On Mon, Aug 07, 2017 at 11:27:36AM +0200, Tomas Macek wrote: > Yes, I have found it out too. I wanted to create a Milter removing just the > SUCCESS and/or DELAY and keeping just the FAILURE.
This is the *wrong* thing to do and a bad idea. When a legitimate SMTP envelope requests NOTIFY=SUCCESS the *last* MTA that offers DSN support that sucessfully delivers or relays the mesasge must send a success notice. By promising DSN, but then ignoring NOTIFY=SUCCESS, you'd be denying the *sending* MTA the opportunity to notify the sender. The correct solution is to disable DNS in Postfix via smtpd_discard_ehlo_keywords = dsn,silent-discard This also has the effect of refusing MAIL FROM commands that would attempt to use "NOTIFY=..." despite the lack of DSN support on the receiving side. Do not mangle SMTP commands to in ways that violate the protocol requirements. Let DSN do its job, and don't offer DSN service when that's what you want. My standard advice is to not offer DSN to strangers at the edge of your network and to ignore DSN offers from remote servers. # Postfix SMTP server instance that only handles inbound traffic smtpd_discard_ehlo_keywords = dsn,silent-discard # Postfix SMTP client instance that only handles outbound traffic smtp_discard_ehlo_keywords = dsn,silent-discard -- Viktor.