Postfix VERP Howto


Postfix VERP support

Postfix versions 1.1 and later support variable envelope return path addresses on request. When VERP style delivery is requested, each recipient of a message receives a customized copy of the message, with his/her own recipient address encoded in the envelope sender address.

For example, when VERP style delivery is requested, Postfix delivers mail from "owner-listname@origin" for a recipient "user@domain", with a sender address that encodes the recipient as follows:

owner-listname+user=domain@origin

Thus, undeliverable mail can reveal the undeliverable recipient address without requiring the list owner to parse bounce messages.

The VERP concept was popularized by the qmail MTA and by the ezmlm mailing list manager. See http://cr.yp.to/proto/verp.txt for the ideas behind this concept.

Topics covered in this document:

Postfix VERP configuration parameters

With Postfix, the whole process is controlled by four configuration parameters.
default_verp_delimiters (default value: +=)

What VERP delimiter characters Postfix uses when VERP style delivery is requested but no explicit delimiters are specified.

verp_delimiter_filter (default: -+=)

What characters Postfix accepts as VERP delimiter characters on the sendmail command line and in SMTP commands. Many characters must not be used as VERP delimiter characters, either because they already have a special meaning in email addresses (such as the @ or the %), because they are used as part of a username or domain name (such as alphanumerics), or because they are non-ASCII or control characters. And who knows, some characters may tickle bugs in vulnerable software, and we would not want that to happen.

smtpd_authorized_verp_clients (default value: none)

What SMTP clients are allowed to request VERP style delivery. The Postfix QMQP server uses its own access control mechanism, and local submission (via /usr/sbin/sendmail etc.) is always authorized. To authorize a host, list its name, IP address, subnet (net/mask) or parent .domain.

With Postfix versions 1.1 and 2.0, this parameter is called authorized_verp_clients (default: $mynetworks).

disable_verp_bounces (default: no)

if Postfix sends one bounce report for multi-recipient VERP mail, or one bounce report per recipient. The default, one per recipient, is what ezmlm needs.

Using VERP with majordomo etc. mailing lists

In order to make VERP useful with majordomo etc. mailing lists, you would configure the list manager to submit mail according to one of the following two forms:

Postfix 2.3 and later:

% sendmail -XV -f owner-listname other-arguments...

% sendmail -XV+= -f owner-listname other-arguments...

Postfix 2.2 and earlier (Postfix 2.3 understands the old syntax for backwards compatibility, but will log a warning that reminds you of the new syntax):

% sendmail -V -f owner-listname other-arguments...

% sendmail -V+= -f owner-listname other-arguments...

The first form uses the default main.cf VERP delimiter characters. The second form allows you to explicitly specify the VERP delimiter characters. The example shows the recommended values.

This text assumes that you have set up an owner-listname alias that routes undeliverable mail to a real person:

/etc/aliases:
    owner-listname: yourname+listname

In order to process bounces we are going to make extensive use of address extension tricks.

You need to tell Postfix that + is the separator between an address and its optional address extension, that address extensions are appended to .forward file names, and that address extensions are to be discarded when doing alias expansions:

/etc/postfix/main.cf:
    recipient_delimiter = +
    forward_path = $home/.forward${recipient_delimiter}${extension},
        $home/.forward
    propagate_unmatched_extensions = canonical, virtual

(the last two parameter settings are default settings).

You need to set up a file named .forward+listname with the commands that process all the mail that is sent to the owner-listname address:

~/.forward+listname:
    "|/some/where/command ..."

With this set up, undeliverable mail for user@domain will be returned to the following address:

[email protected]

which is processed by the command in your .forward+listname file. The message should contain, among others, a To: header with the encapsulated recipient sender address:

To: [email protected]

It is left as an exercise for the reader to parse the To: header line and to pull out the user=domain part from the recipient address.

VERP support in the Postfix SMTP server

The Postfix SMTP server implements a command XVERP to enable VERP style delivery. The syntax allows two forms:

MAIL FROM:<sender@domain> XVERP

MAIL FROM:<sender@domain> XVERP=+=

The first form uses the default main.cf VERP delimiters, the second form overrides them explicitly. The values shown are the recommended ones.

VERP support in the Postfix sendmail command

The Postfix sendmail command has a -V flag to request VERP style delivery. Specify one of the following two forms:

Postfix 2.3 and later:

% sendmail -XV -f owner-listname ....

% sendmail -XV+= -f owner-listname ....

Postfix 2.2 and earlier (Postfix 2.3 understands the old syntax for backwards compatibility, but will log a warning that reminds you of the new syntax):

% sendmail -V -f owner-listname ....

% sendmail -V+= -f owner-listname ....

The first form uses the default main.cf VERP delimiters, the second form overrides them explicitly. The values shown are the recommended ones.

VERP support in the Postfix QMQP server

When the Postfix QMQP server receives mail with an envelope sender address of the form:

[email protected]@[]

Postfix generates sender addresses "[email protected]", using "-=" as the VERP delimiters because qmail/ezmlm expect this.

More generally, a sender address of "prefix@origin-@[]" requests VERP style delivery with sender addresses of the form "prefixuser=domain@origin". However, Postfix allows only VERP delimiters that are specified with the verp_delimiter_filter parameter. In particular, the "=" delimiter is required for qmail compatibility (see the qmail addresses(5) manual page for details).