410 lines
15 KiB
Groff
410 lines
15 KiB
Groff
.TH LOCAL 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
local
|
|
\-
|
|
Postfix local mail delivery
|
|
.SH SYNOPSIS
|
|
.na
|
|
.nf
|
|
\fBlocal\fR [generic Postfix daemon options]
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The \fBlocal\fR daemon processes delivery requests from the
|
|
Postfix queue manager to deliver mail to local recipients.
|
|
Each delivery request specifies a queue file, a sender address,
|
|
a domain or host to deliver to, and one or more recipients.
|
|
This program expects to be run from the \fBmaster\fR(8) process
|
|
manager.
|
|
|
|
The \fBlocal\fR daemon updates queue files and marks recipients
|
|
as finished, or it informs the queue manager that delivery should
|
|
be tried again at a later time. Delivery problem reports are sent
|
|
to the \fBbounce\fR(8) or \fBdefer\fR(8) daemon as appropriate.
|
|
.SH SYSTEM-WIDE AND USER-LEVEL ALIASING
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The system adminstrator can set up one or more system-wide
|
|
\fBsendmail\fR-style alias databases.
|
|
Users can have \fBsendmail\fR-style ~/.\fBforward\fR files.
|
|
Mail for \fIname\fR is delivered to the alias \fIname\fR, to
|
|
destinations in ~\fIname\fR/.\fBforward\fR, to the mailbox owned
|
|
by the user \fIname\fR, or it is sent back as undeliverable.
|
|
|
|
The system administrator can specify a comma/space separated list
|
|
of ~\fR/.\fBforward\fR like files through the \fBforward_path\fR
|
|
configuration parameter. Upon delivery, the local delivery agent
|
|
tries each pathname in the list until a file is found.
|
|
The \fBforward_path\fR parameter is subject to interpolation of
|
|
\fB$user\fR (recipient username), \fB$home\fR (recipient home
|
|
directory), \fB$shell\fR (recipient shell), \fB$recipient\fR
|
|
(complete recipient address), \fB$extension\fR (recipient address
|
|
extension), \fB$domain\fR (recipient domain), \fBlocal\fR
|
|
(entire recipient address localpart) and
|
|
\fB$recipient_delimiter.\fR The forms \fI${name?value}\fR and
|
|
\fI${name:value}\fR expand conditionally to \fIvalue\fR when
|
|
\fI$name\fR is (is not) defined.
|
|
Characters that may have special meaning to the shell or file system
|
|
are replaced by underscores. The list of acceptable characters
|
|
is specified with the \fBforward_expansion_filter\fR configuration
|
|
parameter.
|
|
|
|
An alias or ~/.\fBforward\fR file may list any combination of external
|
|
commands, destination file names, \fB:include:\fR directives, or
|
|
mail addresses.
|
|
See \fBaliases\fR(5) for a precise description. Each line in a
|
|
user's .\fBforward\fR file has the same syntax as the right-hand part
|
|
of an alias.
|
|
|
|
When an address is found in its own alias expansion, delivery is
|
|
made to the user instead. When a user is listed in the user's own
|
|
~/.\fBforward\fR file, delivery is made to the user's mailbox instead.
|
|
An empty ~/.\fBforward\fR file means do not forward mail.
|
|
|
|
In order to prevent the mail system from using up unreasonable
|
|
amounts of memory, input records read from \fB:include:\fR or from
|
|
~/.\fBforward\fR files are broken up into chunks of length
|
|
\fBline_length_limit\fR.
|
|
|
|
While expanding aliases, ~/.\fBforward\fR files, and so on, the
|
|
program attempts to avoid duplicate deliveries. The
|
|
\fBduplicate_filter_limit\fR configuration parameter limits the
|
|
number of remembered recipients.
|
|
.SH MAIL FORWARDING
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
For the sake of reliability, forwarded mail is re-submitted as
|
|
a new message, so that each recipient has a separate on-file
|
|
delivery status record.
|
|
|
|
In order to stop mail forwarding loops early, the software adds an
|
|
optional
|
|
\fBDelivered-To:\fR header with the envelope recipient address. If
|
|
mail arrives for a recipient that is already listed in a
|
|
\fBDelivered-To:\fR header, the message is bounced.
|
|
.SH MAILBOX DELIVERY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The default per-user mailbox is a file in the UNIX mail spool
|
|
directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
|
|
the location can be specified with the \fBmail_spool_directory\fR
|
|
configuration parameter.
