On Mon, Aug 07, 2017 at 11:27:36AM +0200, Tomas Macek wrote:
> Yes, I have found it out too. I wanted to create a Milter removing just the
> SUCCESS and/or DELAY and keeping just the FAILURE.
This is the *wrong* thing to do and a bad idea. When a legitimate
SMTP envelope requests NOTIFY=SUCCESS the *last* MTA that offers
DSN support that sucessfully delivers or relays the mesasge must
send a success notice.
By promising DSN, but then ignoring NOTIFY=SUCCESS, you'd be denying
the *sending* MTA the opportunity to notify the sender.
The correct solution is to disable DNS in Postfix via
smtpd_discard_ehlo_keywords = dsn,silent-discard
This also has the effect of refusing MAIL FROM commands that would
attempt to use "NOTIFY=..." despite the lack of DSN support on the
receiving side.
Do not mangle SMTP commands to in ways that violate the protocol
requirements. Let DSN do its job, and don't offer DSN service
when that's what you want. My standard advice is to not offer
DSN to strangers at the edge of your network and to ignore DSN
offers from remote servers.
# Postfix SMTP server instance that only handles inbound traffic
smtpd_discard_ehlo_keywords = dsn,silent-discard
# Postfix SMTP client instance that only handles outbound traffic
smtp_discard_ehlo_keywords = dsn,silent-discard
--
Viktor.
