#StackBounty: #postfix #email-server #dsn How do I tell Postfix 'edge' MTA to fake it's a final destination for DSN?

Bounty: 250

My question is regarding the Delivery Status Notification (DSN) handling of my inbound Postfix mail server instances. The solution to this may be completely outside of scope of DSNs however.

Let’s say this is the flow for mail arriving at my domain. D, E and F are in my control, and A, B and C are the sender’s.

 A
  +----------+
  |          |
  |   MUA    |
  | (sender) |
  |          |
  +----+-----+
       |
       |
B      |            C                   D                  E
 +-----v-------+     +-----------+       +------------+     +------------+
 |             |     |  Outbound |INTERNET Inbound    | LAN | Local mail |
 | Submission  +----->  gateway  +-------> gateway    +---->+ storage    |
 | (MTA)       |     |  (MTA)    |       | (MTA)      |     | delivery   |
 |             |     |  sender   |       | recipient  |     | (MTA)      |
 +-------------+     +-----------+       +------------+     +-----+------+
                                                                  | LMTP
                                                             LAN  | (final
                                                                  | delivery)
                                                           F      |
                                                            +-----v------+
                                                            |            |
                                                            | Mailbox    |
                                                            | devlivery  |
                                                            | (MDA)      |
                                                            +------------+

D (edge, internet facing, highly available) and E (internal, budget SLA) are separate machines, as I’d like to separate things for scalability, security and availability. This way mail can be queued for days at D in case E in a cheap network/cluster is down amid a disaster scenario.

The sender can request a DSN in his mail client application (E.g. in Thunderbird, enable DSN in the compose view menu) and with Postfix at its default, it will inform the sender of successful delivery from E as soon as it has delivered it to F. In this DSN message, the sender gets to know a lot about my internal network and that’s what I’d like to avoid.

From the perspective of D, itself is not a final destination of the mail (as E is configured as relay for the domain). Moreover, when it’s relaying to E, it’s still not a final destination upon relaying the mail. This makes it only at E to inform the sender.

I found that Gmail has a very elegant way. It somehow triggers the DSN already upon the submission of C to D (where D is then Gmail’s edge MTA). I’d like to know how to configure my Postfix instances like Gmail’s internet facing MTAs. That would make the sender’s outbound MTA responsible of informing the delivery status to the remote MTA.

Since I have no conditional delivery set up, bounces turned off along this path, all mail accepted at D will be delivered, one way or another to a mailbox. So, I’d like to tell remote MTAs already at that point that delivery is successful, and I want to disable any further DSN handling on my own servers. This should let C inform the sender of successful delivery.

I’ve tried to set smtpd_discard_ehlo_keywords = silent-discard, dsn at D already as per Postfix’s DSN readme, but as expected, senders do not get informed at all anymore and that’s too much to turn off.

In short; how can I have Postfix tell (lie to) remote MTA C that D is final delivery for the message?

… in an attempt to mimic Gmail’s handling.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.