I request a (success) DSN from my Postfix server, my server
          > responds
          > as expected. Usually my mail server has to deliver the mail remotely
          > and
          > I would like Postfix to request a DSN from the remote server as well
          > if
          > the user asked for one. Is that possible?
          >
          > Kind regards,
          >
          > Erik.

          Do you mean,

          - you are sending to a remote address or
          - you are sending to a "local" address which is then forwarded to a
          remote address?

          In the first case the request for a success DSN ist transmitted to the
          next MTA in case it offers DSN capability. If not, your Postfix
          generates a success DSN with action relayed.

          In the second case it seems that Postfix strictly implements "the
          confidentiality of a forwarding address" without any user/administrator
          choice in opposit to what RFC 3464 says

          MTA authors are encouraged to provide a mechanism which enables the
          end user to preserve the confidentiality of a forwarding address.
          Depending on the degree of confidentiality required, and the nature
          of the environment to which a message were being forwarded, this
          might be accomplished by one or more of:

          ...

          --
          Michael
        • Erik Logtenberg
          Hi, Indeed I was a bit unclear. Okay, so the thing with DSN s is this: if my email client requests a DSN on success when sending a mail, my Postfix server will
          Message 4 of 7 , May 12 7:43 AM
          • 0 Attachment
            Hi,

            Indeed I was a bit unclear.

            Okay, so the thing with DSN's is this: if my email client requests a DSN
            on success when sending a mail, my Postfix server will honour that
            request. Postfix does this in one of two possible ways:

            1. either the remote mail server indicates that it offers DSN
            capability; in this case my mail server will relay the request and leave
            it at that.

            2. or the remote mail server does not indicate such capability; in this
            case my mail server will create the DSN itself.

            The problem with #1 is, that even though some mail servers do indicate
            DSN capability, they don't always actually send a DSN. Or they try to
            but something goes wrong, you name it.

            So in that case my email client never sees a DSN. Even though the
            original email was relayed to a remote mail server just fine and/or even
            correctly arrived at its destination.

            It would be swell if my mail server would notice the absent DSN after a
            while and create one with the original details of the relay. I
            understand that this is a very stateful and rather complex feature, so I
            don't suppose this is easily done.
            However a workaround could be for my mail server to simply always create
            a DSN if a client requests it, regardless of the capabilities of a
            remote mail server.
            The downside of such a workaround is that a client may receive two DSN's
            - in fact they usually will. However for a client who thinks two DSN's
            is better than zero, this would be a nice feature.
            Is this possible?

            Kind regards,

            Erik Logtenberg.


            On 04/23/2014 05:33 PM, Michael Storz wrote:
            > Am 2014-04-23 13:39, schrieb Erik Logtenberg:
            >> Hi,
            >>
            >> If I request a (success) DSN from my Postfix server, my server responds
            >> as expected. Usually my mail server has to deliver the mail remotely and
            >> I would like Postfix to request a DSN from the remote server as well if
            >> the user asked for one. Is that possible?
            >>
            >> Kind regards,
            >>
            >> Erik.
            >
            > Do you mean,
            >
            > - you are sending to a remote address or
            > - you are sending to a "local" address which is then forwarded to a
            > remote address?
            >
            > In the first case the request for a success DSN ist transmitted to the
            > next MTA in case it offers DSN capability. If not, your Postfix
            > generates a success DSN with action relayed.
            >
            > In the second case it seems that Postfix strictly implements "the
            > confidentiality of a forwarding address" without any user/administrator
            > choice in opposit to what RFC 3464 says
            >
            > MTA authors are encouraged to provide a mechanism which enables the
            > end user to preserve the confidentiality of a forwarding address.
            > Depending on the degree of confidentiality required, and the nature
            > of the environment to which a message were being forwarded, this
            > might be accomplished by one or more of:
            >
            > ...
            >
          • Marek Kr√≥likowski
            Hello Guys I got strange problem with my postfix i try do separate domains but use UNIX system accounts. i use postfix doc
            Message 5 of 7 , May 12 8:03 AM
            • 0 Attachment
              Hello Guys
              I got strange problem with my postfix i try do separate domains but use UNIX
              system accounts.
              i use postfix doc (http://www.postfix.org/VIRTUAL_README.html) but don`t
              know why it`s not working ( Debian 7 postfix 2.9.6):

              This is my main.cf:
              biff = no
              append_dot_mydomain = no
              readme_directory = no
              smtpd_tls_CAfile = /etc/postfix/ssl/taken.pem
              smtpd_tls_cert_file = /etc/postfix/ssl/taken.pem
              smtpd_tls_key_file = /etc/postfix/ssl/taken.pem
              smtpd_use_tls=yes
              smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
              smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
              myhostname = taken.pl
              alias_maps = hash:/etc/postfix/aliases
              myorigin = taken.pl
              mydestination = localhost
              virtual_alias_domains = taken.pl, wset.edu.pl
              virtual_alias_maps = hash:/etc/postfix/virtual
              relayhost =
              mynetworks = 127.0.0.0/8
              mailbox_size_limit = 0
              recipient_delimiter = +
              inet_interfaces = all
              smtpd_client_restrictions =
              smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining,
              reject_invalid_helo_hostname, check_helo_access
              hash:/etc/postfix/helo_checks
              smtpd_recipient_restrictions = permit_mynetworks, check_sender_access
              hash:/etc/postfix/sender_checks_my, reject_unauth_destination,
              reject_unauth_pipelining, check_policy_service unix:private/policy
              inet_protocols = ipv4
              home_mailbox = Maildir/
              smtpd_sasl_auth_enable = yes
              broken_sasl_auth_clients = yes
              smtpd_sasl_security_options = noanonymous
              smtp_use_tls = yes
              smtp_tls_note_starttls_offer = yes
              smtpd_tls_auth_only = yes
              smtpd_tls_mandatory_ciphers = high
              smtpd_tls_ciphers = high
              smtpd_tls_protocols = !SSLv2
              smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
              disable_vrfy_command = yes
              message_size_limit = 102400000
              smtpd_banner = $myhostname ESMTP


