unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-6.1.5)
Page:
Section:
Apropos / Subsearch:
optional field

LOCAL(8)                    System Manager's Manual                   LOCAL(8)




NAME
       local - Postfix local mail delivery

SYNOPSIS
       local [generic Postfix daemon options]

DESCRIPTION
       The local(8) daemon processes delivery requests from the Postfix queue
       manager to deliver mail to local recipients.  Each delivery request
       specifies a queue file, a sender address, a domain or host to deliver
       to, and one or more recipients.  This program expects to be run from
       the master(8) process manager.

       The local(8) daemon updates queue files and marks recipients as
       finished, or it informs the queue manager that delivery should be tried
       again at a later time. Delivery status reports are sent to the
       bounce(8), defer(8) or trace(8) daemon as appropriate.

CASE FOLDING
       All delivery decisions are made using the bare recipient name (i.e. the
       address localpart), folded to lower case.  See also under ADDRESS
       EXTENSION below for a few exceptions.

SYSTEM-WIDE AND USER-LEVEL ALIASING
       The system administrator can set up one or more system-wide sendmail-
       style alias databases.  Users can have sendmail-style ~/.forward files.
       Mail for name is delivered to the alias name, to destinations in
       ~name/.forward, to the mailbox owned by the user name, or it is sent
       back as undeliverable.

       The system administrator can specify a comma/space separated list of
       ~/.forward like files through the forward_path configuration parameter.
       Upon delivery, the local delivery agent tries each pathname in the list
       until a file is found.

       Delivery via ~/.forward files is done with the privileges of the
       recipient.  Thus, ~/.forward like files must be readable by the
       recipient, and their parent directory needs to have "execute"
       permission for the recipient.

       The forward_path parameter is subject to interpolation of $user
       (recipient username), $home (recipient home directory), $shell
       (recipient shell), $recipient (complete recipient address), $extension
       (recipient address extension), $domain (recipient domain), $local
       (entire recipient address localpart) and $recipient_delimiter. The
       forms ${name?value} and ${name:value} expand conditionally to value
       when $name is (is not) defined.  Characters that may have special
       meaning to the shell or file system are replaced by underscores.  The
       list of acceptable characters is specified with the
       forward_expansion_filter configuration parameter.

       An alias or ~/.forward file may list any combination of external
       commands, destination file names, :include: directives, or mail
       addresses.  See aliases(5) for a precise description. Each line in a
       user's .forward file has the same syntax as the right-hand part of an
       alias.

       When an address is found in its own alias expansion, delivery is made
       to the user instead. When a user is listed in the user's own ~/.forward
       file, delivery is made to the user's mailbox instead.  An empty
       ~/.forward file means do not forward mail.

       In order to prevent the mail system from using up unreasonable amounts
       of memory, input records read from :include: or from ~/.forward files
       are broken up into chunks of length line_length_limit.

       While expanding aliases, ~/.forward files, and so on, the program
       attempts to avoid duplicate deliveries. The duplicate_filter_limit
       configuration parameter limits the number of remembered recipients.

MAIL FORWARDING
       For the sake of reliability, forwarded mail is re-submitted as a new
       message, so that each recipient has a separate on-file delivery status
       record.

       In order to stop mail forwarding loops early, the software adds an
       optional Delivered-To: header with the final envelope recipient
       address. If mail arrives for a recipient that is already listed in a
       Delivered-To: header, the message is bounced.

MAILBOX DELIVERY
       The default per-user mailbox is a file in the UNIX mail spool directory
       (/var/mail/user or /var/spool/mail/user); the location can be specified
       with the mail_spool_directory configuration parameter. Specify a name
       ending in / for qmail-compatible maildir delivery.

       Alternatively, the per-user mailbox can be a file in the user's home
       directory with a name specified via the home_mailbox configuration
       parameter. Specify a relative path name. Specify a name ending in / for
       qmail-compatible maildir delivery.

       Mailbox delivery can be delegated to an external command specified with
       the mailbox_command_maps and mailbox_command configuration parameters.
       The command executes with the privileges of the recipient user
       (exceptions: secondary groups are not enabled; in case of delivery as
       root, the command executes with the privileges of default_privs).

       Mailbox delivery can be delegated to alternative message transports
       specified in the master.cf file.  The mailbox_transport_maps and
       mailbox_transport configuration parameters specify an optional message
       transport that is to be used for all local recipients, regardless of
       whether they are found in the UNIX passwd database.  The
       fallback_transport_maps and fallback_transport parameters specify an
       optional message transport for recipients that are not found in the
       aliases(5) or UNIX passwd database.

