On Mon, Sep 15, 2014 at 08:40:24PM -0400, Scott Kitterman wrote:
> The IETF has just published a new RFC that specifies particular enhanced
> status codes for email authentication failures:
>
> https://www.rfc-editor.org/rfc/rfc7372.txt
I see little in this document that a policy service can employ.
Policy services don't see message content, and so can't detect DKIM
signature failures. Policy services are not employed during SASL
auth, and so can't generate SASL failures responses.
That leaves just
3.2. SPF Failure Codes . . . . . . . . . . . . . . . . . . . . 4
3.3. Reverse DNS Failure Code . . . . . . . . . . . . . . . . 5
> I have a policy server for which this is relevant. I'd like to provide
> an enhanced status code for Postfix to use, but I don't find in the
> documentation where that's possible via the policy interface.
See "REJECT ACTIONS" under
http://www.postfix.org/access.5.html
Thus:
action=REJECT 554 5.7.23 Bleeding edge status code your MUA won't understand!
> My assumption is this is the usual, if it's not documented, then either
> you can't do it or you shouldn't rely on it (so this is a feature request),
> but I'd love to find out I missed something and be pointed in the right
> direction.
http://www.postfix.org/SMTPD_POLICY_README.html says:
The policy server replies with any action that is allowed in a Postfix
SMTPD access(5) table. Example:
action=defer_if_permit Service temporarily unavailable
[empty line]
The access(5) page says:
REJECT ACTIONS
Postfix version 2.3 and later support enhanced status codes
as defined in RFC 3463. When no code is specified at the
beginning of the text below, Postfix inserts a default
enhanced status code of "5.7.1" in the case of reject actions,
and "4.7.1" in the case of defer actions. See "ENHANCED
STATUS CODES" below.
--
Viktor.
