Re: Don't send "sender non-delivery notification" to one sender

[Bastian Blank]

On Thu, Jan 25, 2018 at 11:02:51AM -0500, Zach Sheppard wrote:
> Is it possible to exempt one sender from receiving non-delivery
> notifications? We have a DMARC policy that forces DKIM headers on all mail
> and when Postfix sends a non-delivery notification to this bulk mail sender
> (a fake e-mail alias) it fails because of our DMARC policy.

Why do you bounce any emails?

Bastian

-- 
No one may kill a man.  Not for any purpose.  It cannot be condoned.
-- Kirk, "Spock's Brain", stardate 5431.6

Re: Don't send "sender non-delivery notification" to one sender

[Dominic Raferd]

On 25 January 2018 at 16:42, Dominic Raferd  wrote:
>
>
>
> On 25 January 2018 at 16:02, Zach Sheppard  
> wrote:
>>
>> Is it possible to exempt one sender from receiving non-delivery 
>> notifications? We have a DMARC policy that forces DKIM headers on all mail 
>> and when Postfix sends a non-delivery notification to this bulk mail sender 
>> (a fake e-mail alias) it fails because of our DMARC policy.
>>
>> I have set notify_classes= to not receive any e-mails about errors/bounces 
>> but it looks like the non-delivery notifications still occur.
>>
>> How could I block one sender from receiving those notifications?
>
>
> Rather than remove the notifications you could make them DMARC compliant with:
> internal_mail_filter_classes = bounce
>
> See http://www.postfix.org/postconf.5.html#internal_mail_filter_classes - 
> note the warning (presumably because of a loop risk)


Alternatively, or as well, suppress DSN notification to strangers:

/etc/postfix/main.cf:
smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access

/etc/postfix/esmtp_access
# 127.0.0.1 usually will have been re-routed via amavis and
re-injected i.e. it started as an external email?
127.0.0.1   silent-discard, dsn
127.0.0.0/31silent-discard
192.168.0.0/16  silent-discard
0.0.0.0/0   silent-discard, dsn

Re: Don't send "sender non-delivery notification" to one sender

[Dominic Raferd]

On 25 January 2018 at 16:02, Zach Sheppard 
wrote:

> Is it possible to exempt one sender from receiving non-delivery
> notifications? We have a DMARC policy that forces DKIM headers on all mail
> and when Postfix sends a non-delivery notification to this bulk mail sender
> (a fake e-mail alias) it fails because of our DMARC policy.
>
> I have set notify_classes= to not receive any e-mails about errors/bounces
> but it looks like the non-delivery notifications still occur.
>
> How could I block one sender from receiving those notifications?
>

​Rather than remove the notifications you could make them DMARC compliant
with:
​
internal_mail_filter_classes = bounce

See http://www.postfix.org/postconf.5.html#internal_mail_filter_classes -
note the warning (presumably because of a loop risk)

Don't send "sender non-delivery notification" to one sender

[Zach Sheppard]

Is it possible to exempt one sender from receiving non-delivery
notifications? We have a DMARC policy that forces DKIM headers on all mail
and when Postfix sends a non-delivery notification to this bulk mail sender
(a fake e-mail alias) it fails because of our DMARC policy.

I have set notify_classes= to not receive any e-mails about errors/bounces
but it looks like the non-delivery notifications still occur.

How could I block one sender from receiving those notifications?

Thanks