40 lines
2.0 KiB
Plaintext
40 lines
2.0 KiB
Plaintext
Local delivery models
|
|
|
|
The "monolithic" model: recursively expand the complete initial
|
|
recipient list (via aliases, mailing lists, .forward files) to one
|
|
expanded recipient list (mail addresses, shell commands, files,
|
|
mailboxes). Sort/uniq the expanded recipient list, and deliver.
|
|
|
|
The "forward as if sent by recipient" model: each level of recursion
|
|
(aliases, mailing lists, forward files) takes one entire iteration
|
|
through the mail system. Non-recursively expand one local recipient
|
|
(via alias, mailing list, the recipient's .forward file) to a list
|
|
of expanded recipients. Sort/uniq the list and deliver by re-injecting
|
|
messages into the mail system. Since recipient expansion uses a
|
|
non-recursive algorithm, the mailer might loop indefinitely,
|
|
re-injecting messages into itself. These local forwarding loops
|
|
must be broken by stamping a message when it reaches the local
|
|
delivery stage (e.g., by adding a Delivered-To: message header).
|
|
|
|
The Postfix system uses a hybrid approach. It does recursive alias
|
|
expansion, but only one initial recipient at a time. It delivers
|
|
to expanded recipients by re-submitting the message into the mail
|
|
system, so it can keep track of the delivery status for each expanded
|
|
recipient. Because alias expansion does not look in .forward files,
|
|
it cannot prevent local forwarding loops. The Postfix system adds
|
|
Delivered: message headers to break local and external forwarding
|
|
loops.
|
|
|
|
Delivery status management
|
|
|
|
The "exact" model: maintain on file the delivery status of each
|
|
expanded recipient: remote recipients, shell commands and files,
|
|
including the privileges for delivery to shell commands and files.
|
|
|
|
The "safe" model: maintain on file only the delivery status of
|
|
non-sensitive destinations (local or remote addresses). Deliver to
|
|
sensitive destinations first (commands, files), but do not keep a
|
|
record of their status on file (including privileges). This means
|
|
that the mail system will occasionally deliver the same message
|
|
more than once to a file or command.
|