       In the case of UNIX-style mailbox delivery, the local(8) daemon
       prepends a "From sender time_stamp" envelope header to each message,
       prepends an X-Original-To: header with the recipient address as given
       to Postfix, prepends an optional Delivered-To: header with the final
       envelope recipient address, prepends a Return-Path: header with the
       envelope sender address, prepends a >> character to lines beginning with
       "From ", and appends an empty line.  The mailbox is locked for
       exclusive access while delivery is in progress. In case of problems, an
       attempt is made to truncate the mailbox to its original length.

       In the case of maildir delivery, the local daemon prepends an optional
       Delivered-To: header with the final envelope recipient address,
       prepends an X-Original-To: header with the recipient address as given
       to Postfix, and prepends a Return-Path: header with the envelope sender
       address.

EXTERNAL COMMAND DELIVERY
       The allow_mail_to_commands configuration parameter restricts delivery
       to external commands. The default setting (alias, forward) forbids
       command destinations in :include: files.

       Optionally, the process working directory is changed to the path
       specified with command_execution_directory (Postfix 2.2 and later).
       Failure to change directory causes mail to be deferred.

       The command_execution_directory parameter value is subject to
       interpolation of $user (recipient username), $home (recipient home
       directory), $shell (recipient shell), $recipient (complete recipient
       address), $extension (recipient address extension), $domain (recipient
       domain), $local (entire recipient address localpart) and
       $recipient_delimiter. The forms ${name?value} and ${name:value} expand
       conditionally to value when $name is (is not) defined.  Characters that
       may have special meaning to the shell or file system are replaced by
       underscores.  The list of acceptable characters is specified with the
       execution_directory_expansion_filter configuration parameter.

       The command is executed directly where possible. Assistance by the
       shell (/bin/sh on UNIX systems) is used only when the command contains
       shell magic characters, or when the command invokes a shell built-in
       command.

       A limited amount of command output (standard output and standard error)
       is captured for inclusion with non-delivery status reports.  A command
       is forcibly terminated if it does not complete within
       command_time_limit seconds.  Command exit status codes are expected to
       follow the conventions defined in <sysexits.h>.  Exit status 0 means
       normal successful completion.

       Postfix version 2.3 and later support RFC 3463-style enhanced status
       codes.  If a command terminates with a non-zero exit status, and the
       command output begins with an enhanced status code, this status code
       takes precedence over the non-zero exit status.

       A limited amount of message context is exported via environment
       variables. Characters that may have special meaning to the shell are
       replaced by underscores.  The list of acceptable characters is
       specified with the command_expansion_filter configuration parameter.

       SHELL  The recipient user's login shell.

       HOME   The recipient user's home directory.

       USER   The bare recipient name.

       EXTENSION
              The optional recipient address extension.

       DOMAIN The recipient address domain part.

       LOGNAME
              The bare recipient name.

       LOCAL  The entire recipient address localpart (text to the left of the
              rightmost @ character).

       ORIGINAL_RECIPIENT
              The entire recipient address, before any address rewriting or
              aliasing (Postfix 2.5 and later).

       RECIPIENT
              The entire recipient address.

       SENDER The entire sender address.

       Additional remote client information is made available via the
       following environment variables:

       CLIENT_ADDRESS
              Remote client network address. Available as of Postfix 2.2.

       CLIENT_HELO
              Remote client EHLO command parameter. Available as of Postfix
              2.2.

       CLIENT_HOSTNAME
              Remote client hostname. Available as of Postfix 2.2.

       CLIENT_PROTOCOL
              Remote client protocol. Available as of Postfix 2.2.

       SASL_METHOD
              SASL authentication method specified in the remote client AUTH
              command. Available as of Postfix 2.2.

       SASL_SENDER
              SASL sender address specified in the remote client MAIL FROM
              command. Available as of Postfix 2.2.

       SASL_USERNAME
              SASL username specified in the remote client AUTH command.
              Available as of Postfix 2.2.

       The PATH environment variable is always reset to a system-dependent
       default path, and environment variables whose names are blessed by the
       export_environment configuration parameter are exported unchanged.

       The current working directory is the mail queue directory.

       The local(8) daemon prepends a "From sender time_stamp" envelope header
       to each message, prepends an X-Original-To: header with the recipient
       address as given to Postfix, prepends an optional Delivered-To: header
       with the final recipient envelope address, prepends a Return-Path:
       header with the sender envelope address, and appends no empty line.

EXTERNAL FILE DELIVERY
       The delivery format depends on the destination filename syntax.  The
       default is to use UNIX-style mailbox format.  Specify a name ending in
       / for qmail-compatible maildir delivery.

       The allow_mail_to_files configuration parameter restricts delivery to
       external files. The default setting (alias, forward) forbids file
       destinations in :include: files.

