LOCAL(8) LOCAL(8)
NAME
local - Postfix local mail delivery
SYNOPSIS
local [generic Postfix daemon options]
DESCRIPTION
The local daemon processes delivery requests from the Postfix queue
manager to deliver mail to local recipients. Each delivery request
specifies a queue file, a sender address, a domain or host to deliver
to, and one or more recipients. This program expects to be run from
the master(8) process manager.
The local daemon updates queue files and marks recipients as finished,
or it informs the queue manager that delivery should be tried again at
a later time. Delivery problem reports are sent to the bounce(8) or
defer(8) daemon as appropriate.
SYSTEM-WIDE AND USER-LEVEL ALIASING
The system administrator can set up one or more system-wide sendmail-
style alias databases. Users can have sendmail-style ~/.forward files.
Mail for name is delivered to the alias name, to destinations in
~name/.forward, to the mailbox owned by the user name, or it is sent
back as undeliverable.
The system administrator can specify a comma/space separated list of
~/.forward like files through the forward_path configuration parameter.
Upon delivery, the local delivery agent tries each pathname in the list
until a file is found. The forward_path parameter is subject to inter-
polation of $user (recipient username), $home (recipient home direc-
tory), $shell (recipient shell), $recipient (complete recipient
address), $extension (recipient address extension), $domain (recipient
domain), local (entire recipient address localpart) and $recipi-
ent_delimiter. The forms ${name?value} and ${name:value} expand condi-
tionally to value when $name is (is not) defined. Characters that may
have special meaning to the shell or file system are replaced by under-
scores. The list of acceptable characters is specified with the for-
ward_expansion_filter configuration parameter.
An alias or ~/.forward file may list any combination of external com-
mands, destination file names, :include: directives, or mail addresses.
See aliases(5) for a precise description. Each line in a user's .for-
ward file has the same syntax as the right-hand part of an alias.
When an address is found in its own alias expansion, delivery is made
to the user instead. When a user is listed in the user's own ~/.forward
file, delivery is made to the user's mailbox instead. An empty ~/.for-
ward file means do not forward mail.
In order to prevent the mail system from using up unreasonable amounts
of memory, input records read from :include: or from ~/.forward files
are broken up into chunks of length line_length_limit.
While expanding aliases, ~/.forward files, and so on, the program
attempts to avoid duplicate deliveries. The duplicate_filter_limit con-
figuration parameter limits the number of remembered recipients.
MAIL FORWARDING
For the sake of reliability, forwarded mail is re-submitted as a new
message, so that each recipient has a separate on-file delivery status
record.
In order to stop mail forwarding loops early, the software adds an
optional Delivered-To: header with the envelope recipient address. If
mail arrives for a recipient that is already listed in a Delivered-To:
header, the message is bounced.
MAILBOX DELIVERY
The default per-user mailbox is a file in the UNIX mail spool directory
(/var/mail/user or /var/spool/mail/user); the location can be specified
with the mail_spool_directory configuration parameter. Specify a name
ending in / for qmail-compatible maildir delivery.
Alternatively, the per-user mailbox can be a file in the user's home
directory with a name specified via the home_mailbox configuration
parameter. Specify a relative path name. Specify a name ending in / for
qmail-compatible maildir delivery.
Mailbox delivery can be delegated to an external command specified with
the mailbox_command configuration parameter. The command executes with
the privileges of the recipient user (exception: in case of delivery as
root, the command executes with the privileges of default_privs).
Mailbox delivery can be delegated to alternative message transports
specified in the master.cf file. The mailbox_transport configuration
parameter specifies a message transport that is to be used for all
local recipients, regardless of whether they are found in the UNIX
passwd database. The fallback_transport parameter specifies a message
transport for recipients that are not found in the UNIX passwd
database.
In the case of UNIX-style mailbox delivery, the local daemon prepends a
"From sender time_stamp" envelope header to each message, prepends an
X-Original-To: header with the recipient address as given to Postfix,
prepends an optional Delivered-To: header with the envelope recipient
address, prepends a Return-Path: header with the envelope sender
address, prepends a > character to lines beginning with "From ", and
appends an empty line. The mailbox is locked for exclusive access
while delivery is in progress. In case of problems, an attempt is made
to truncate the mailbox to its original length.
In the case of maildir delivery, the local daemon prepends an optional
Delivered-To: header with the final envelope recipient address,
prepends an X-Original-To: header with the recipient address as given
to Postfix, and prepends a Return-Path: header with the envelope sender
address.
