Can postfix smtp client request DSN from remote server?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Can postfix smtp client request DSN from remote server?

Erik Logtenberg
Hi,

If I request a (success) DSN from my Postfix server, my server responds
as expected. Usually my mail server has to deliver the mail remotely and
I would like Postfix to request a DSN from the remote server as well if
the user asked for one. Is that possible?

Kind regards,

Erik.

Reply | Threaded
Open this post in threaded view
|

Re: Can postfix smtp client request DSN from remote server?

Wietse Venema
Erik Logtenberg:
> If I request a (success) DSN from my Postfix server, my server responds
> as expected. Usually my mail server has to deliver the mail remotely and
> I would like Postfix to request a DSN from the remote server as well if
> the user asked for one. Is that possible?

This is not defined in the DSN protocol, therefore not supported
officially.

You may use the Postfix smtpd_command_filter feature to add DSN
options while Postfix receives mail via SMTP. With this, Postfix
pretends that the client always requests DSN=SUCCESS.

Untested example follows:

   /etc/postfix/main.cf:
       smtpd_command_filter = pcre:/etc/postfix/command_filter

   /etc/postfix/command_filter:
       /^(RCPT\s+TO:<.*>.*\s+NOTIFY=NEVER.*)/ $1
       /^(RCPT\s+TO:<.*>.*)\s+NOTIFY=(.*)/ $1 NOTIFY=SUCCESS,$2
       /^(RCPT\s+TO:.*)/                   $1 NOTIFY=SUCCESS

There is no equivalent for mail received via non-SMTP.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Can postfix smtp client request DSN from remote server?

Michael Storz
In reply to this post by Erik Logtenberg
Am 2014-04-23 13:39, schrieb Erik Logtenberg:

> Hi,
>
> If I request a (success) DSN from my Postfix server, my server
> responds
> as expected. Usually my mail server has to deliver the mail remotely
> and
> I would like Postfix to request a DSN from the remote server as well
> if
> the user asked for one. Is that possible?
>
> Kind regards,
>
> Erik.

Do you mean,

- you are sending to a remote address or
- you are sending to a "local" address which is then forwarded to a
remote address?

In the first case the request for a success DSN ist transmitted to the
next MTA in case it offers DSN capability. If not, your Postfix
generates a success DSN with action relayed.

In the second case it seems that Postfix strictly implements "the
confidentiality of a forwarding address" without any user/administrator
choice in opposit to what RFC 3464 says

    MTA authors are encouraged to provide a mechanism which enables the
    end user to preserve the confidentiality of a forwarding address.
    Depending on the degree of confidentiality required, and the nature
    of the environment to which a message were being forwarded, this
    might be accomplished by one or more of:

    ...

--
Michael

Reply | Threaded
Open this post in threaded view
|

Re: Can postfix smtp client request DSN from remote server?

Erik Logtenberg
Hi,

Indeed I was a bit unclear.

Okay, so the thing with DSN's is this: if my email client requests a DSN
on success when sending a mail, my Postfix server will honour that
request. Postfix does this in one of two possible ways:

1. either the remote mail server indicates that it offers DSN
capability; in this case my mail server will relay the request and leave
it at that.

2. or the remote mail server does not indicate such capability; in this
case my mail server will create the DSN itself.

The problem with #1 is, that even though some mail servers do indicate
DSN capability, they don't always actually send a DSN. Or they try to
but something goes wrong, you name it.

So in that case my email client never sees a DSN. Even though the
original email was relayed to a remote mail server just fine and/or even
correctly arrived at its destination.

It would be swell if my mail server would notice the absent DSN after a
while and create one with the original details of the relay. I
understand that this is a very stateful and rather complex feature, so I
don't suppose this is easily done.
However a workaround could be for my mail server to simply always create
a DSN if a client requests it, regardless of the capabilities of a
remote mail server.
The downside of such a workaround is that a client may receive two DSN's
- in fact they usually will. However for a client who thinks two DSN's
is better than zero, this would be a nice feature.
Is this possible?

Kind regards,

Erik Logtenberg.


On 04/23/2014 05:33 PM, Michael Storz wrote:

> Am 2014-04-23 13:39, schrieb Erik Logtenberg:
>> Hi,
>>
>> If I request a (success) DSN from my Postfix server, my server responds
>> as expected. Usually my mail server has to deliver the mail remotely and
>> I would like Postfix to request a DSN from the remote server as well if
>> the user asked for one. Is that possible?
>>
>> Kind regards,
>>
>> Erik.
>
> Do you mean,
>
> - you are sending to a remote address or
> - you are sending to a "local" address which is then forwarded to a
> remote address?
>
> In the first case the request for a success DSN ist transmitted to the
> next MTA in case it offers DSN capability. If not, your Postfix
> generates a success DSN with action relayed.
>
> In the second case it seems that Postfix strictly implements "the
> confidentiality of a forwarding address" without any user/administrator
> choice in opposit to what RFC 3464 says
>
>    MTA authors are encouraged to provide a mechanism which enables the
>    end user to preserve the confidentiality of a forwarding address.
>    Depending on the degree of confidentiality required, and the nature
>    of the environment to which a message were being forwarded, this
>    might be accomplished by one or more of:
>
>    ...
>