              This is my /etc/postfix/virtual
              admin@... taken
              admin@... taken

              When i try send email to admin@... i got info:
              May 12 16:56:59 POCZTA postfix/error[6651]: 9CD862009CF:
              to=<taken@...>, orig_to=<admin@...>, relay=none, delay=6.7,
              delays=6.7/0/0/0.05, dsn=5.0.0, status=bounced (User unknown in virtual
              alias table)
              The most funny when i put domains to mydestination too
              mydestination = localhost, taken.pl, wset.edu.pl
              i can send emails but get all the time warning:
              May 12 14:12:55 POCZTA postfix/trivial-rewrite[4303]: warning: do not list
              domain wset.edu.pl in BOTH mydestination and virtual_alias_domains

              Anyone know how to do this without errors/warnings?
              Thanks
            • Viktor Dukhovni
              ... The recommended setting is to disable DSN at the edge of your network, causing remote servers to send any requested DSNs to their own users, and likewise
              Message 6 of 7 , May 12 8:25 AM
              • 0 Attachment
                On Mon, May 12, 2014 at 04:43:22PM +0200, Erik Logtenberg wrote:

                > Okay, so the thing with DSN's is this: if my email client requests a DSN
                > on success when sending a mail, my Postfix server will honour that
                > request. Postfix does this in one of two possible ways:

                The recommended setting is to disable DSN at the edge of your
                network, causing remote servers to send any requested DSNs to their
                own users, and likewise for your servers to return the final DSN
                on successful delivery to a remote server, without delegating DSN
                notification to that server.

                smtpd_discard_ehlo_keywords = silent-discard, DSN
                smtp_discard_ehlo_keywords = silent-discard, DSN

                > However a workaround could be for my mail server to simply always create
                > a DSN if a client requests it, regardless of the capabilities of a
                > remote mail server.

                This is the recommended approach, but there is not a duplicate DSN,
                because in this mode Postfix will not request a DSN from the remote
                server.

                --
                Viktor.
              • /dev/rob0
                Please don t hijack unrelated threads. When you have a new message for the list, post it as a NEW message, not as a reply. Thank you. ... postconf -n is
                Message 7 of 7 , May 12 8:41 AM
                • 0 Attachment
                  Please don't hijack unrelated threads. When you have a new message
                  for the list, post it as a NEW message, not as a reply. Thank you.

                  On Mon, May 12, 2014 at 05:03:31PM +0200, Marek Królikowski wrote:
                  > I got strange problem with my postfix i try do separate domains
                  > but use UNIX system accounts.
                  > i use postfix doc (http://www.postfix.org/VIRTUAL_README.html)
                  > but don`t know why it`s not working ( Debian 7 postfix 2.9.6):
                  >
                  > This is my main.cf:

                  "postconf -n" is preferred.

                  > append_dot_mydomain = no
                  > myorigin = taken.pl
                  > mydestination = localhost
                  > virtual_alias_domains = taken.pl, wset.edu.pl
                  > virtual_alias_maps = hash:/etc/postfix/virtual

                  > This is my /etc/postfix/virtual
                  > admin@... taken
                  > admin@... taken

                  You are thereby rewriting those two addresses to "taken@$myorigin".
                  Note that $myorigin is listed as a virtual alias domain, and that
                  "taken@$myorigin" is not listed in virtual_alias_maps.

                  Always use fully-qualified addresses in virtual_alias_maps.
                  admin@... taken@localhost
                  admin@... taken@localhost
                  See, there you are redirecting to a local(8) user. You know it is
                  because "localhost" is in $mydestination.

                  > When i try send email to admin@... i got info:
                  > May 12 16:56:59 POCZTA postfix/error[6651]: 9CD862009CF:
                  > to=<taken@...>, orig_to=<admin@...>, relay=none, delay=6.7,
                  > delays=6.7/0/0/0.05, dsn=5.0.0, status=bounced (User unknown in virtual
                  > alias table)
                  > The most funny when i put domains to mydestination too
                  > mydestination = localhost, taken.pl, wset.edu.pl
                  > i can send emails but get all the time warning:
                  > May 12 14:12:55 POCZTA postfix/trivial-rewrite[4303]: warning: do not list
                  > domain wset.edu.pl in BOTH mydestination and virtual_alias_domains
                  >
                  > Anyone know how to do this without errors/warnings?
                  --
                  http://rob0.nodns4.us/
                  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
                Your message has been successfully submitted and would be delivered to recipients shortly.