|
|
|
|
Alternatively, the per-user mailbox can be a file in the user's home
|
|
directory with a name specified via the \fBhome_mailbox\fR
|
|
configuration parameter. Specify a relative path name. Specify a name
|
|
ending in \fB/\fR for \fBqmail\fR-compatible \fBmaildir\fR delivery.
|
|
|
|
Mailbox delivery can be delegated to an external command specified
|
|
with the \fBmailbox_command\fR configuration parameter. The command
|
|
executes with the privileges of the recipient user (exception: in
|
|
case of delivery as root, the command executes with the privileges
|
|
of \fBdefault_privs\fR).
|
|
|
|
Mailbox delivery can be delegated to alternative message transports
|
|
specified in the \fBmaster.cf\fR file.
|
|
The \fBmailbox_transport\fR configuration parameter specifies a
|
|
message transport that is to be used for all local recipients,
|
|
regardless of whether they are found in the UNIX passwd database.
|
|
The \fBfallback_transport\fR parameter specifies a message transport
|
|
for recipients that are not found in the UNIX passwd database.
|
|
|
|
In the case of UNIX-style mailbox delivery,
|
|
the \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
|
|
envelope header to each message, prepends an
|
|
optional \fBDelivered-To:\fR header
|
|
with the envelope recipient address, prepends a \fBReturn-Path:\fR
|
|
header with the envelope sender address, prepends a \fB>\fR character
|
|
to lines beginning with "\fBFrom \fR", and appends an empty line.
|
|
The mailbox is locked for exclusive access while delivery is in
|
|
progress. In case of problems, an attempt is made to truncate the
|
|
mailbox to its original length.
|
|
|
|
In the case of \fBmaildir\fR delivery, the local daemon prepends
|
|
an optional
|
|
\fBDelivered-To:\fR header with the envelope recipient address
|
|
and prepends a \fBReturn-Path:\fR header with the envelope sender
|
|
address.
|
|
.SH EXTERNAL COMMAND DELIVERY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBallow_mail_to_commands\fR configuration parameter restricts
|
|
delivery to external commands. The default setting (\fBalias,
|
|
forward\fR) forbids command destinations in \fB:include:\fR files.
|
|
|
|
The command is executed directly where possible. Assistance by the
|
|
shell (\fB/bin/sh\fR on UNIX systems) is used only when the command
|
|
contains shell magic characters, or when the command invokes a shell
|
|
built-in command.
|
|
|
|
A limited amount of command output (standard output and standard
|
|
error) is captured for inclusion with non-delivery status reports.
|
|
A command is forcibly terminated if it does not complete within
|
|
\fBcommand_time_limit\fR seconds. Command exit status codes are
|
|
expected to follow the conventions defined in <\fBsysexits.h\fR>.
|
|
|
|
A limited amount of message context is exported via environment
|
|
variables. Characters that may have special meaning to the shell
|
|
are replaced by underscores. The list of acceptable characters
|
|
is specified with the \fBcommand_expansion_filter\fR configuration
|
|
parameter.
|
|
.IP \fBSHELL\fR
|
|
The recipient user's login shell.
|
|
.IP \fBHOME\fR
|
|
The recipient user's home directory.
|
|
.IP \fBUSER\fR
|
|
The bare recipient name.
|
|
.IP \fBEXTENSION\fR
|
|
The optional recipient address extension.
|
|
.IP \fBDOMAIN\fR
|
|
The recipient address domain part.
|
|
.IP \fBLOGNAME\fR
|
|
The bare recipient name.
|
|
.IP \fBLOCAL\fR
|
|
The entire recipient address localpart (text to the left of the
|
|
rightmost @ character).
|
|
.IP \fBRECIPIENT\fR
|
|
The entire recipient address.
|
|
.PP
|
|
The \fBPATH\fR environment variable is always reset to a
|
|
system-dependent default path, and the \fBTZ\fR (time zone)
|
|
environment variable is always passed on without change.
|
|
|
|
The current working directory is the mail queue directory.
|
|
|
|
The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
|
|
envelope header to each message, prepends an
|
|
optional \fBDelivered-To:\fR
|
|
header with the recipient envelope address, prepends a
|
|
\fBReturn-Path:\fR header with the sender envelope address,
|
|
and appends an empty line.
|
|
.SH EXTERNAL FILE DELIVERY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBallow_mail_to_files\fR configuration parameter restricts
|
|
delivery to external files. The default setting (\fBalias,
|
|
forward\fR) forbids file destinations in \fB:include:\fR files.