EXTERNAL COMMAND DELIVERY
The allow_mail_to_commands configuration parameter restricts delivery
to external commands. The default setting (alias, forward) forbids com-
mand destinations in :include: files.
The command is executed directly where possible. Assistance by the
shell (/bin/sh on UNIX systems) is used only when the command contains
shell magic characters, or when the command invokes a shell built-in
command.
A limited amount of command output (standard output and standard error)
is captured for inclusion with non-delivery status reports. A command
is forcibly terminated if it does not complete within com-
mand_time_limit seconds. Command exit status codes are expected to
follow the conventions defined in <sysexits.h>.
A limited amount of message context is exported via environment vari-
ables. Characters that may have special meaning to the shell are
replaced by underscores. The list of acceptable characters is speci-
fied with the command_expansion_filter configuration parameter.
SHELL The recipient user's login shell.
HOME The recipient user's home directory.
USER The bare recipient name.
EXTENSION
The optional recipient address extension.
DOMAIN The recipient address domain part.
LOGNAME
The bare recipient name.
LOCAL The entire recipient address localpart (text to the left of the
rightmost @ character).
RECIPIENT
The entire recipient address.
SENDER The entire sender address.
The PATH environment variable is always reset to a system-dependent
default path, and environment variables whose names are blessed by the
export_environment configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
The local daemon prepends a "From sender time_stamp" envelope header to
each message, prepends an X-Original-To: header with the recipient
address as given to Postfix, prepends an optional Delivered-To: header
with the recipient envelope address, prepends a Return-Path: header
with the sender envelope address, and appends no empty line.
EXTERNAL FILE DELIVERY
The delivery format depends on the destination filename syntax. The
default is to use UNIX-style mailbox format. Specify a name ending in
/ for qmail-compatible maildir delivery.
The allow_mail_to_files configuration parameter restricts delivery to
external files. The default setting (alias, forward) forbids file des-
tinations in :include: files.
In the case of UNIX-style mailbox delivery, the local daemon prepends a
"From sender time_stamp" envelope header to each message, prepends an
X-Original-To: header with the recipient address as given to Postfix,
prepends an optional Delivered-To: header with the recipient envelope
address, prepends a > character to lines beginning with "From ", and
appends an empty line. The envelope sender address is available in the
Return-Path: header. When the destination is a regular file, it is
locked for exclusive access while delivery is in progress. In case of
problems, an attempt is made to truncate a regular file to its original
length.
In the case of maildir delivery, the local daemon prepends an optional
Delivered-To: header with the envelope recipient address, and prepends
an X-Original-To: header with the recipient address as given to Post-
fix. The envelope sender address is available in the Return-Path:
header.
ADDRESS EXTENSION
The optional recipient_delimiter configuration parameter specifies how
to separate address extensions from local recipient names.
For example, with "recipient_delimiter = +", mail for name+foo is
delivered to the alias name+foo or to the alias name, to the destina-
tions listed in ~name/.forward+foo or in ~name/.forward, to the mailbox
owned by the user name, or it is sent back as undeliverable.
In all cases the local daemon prepends an optional `Delivered-To:
name+foo' header line.
DELIVERY RIGHTS
Deliveries to external files and external commands are made with the
rights of the receiving user on whose behalf the delivery is made. In
the absence of a user context, the local daemon uses the owner rights
of the :include: file or alias database. When those files are owned by
the superuser, delivery is made with the rights specified with the
default_privs configuration parameter.
STANDARDS
RFC 822 (ARPA Internet Text Messages)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8). Corrupted message
files are marked so that the queue manager can move them to the corrupt
queue afterwards.
Depending on the setting of the notify_classes parameter, the postmas-
ter is notified of bounces and of other trouble.
BUGS
For security reasons, the message delivery status of external commands
or of external files is never checkpointed to file. As a result, the
program may occasionally deliver more than once to a command or exter-
nal file. Better safe than sorry.
Mutually-recursive aliases or ~/.forward files are not detected early.
The resulting mail forwarding loop is broken by the use of the Deliv-
ered-To: message header.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant to this pro-
gram. See the Postfix main.cf file for syntax details and for default
values. Use the postfix reload command after a configuration change.