       In the case of UNIX-style mailbox delivery, the local(8) daemon
       prepends a "From sender time_stamp" envelope header to each message,
       prepends an X-Original-To: header with the recipient address as given
       to Postfix, prepends an optional Delivered-To: header with the final
       recipient envelope address, prepends a >&gt; character to lines beginning
       with "From ", and appends an empty line.  The envelope sender address
       is available in the Return-Path: header.  When the destination is a
       regular file, it is locked for exclusive access while delivery is in
       progress. In case of problems, an attempt is made to truncate a regular
       file to its original length.

       In the case of maildir delivery, the local daemon prepends an optional
       Delivered-To: header with the final envelope recipient address, and
       prepends an X-Original-To: header with the recipient address as given
       to Postfix.  The envelope sender address is available in the Return-
       Path: header.

ADDRESS EXTENSION
       The optional recipient_delimiter configuration parameter specifies how
       to separate address extensions from local recipient names.

       For example, with "recipient_delimiter = +", mail for name+foo is
       delivered to the alias name+foo or to the alias name, to the
       destinations listed in ~name/.forward+foo or in ~name/.forward, to the
       mailbox owned by the user name, or it is sent back as undeliverable.

DELIVERY RIGHTS
       Deliveries to external files and external commands are made with the
       rights of the receiving user on whose behalf the delivery is made.  In
       the absence of a user context, the local(8) daemon uses the owner
       rights of the :include: file or alias database.  When those files are
       owned by the superuser, delivery is made with the rights specified with
       the default_privs configuration parameter.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)
       RFC 3463 (Enhanced status codes)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).  Corrupted message
       files are marked so that the queue manager can move them to the corrupt
       queue afterwards.

       Depending on the setting of the notify_classes parameter, the
       postmaster is notified of bounces and of other trouble.

SECURITY
       The local(8) delivery agent needs a dual personality 1) to access the
       private Postfix queue and IPC mechanisms, 2) to impersonate the
       recipient and deliver to recipient-specified files or commands. It is
       therefore security sensitive.

       The local(8) delivery agent disallows regular expression substitution
       of $1 etc. in alias_maps, because that would open a security hole.

       The local(8) delivery agent will silently ignore requests to use the
       proxymap(8) server within alias_maps. Instead it will open the table
       directly.  Before Postfix version 2.2, the local(8) delivery agent will
       terminate with a fatal error.

BUGS
       For security reasons, the message delivery status of external commands
       or of external files is never checkpointed to file. As a result, the
       program may occasionally deliver more than once to a command or
       external file. Better safe than sorry.

       Mutually-recursive aliases or ~/.forward files are not detected early.
       The resulting mail forwarding loop is broken by the use of the
       Delivered-To: message header.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up automatically, as local(8) processes
       run for only a limited amount of time. Use the command "postfix reload"
       to speed up a change.

       The text below provides only a parameter summary. See postconf(5) for
       more details including examples.

COMPATIBILITY CONTROLS

       biff (yes)
              Whether or not to use the local biff service.

       expand_owner_alias (no)
              When delivering to an alias "aliasname" that has an "owner-
              aliasname" companion alias, set the envelope sender address to
              the expansion of the "owner-aliasname" alias.

       owner_request_special (yes)
              Give special treatment to owner-listname and listname-request
              address localparts: don't split such addresses when the
              recipient_delimiter is set to "-".

       sun_mailtool_compatibility (no)
              Obsolete SUN mailtool compatibility feature.

       Available in Postfix version 2.3 and later:

       frozen_delivered_to (yes)
              Update the local(8) delivery agent's idea of the Delivered-To:
              address (see prepend_delivered_header) only once, at the start
              of a delivery attempt; do not update the Delivered-To: address
              while expanding aliases or .forward files.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer delivery when a mailbox file is not owned by its
              recipient.

       reset_owner_alias (no)
              Reset the local(8) delivery agent's idea of the owner-alias
              attribute, when delivering mail to a child alias that does not
              have its own owner alias.

DELIVERY METHOD CONTROLS
       The precedence of local(8) delivery methods from high to low is:
       aliases, .forward files, mailbox_transport_maps, mailbox_transport,
       mailbox_command_maps, mailbox_command, home_mailbox,
       mail_spool_directory, fallback_transport_maps, fallback_transport, and
       luser_relay.

       alias_maps (see 'postconf -d' output)
              The alias databases that are used for local(8) delivery.

       forward_path (see 'postconf -d' output)
              The local(8) delivery agent search list for finding a .forward
              file with user-specified delivery methods.

       mailbox_transport_maps (empty)
              Optional lookup tables with per-recipient message delivery
              transports to use for local(8) mailbox delivery, whether or not
              the recipients are found in the UNIX passwd database.

       mailbox_transport (empty)
              Optional message delivery transport that the local(8) delivery
              agent should use for mailbox delivery to all local recipients,
              whether or not they are found in the UNIX passwd database.

       mailbox_command_maps (empty)
              Optional lookup tables with per-recipient external commands to
              use for local(8) mailbox delivery.