|
|
Specify a pathname ending in \fB/\fR for \fBqmail\fR-compatible
|
|
\fBmaildir\fR delivery.
|
|
|
|
The \fBlocal\fR daemon prepends a "\fBFrom \fIsender time_stamp\fR"
|
|
envelope header to each message, prepends an
|
|
optional \fBDelivered-To:\fR
|
|
header with the recipient envelope address, prepends a \fB>\fR
|
|
character to lines beginning with "\fBFrom \fR", and appends an
|
|
empty line.
|
|
The envelope sender address is available in the \fBReturn-Path:\fR
|
|
header.
|
|
When the destination is a regular file, it is locked for exclusive
|
|
access while delivery is in progress. In case of problems, an attempt
|
|
is made to truncate a regular file to its original length.
|
|
|
|
In the case of \fBmaildir\fR delivery, the local daemon prepends
|
|
an optional
|
|
\fBDelivered-To:\fR header with the envelope recipient address.
|
|
The envelope sender address is available in the \fBReturn-Path:\fR
|
|
header.
|
|
.SH ADDRESS EXTENSION
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The optional \fBrecipient_delimiter\fR configuration parameter
|
|
specifies how to separate address extensions from local recipient
|
|
names.
|
|
|
|
For example, with "\fBrecipient_delimiter = +\fR", mail for
|
|
\fIname\fR+\fIfoo\fR is delivered to the alias \fIname\fR+\fIfoo\fR
|
|
or to the alias \fIname\fR, to the destinations listed in
|
|
~\fIname\fR/.\fBforward\fR+\fIfoo\fR or in ~\fIname\fR/.\fBforward\fR,
|
|
to the mailbox owned by the user \fIname\fR, or it is sent back as
|
|
undeliverable.
|
|
|
|
In all cases the \fBlocal\fR daemon prepends an opional
|
|
`\fBDelivered-To:\fR \fIname\fR+\fIfoo\fR' header line.
|
|
.SH DELIVERY RIGHTS
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Deliveries to external files and external commands are made with
|
|
the rights of the receiving user on whose behalf the delivery is made.
|
|
In the absence of a user context, the \fBlocal\fR daemon uses the
|
|
owner rights of the \fB:include:\fR file or alias database.
|
|
When those files are owned by the superuser, delivery is made with
|
|
the rights specified with the \fBdefault_privs\fR configuration
|
|
parameter.
|
|
.SH STANDARDS
|
|
.na
|
|
.nf
|
|
RFC 822 (ARPA Internet Text Messages)
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to \fBsyslogd\fR(8).
|
|
Corrupted message files are marked so that the queue
|
|
manager can move them to the \fBcorrupt\fR queue afterwards.
|
|
|
|
Depending on the setting of the \fBnotify_classes\fR parameter,
|
|
the postmaster is notified of bounces and of other trouble.
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
For security reasons, the message delivery status of external commands
|
|
or of external files is never checkpointed to file. As a result,
|
|
the program may occasionally deliver more than once to a command or
|
|
external file. Better safe than sorry.
|
|
|
|
Mutually-recursive aliases or ~/.\fBforward\fR files are not detected
|
|
early. The resulting mail forwarding loop is broken by the use of the
|
|
\fBDelivered-To:\fR message header.
|
|
.SH CONFIGURATION PARAMETERS
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following \fBmain.cf\fR parameters are especially relevant to
|
|
this program. See the Postfix \fBmain.cf\fR file for syntax details
|
|
and for default values. Use the \fBpostfix reload\fR command after
|
|
a configuration change.
|
|
.SH Miscellaneous
|
|
.ad
|
|
.fi
|
|
.IP \fBalias_maps\fR
|
|
List of alias databases.
|
|
.IP \fBexpand_owner_alias\fR
|
|
When delivering to an alias that has an owner- companion alias,
|
|
set the envelope sender address to the right-hand side of the
|
|
owner alias, instead using of the left-hand side address.
|
|
.IP \fBforward_path\fR
|
|
Search list for .forward files. The names are subject to \fI$name\fR
|
|
expansion.
|
|
.IP \fBlocal_command_shell\fR
|
|
Shell to use for external command execution (for example,
|
|
/some/where/smrsh -c).
|
|
When a shell is specified, it is invoked even when the command
|
|
contains no shell built-in commands or meta characters.
|
|
.IP \fBowner_request_special\fR
|
|
Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
|
|
addresses.