Miscellaneous
alias_maps
List of alias databases.
biff Enable or disable notification of new mail via the comsat net-
work service.
expand_owner_alias
When delivering to an alias that has an owner- companion alias,
set the envelope sender address to the right-hand side of the
owner alias, instead using of the left-hand side address.
export_environment
List of names of environment parameters that can be exported to
non-Postfix processes.
forward_path
Search list for .forward files. The names are subject to $name
expansion.
local_command_shell
Shell to use for external command execution (for example,
/some/where/smrsh -c). When a shell is specified, it is invoked
even when the command contains no shell built-in commands or
meta characters.
owner_request_special
Give special treatment to owner-xxx and xxx-request addresses.
prepend_delivered_header
Prepend an optional Delivered-To: header upon external forward-
ing, delivery to command or file. Specify zero or more of: com-
mand, file, forward. Turning off Delivered-To: when forwarding
mail is not recommended.
recipient_delimiter
Separator between username and address extension.
require_home_directory
Require that a recipient's home directory is accessible by the
recipient before attempting delivery. Defer delivery otherwise.
Mailbox delivery
fallback_transport
Message transport for recipients that are not found in the UNIX
passwd database. This parameter overrides luser_relay.
Note: you must update the local_recipient_maps setting in the
main.cf file, otherwise the Postfix SMTP server will reject mail
for non-UNIX accounts with "User unknown in local recipient ta-
ble".
home_mailbox
Pathname of a mailbox relative to a user's home directory.
Specify a path ending in / for maildir-style delivery.
luser_relay
Destination (@domain or address) for non-existent users. The
address is subjected to $name expansion.
Note: you must specify "local_recipient_maps =" (i.e. empty) in
the main.cf file, otherwise the Postfix SMTP server will reject
mail for non-UNIX accounts with "User unknown in local recipient
table".
mail_spool_directory
Directory with UNIX-style mailboxes. The default pathname is
system dependent. Specify a path ending in / for maildir-style
delivery.
mailbox_command
External command to use for mailbox delivery. The command exe-
cutes with the recipient privileges (exception: root). The
string is subject to $name expansions.
mailbox_command_maps
Lookup tables with per-recipient external commands to use for
mailbox delivery. Behavior is as with mailbox_command.
mailbox_transport
Message transport to use for mailbox delivery to all local
recipients, whether or not they are found in the UNIX passwd
database. This parameter overrides all other configuration
parameters that control mailbox delivery, including luser_relay.
Note: if you use this feature to receive mail for non-UNIX
accounts then you must update the local_recipient_maps setting
in the main.cf file, otherwise the Postfix SMTP server will
reject mail for non-UNIX accounts with "User unknown in local
recipient table".
Locking controls
deliver_lock_attempts
Limit the number of attempts to acquire an exclusive lock on a
mailbox or external file.
deliver_lock_delay
Time in seconds between successive attempts to acquire an exclu-
sive lock.
stale_lock_time
Limit the time after which a stale lock is removed.
mailbox_delivery_lock
What file locking method(s) to use when delivering to a UNIX-
style mailbox. The default setting is system dependent. For a
list of available file locking methods, use the postconf -l com-
mand.
Resource controls
command_time_limit
Limit the amount of time for delivery to external command.
duplicate_filter_limit
Limit the size of the duplicate filter for results from alias
etc. expansion.
line_length_limit
Limit the amount of memory used for processing a partial input
line.
local_destination_concurrency_limit
Limit the number of parallel deliveries to the same user. The
default limit is taken from the default_destination_concur-
rency_limit parameter.
local_destination_recipient_limit
Limit the number of recipients per message delivery. The
default limit is taken from the default_destination_recipi-
ent_limit parameter.
mailbox_size_limit
Limit the size of a mailbox etc. file (any file that is written
to upon delivery). Set to zero to disable the limit.
Security controls
allow_mail_to_commands
Restrict the usage of mail delivery to external command. Spec-
ify zero or more of: alias, forward, include.
allow_mail_to_files
Restrict the usage of mail delivery to external file. Specify
zero or more of: alias, forward, include.
command_expansion_filter
What characters are allowed to appear in $name expansions of
mailbox_command. Illegal characters are replaced by underscores.
default_privs
Default rights for delivery to external file or command.
forward_expansion_filter
What characters are allowed to appear in $name expansions of
forward_path. Illegal characters are replaced by underscores.
HISTORY
The Delivered-To: header appears in the qmail system by Daniel Bern-
stein.
The maildir structure appears in the qmail system by Daniel Bernstein.
SEE ALSO
aliases(5) format of alias database
bounce(8) non-delivery status reports
postalias(1) create/update alias database
syslogd(8) system logging
qmgr(8) queue manager
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
LOCAL(8)