       mailbox_command (empty)
              Optional external command that the local(8) delivery agent
              should use for mailbox delivery.

       home_mailbox (empty)
              Optional pathname of a mailbox file relative to a local(8)
              user's home directory.

       mail_spool_directory (see 'postconf -d' output)
              The directory where local(8) UNIX-style mailboxes are kept.

       fallback_transport_maps (empty)
              Optional lookup tables with per-recipient message delivery
              transports for recipients that the local(8) delivery agent could
              not find in the aliases(5) or UNIX password database.

       fallback_transport (empty)
              Optional message delivery transport that the local(8) delivery
              agent should use for names that are not found in the aliases(5)
              or UNIX password database.

       luser_relay (empty)
              Optional catch-all destination for unknown local(8) recipients.

       Available in Postfix version 2.2 and later:

       command_execution_directory (empty)
              The local(8) delivery agent working directory for delivery to
              external command.

MAILBOX LOCKING CONTROLS

       deliver_lock_attempts (20)
              The maximal number of attempts to acquire an exclusive lock on a
              mailbox file or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time between attempts to acquire an exclusive lock on a
              mailbox file or bounce(8) logfile.

       stale_lock_time (500s)
              The time after which a stale exclusive mailbox lockfile is
              removed.

       mailbox_delivery_lock (see 'postconf -d' output)
              How to lock a UNIX-style local(8) mailbox before attempting
              delivery.

RESOURCE AND RATE CONTROLS

       command_time_limit (1000s)
              Time limit for delivery to external commands.

       duplicate_filter_limit (1000)
              The maximal number of addresses remembered by the address
              duplicate filter for aliases(5) or virtual(5) alias expansion,
              or for showq(8) queue displays.

       local_destination_concurrency_limit (2)
              The maximal number of parallel deliveries via the local mail
              delivery transport to the same recipient (when
              "local_destination_recipient_limit = 1") or the maximal number
              of parallel deliveries to the same local domain (when
              "local_destination_recipient_limit > 1").

       local_destination_recipient_limit (1)
              The maximal number of recipients per message delivery via the
              local mail delivery transport.

       mailbox_size_limit (51200000)
              The maximal size of any local(8) individual mailbox or maildir
              file, or zero (no limit).

SECURITY CONTROLS

       allow_mail_to_commands (alias, forward)
              Restrict local(8) mail delivery to external commands.

       allow_mail_to_files (alias, forward)
              Restrict local(8) mail delivery to external files.

       command_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent allows
              in $name expansions of $mailbox_command and
              $command_execution_directory.

       default_privs (nobody)
              The default rights used by the local(8) delivery agent for
              delivery to external file or command.

       forward_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent allows
              in $name expansions of $forward_path.

       Available in Postfix version 2.2 and later:

       execution_directory_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent allows
              in $name expansions of $command_execution_directory.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer delivery when a mailbox file is not owned by its
              recipient.

MISCELLANEOUS CONTROLS

       config_directory (see 'postconf -d' output)
              The default location of the Postfix main.cf and master.cf
              configuration files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process may take to handle a
              request before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The maximal number of digits after the decimal point when
              logging sub-second delay values.

       export_environment (see 'postconf -d' output)
              The list of environment variables that a Postfix process will
              export to non-Postfix processes.

       ipc_timeout (3600s)
              The time limit for sending or receiving information over an
              internal communication channel.

       local_command_shell (empty)
              Optional shell program for local(8) delivery to non-Postfix
              command.

       max_idle (100s)
              The maximum amount of time that an idle Postfix daemon process
              waits for an incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a Postfix daemon
              process will service before terminating voluntarily.

       prepend_delivered_header (command, file, forward)
              The message delivery contexts where the Postfix local(8)
              delivery agent prepends a Delivered-To:  message header with the
              address that the mail was delivered to.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       propagate_unmatched_extensions (canonical, virtual)
              What address lookup tables copy an address extension from the
              lookup key to the lookup result.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
              The separator between user names and address extensions
              (user+foo).

       require_home_directory (no)
              Require that a local(8) recipient's home directory exists before
              mail delivery is attempted.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The mail system name that is prepended to the process name in
              syslog records, so that "smtpd" becomes, for example,
              "postfix/smtpd".

FILES
       The following are examples; details differ between systems.
       $HOME/.forward, per-user aliasing
       /etc/aliases, system-wide alias database
       /var/spool/mail, system mailboxes

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       newaliases(1), create/update alias database
       postalias(1), create/update alias database
       aliases(5), format of alias database
       postconf(5), configuration parameters
       master(5), generic daemon options
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The Delivered-To: message header appears in the qmail system by Daniel
       Bernstein.

       The maildir structure appears in the qmail system by Daniel Bernstein.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA



                                                                      LOCAL(8)