|
|
.IP \fBprepend_delivered_header\fR
|
|
Prepend an optional \fBDelivered-To:\fR header upon external
|
|
forwarding, delivery to command or file. Specify zero or more of:
|
|
\fBcommand, file, forward\fR. Turning off \fBDelivered-To:\fR when
|
|
forwarding mail is not recommended.
|
|
.IP \fBrecipient_delimiter\fR
|
|
Separator between username and address extension.
|
|
.SH Mailbox delivery
|
|
.ad
|
|
.fi
|
|
.IP \fBfallback_transport\fR
|
|
Message transport for recipients that are not found in the UNIX
|
|
passwd database.
|
|
This parameter overrides \fBluser_relay\fR.
|
|
.IP \fBhome_mailbox\fR
|
|
Pathname of a mailbox relative to a user's home directory.
|
|
Specify a path ending in \fB/\fR for maildir-style delivery.
|
|
.IP \fBluser_relay\fR
|
|
Destination (\fI@domain\fR or \fIaddress\fR) for non-existent users.
|
|
The \fIaddress\fR is subjected to \fI$name\fR expansion.
|
|
.IP \fBmail_spool_directory\fR
|
|
Directory with UNIX-style mailboxes. The default pathname is system
|
|
dependent.
|
|
.IP \fBmailbox_command\fR
|
|
External command to use for mailbox delivery. The command executes
|
|
with the recipient privileges (exception: root). The string is subject
|
|
to $name expansions.
|
|
.IP \fBmailbox_transport\fR
|
|
Message transport to use for mailbox delivery to all local
|
|
recipients, whether or not they are found in the UNIX passwd database.
|
|
This parameter overrides all other configuration parameters that
|
|
control mailbox delivery, including \fBluser_relay\fR.
|
|
.SH "Locking controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBdeliver_lock_attempts\fR
|
|
Limit the number of attempts to acquire an exclusive lock
|
|
on a mailbox or external file.
|
|
.IP \fBdeliver_lock_delay\fR
|
|
Time in seconds between successive attempts to acquire
|
|
an exclusive lock.
|
|
.IP \fBstale_lock_time\fR
|
|
Limit the time after which a stale lock is removed.
|
|
.SH "Resource controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBcommand_time_limit\fR
|
|
Limit the amount of time for delivery to external command.
|
|
.IP \fBduplicate_filter_limit\fR
|
|
Limit the size of the duplicate filter for results from
|
|
alias etc. expansion.
|
|
.IP \fBline_length_limit\fR
|
|
Limit the amount of memory used for processing a partial
|
|
input line.
|
|
.IP \fBlocal_destination_concurrency_limit\fR
|
|
Limit the number of parallel deliveries to the same user.
|
|
The default limit is taken from the
|
|
\fBdefault_destination_concurrency_limit\fR parameter.
|
|
.IP \fBlocal_destination_recipient_limit\fR
|
|
Limit the number of recipients per message delivery.
|
|
The default limit is taken from the
|
|
\fBdefault_destination_recipient_limit\fR parameter.
|
|
.SH "Security controls"
|
|
.ad
|
|
.fi
|
|
.IP \fBallow_mail_to_commands\fR
|
|
Restrict the usage of mail delivery to external command.
|
|
.IP \fBallow_mail_to_files\fR
|
|
Restrict the usage of mail delivery to external file.
|
|
.IP \fBcommand_expansion_filter\fR
|
|
What characters are allowed to appear in $name expansions of
|
|
mailbox_command. Illegal characters are replaced by underscores.
|
|
.IP \fBdefault_privs\fR
|
|
Default rights for delivery to external file or command.
|
|
.IP \fBforward_expansion_filter\fR
|
|
What characters are allowed to appear in $name expansions of
|
|
forward_path. Illegal characters are replaced by underscores.
|
|
.SH HISTORY
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBDelivered-To:\fR header appears in the \fBqmail\fR system
|
|
by Daniel Bernstein.
|
|
|
|
The \fImaildir\fR structure appears in the \fBqmail\fR system
|
|
by Daniel Bernstein.
|
|
.SH SEE ALSO
|
|
.na
|
|
.nf
|
|
aliases(5) format of alias database
|
|
bounce(8) non-delivery status reports
|
|
postalias(1) create/update alias database
|
|
syslogd(8) system logging
|
|
qmgr(8) queue manager
|
|
.SH LICENSE
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH AUTHOR(S)
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|