Reply | Threaded
Open this post in threaded view
|

Separate domains, UNIX system accounts

Marek Królikowski
Hello Guys
I got strange problem with my postfix i try do separate domains but use UNIX
system accounts.
i use postfix doc (http://www.postfix.org/VIRTUAL_README.html)  but don`t
know why it`s not working ( Debian 7 postfix 2.9.6):

This is my main.cf:
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_CAfile = /etc/postfix/ssl/taken.pem
smtpd_tls_cert_file = /etc/postfix/ssl/taken.pem
smtpd_tls_key_file = /etc/postfix/ssl/taken.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = taken.pl
alias_maps = hash:/etc/postfix/aliases
myorigin = taken.pl
mydestination = localhost
virtual_alias_domains = taken.pl, wset.edu.pl
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_client_restrictions =
smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining,
reject_invalid_helo_hostname, check_helo_access
hash:/etc/postfix/helo_checks
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/sender_checks_my, reject_unauth_destination,
reject_unauth_pipelining, check_policy_service unix:private/policy
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ciphers = high
smtpd_tls_protocols = !SSLv2
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
disable_vrfy_command = yes
message_size_limit = 102400000
smtpd_banner = $myhostname ESMTP


This is my /etc/postfix/virtual
[hidden email] taken
[hidden email] taken

When i try send email to [hidden email] i got info:
May 12 16:56:59 POCZTA postfix/error[6651]: 9CD862009CF:
to=<[hidden email]>, orig_to=<[hidden email]>, relay=none, delay=6.7,
delays=6.7/0/0/0.05, dsn=5.0.0, status=bounced (User unknown in virtual
alias table)
The most funny when i put domains to mydestination too
mydestination = localhost, taken.pl, wset.edu.pl
i can send emails but get all the time warning:
May 12 14:12:55 POCZTA postfix/trivial-rewrite[4303]: warning: do not list
domain wset.edu.pl in BOTH mydestination and virtual_alias_domains

Anyone know how to do this without errors/warnings?
Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Can postfix smtp client request DSN from remote server?

Viktor Dukhovni
In reply to this post by Erik Logtenberg
On Mon, May 12, 2014 at 04:43:22PM +0200, Erik Logtenberg wrote:

> Okay, so the thing with DSN's is this: if my email client requests a DSN
> on success when sending a mail, my Postfix server will honour that
> request. Postfix does this in one of two possible ways:

The recommended setting is to disable DSN at the edge of your
network, causing remote servers to send any requested DSNs to their
own users, and likewise for your servers to return the final DSN
on successful delivery to a remote server, without delegating DSN
notification to that server.

    smtpd_discard_ehlo_keywords = silent-discard, DSN
    smtp_discard_ehlo_keywords = silent-discard, DSN

> However a workaround could be for my mail server to simply always create
> a DSN if a client requests it, regardless of the capabilities of a
> remote mail server.

This is the recommended approach, but there is not a duplicate DSN,
because in this mode Postfix will not request a DSN from the remote
server.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Separate domains, UNIX system accounts

/dev/rob0
In reply to this post by Marek Królikowski
Please don't hijack unrelated threads. When you have a new message
for the list, post it as a NEW message, not as a reply. Thank you.

On Mon, May 12, 2014 at 05:03:31PM +0200, Marek Królikowski wrote:
> I got strange problem with my postfix i try do separate domains
> but use UNIX system accounts.
> i use postfix doc (http://www.postfix.org/VIRTUAL_README.html)
> but don`t know why it`s not working ( Debian 7 postfix 2.9.6):
>
> This is my main.cf:

"postconf -n" is preferred.

> append_dot_mydomain = no
> myorigin = taken.pl
> mydestination = localhost
> virtual_alias_domains = taken.pl, wset.edu.pl
> virtual_alias_maps = hash:/etc/postfix/virtual

> This is my /etc/postfix/virtual
> [hidden email] taken
> [hidden email] taken

You are thereby rewriting those two addresses to "taken@$myorigin".
Note that $myorigin is listed as a virtual alias domain, and that
"taken@$myorigin" is not listed in virtual_alias_maps.

Always use fully-qualified addresses in virtual_alias_maps.
   [hidden email] taken@localhost
   [hidden email] taken@localhost
See, there you are redirecting to a local(8) user. You know it is
because "localhost" is in $mydestination.

> When i try send email to [hidden email] i got info:
> May 12 16:56:59 POCZTA postfix/error[6651]: 9CD862009CF:
> to=<[hidden email]>, orig_to=<[hidden email]>, relay=none, delay=6.7,
> delays=6.7/0/0/0.05, dsn=5.0.0, status=bounced (User unknown in virtual
> alias table)
> The most funny when i put domains to mydestination too
> mydestination = localhost, taken.pl, wset.edu.pl
> i can send emails but get all the time warning:
> May 12 14:12:55 POCZTA postfix/trivial-rewrite[4303]: warning: do not list
> domain wset.edu.pl in BOTH mydestination and virtual_alias_domains
>
> Anyone know how to do this without errors/warnings?
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: