Four DSNs are defined for failed out going messages and one for incoming messages that have passed security and trust.


Failed Delivery Unsecured 5.7.31


5.7.3 describes a failure to deliver message because recipient cannot be secured in RFC 3463. The reference implementation appends a 1 to status code to indicate failure to find a public certificate.

Failed Delivery Untrusted 5.7.11


5.7.1 describes a failure to deliver message because recipient cannot be trusted in RFC 3463. The reference implementation appends a 1 to status code to indicate failure to chain up the public certificate to a trusted anchor certificate.

Failed Delivery Expired Processed MDN 5.4.71


5.4.7 describes a failure to deliver message because the network times out in RFC 3463.
The reference implementation appends a 1 to indicate the Processed MDN has not been returned within a configured window of time.

Failed Delivery Expired Dispatched MDN 5.4.72


5.4.7 describes a failure to deliver message because the network times out in RFC 3463.
The reference implementation appends a 2 to indicate the Dispatched MDN has not been returned within a configured window of time.


Failed Delivery for other reason 5.5.0


5.5.0 is the only DSN returned to an external partner. This only happens if an incoming message passes security and trust but cannot be passed on to the final destination.

If one would wanted to test this failure condition it is simple as creating a address in the addresses table with a AddressType associated to an IncomingRoutes entry in the SmtpAgentConfig.xml file pointing to a nonexistent folder.