Seth Woolley's Man Viewer

local(8) - local - Postfix local mail delivery - man 8 local

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

LOCAL(8)                                                              LOCAL(8)



NAME
       local - Postfix local mail(1,8) delivery

SYNOPSIS
       local [generic Postfix daemon options]

DESCRIPTION
       The  local(8) daemon processes delivery requests from the Postfix queue(1,3)
       manager to deliver mail(1,8) to local  recipients.   Each  delivery  request
       specifies  a  queue(1,3) file(1,n), a sender address, a domain or host(1,5) to deliver
       to, and one or more recipients.  This program expects to  be  run  from
       the master(5,8)(8) process manager.

       The  local(8)  daemon  updates queue(1,3) files and marks recipients as fin-
       ished, or it informs the queue(1,3) manager that delivery  should  be  tried
       again  at  a  later  time.  Delivery  status  reports  are  sent to the
       bounce(8), defer(8) or trace(3x,n,3x _nc_tracebits)(8) daemon as appropriate.

SYSTEM-WIDE AND USER-LEVEL ALIASING
       The system administrator can set(7,n,1 builtins) up one or more  system-wide  sendmail(1,8)-
       style alias databases.  Users can have sendmail(1,8)-style ~/.forward files.
       Mail for name is delivered  to  the  alias  name,  to  destinations  in(1,8)
       ~name/.forward,  to  the  mailbox owned by the user name, or it is sent
       back as undeliverable.

       The system administrator can specify a comma/space  separated  list  of
       ~/.forward like files through the forward_path configuration parameter.
       Upon delivery, the local delivery agent tries each pathname in(1,8) the list
       until a file(1,n) is found.

       Delivery  via  ~/..forward  files  is  done  with the privileges of the
       recipient.  Thus, ~/.forward like files must be readable by the recipi-
       ent,  and their parent directory needs to have "execute" permission for
       the recipient.

       The forward_path parameter is subject to interpolation of $user (recip-
       ient  username),  $home  (recipient  home directory), $shell (recipient
       shell), $recipient (complete recipient address), $extension  (recipient
       address  extension), $domain (recipient domain), $local (entire recipi-
       ent   address   localpart)   and   $recipient_delimiter.   The    forms
       ${name?value}  and  ${name:value}  expand  conditionally  to value when
       $name is (is not) defined.  Characters that may have special meaning to
       the  shell  or  file(1,n)  system  are replaced by underscores.  The list of
       acceptable characters is specified  with  the  forward_expansion_filter
       configuration parameter.

       An  alias  or ~/.forward file(1,n) may list any combination of external com-
       mands, destination file(1,n) names, :include: directives, or mail(1,8) addresses.
       See  aliases(5)  for a precise description. Each line in(1,8) a user's .for-
       ward file(1,n) has the same syntax as the right-hand part of an alias.

       When an address is found in(1,8) its own alias expansion, delivery  is  made
       to the user instead. When a user is listed in(1,8) the user's own ~/.forward
       file(1,n), delivery is made to the user's mailbox instead.  An empty ~/.for-
       ward file(1,n) means do not forward mail.

       In  order to prevent the mail(1,8) system from using up unreasonable amounts
       of memory, input records read(2,n,1 builtins) from :include: or from  ~/.forward  files
       are broken up into chunks of length line_length_limit.

       While  expanding  aliases,  ~/.forward  files,  and  so on, the program
       attempts to avoid duplicate deliveries. The duplicate_filter_limit con-
       figuration parameter limits the number of remembered recipients.

MAIL FORWARDING
       For  the  sake  of reliability, forwarded mail(1,8) is re-submitted as a new
       message, so that each recipient has a separate on-file delivery  status
       record.

       In  order  to  stop  mail(1,8)  forwarding loops early, the software adds an
       optional  Delivered-To:  header  with  the  final  envelope   recipient
       address.  If  mail(1,8)  arrives for a recipient that is already listed in(1,8) a
       Delivered-To: header, the message is bounced.

MAILBOX DELIVERY
       The default per-user mailbox is a file(1,n) in(1,8) the UNIX mail(1,8) spool directory
       (/var/mail(1,8)/user or /var/spool/mail(1,8)/user); the location can be specified
       with the mail_spool_directory configuration parameter. Specify  a  name
       ending in(1,8) / for qmail-compatible maildir(1,5) delivery.

       Alternatively,  the  per-user  mailbox can be a file(1,n) in(1,8) the user's home
       directory with a name  specified  via  the  home_mailbox  configuration
       parameter. Specify a relative path name. Specify a name ending in(1,8) / for
       qmail-compatible maildir(1,5) delivery.

       Mailbox delivery can be delegated to an external command specified with
       the  mailbox_command configuration parameter. The command executes with
       the privileges of the recipient user (exceptions: secondary groups  are
       not enabled; in(1,8) case of delivery as root, the command executes with the
       privileges of default_privs).

       Mailbox delivery can be delegated  to  alternative  message  transports
       specified  in(1,8)  the master.cf file.  The mailbox_transport configuration
       parameter specifies a message transport that is  to  be  used  for  all
       local  recipients,  regardless  of  whether  they are found in(1,8) the UNIX
       passwd(1,5) database.  The fallback_transport parameter specifies a  message
       transport  for  recipients  that are not found in(1,8) the UNIX passwd(1,5) data-
       base.

       In the  case  of  UNIX-style  mailbox  delivery,  the  local(8)  daemon
       prepends  a  "From  sender time_stamp" envelope header to each message,
       prepends an X-Original-To: header with the recipient address  as  given
       to  Postfix,  prepends  an optional Delivered-To: header with the final
       envelope recipient address, prepends a  Return-Path:  header  with  the
       envelope sender address, prepends a > character to lines beginning with
       "From ", and appends an empty line.  The mailbox is locked  for  exclu-
       sive  access(2,5)  while  delivery  is  in(1,8) progress. In case of problems, an
       attempt is made to truncate(2,7) the mailbox to its original length.

       In the case of maildir(1,5) delivery, the local daemon prepends an  optional
       Delivered-To:   header  with  the  final  envelope  recipient  address,
       prepends an X-Original-To: header with the recipient address  as  given
       to Postfix, and prepends a Return-Path: header with the envelope sender
       address.

EXTERNAL COMMAND DELIVERY
       The allow_mail_to_commands configuration parameter  restricts  delivery
       to external commands. The default setting (alias, forward) forbids com-
       mand destinations in(1,8) :include: files.

       Optionally, the process working directory is changed to the path speci-
       fied  with command_execution_directory (Postfix 2.2 and later). Failure
       to change directory causes mail(1,8) to be deferred.

       The command_execution_directory parameter value is subject to  interpo-
       lation of $user (recipient username), $home (recipient home directory),
       $shell (recipient  shell),  $recipient  (complete  recipient  address),
       $extension  (recipient  address extension), $domain (recipient domain),
       $local (entire recipient address localpart)  and  $recipient_delimiter.
       The forms ${name?value} and ${name:value} expand conditionally to value
       when $name is (is not) defined.  Characters that may have special mean-
       ing  to the shell or file(1,n) system are replaced by underscores.  The list
       of  acceptable  characters  is  specified  with  the   execution_direc-
       tory_expansion_filter configuration parameter.

       The  command  is  executed  directly  where possible. Assistance by the
       shell (/bin/sh on UNIX systems) is used only when the command  contains
       shell  magic(4,5)  characters,  or when the command invokes a shell built-in
       command.

       A limited amount of command output (standard output and standard error(8,n))
       is  captured for inclusion with non-delivery status reports.  A command
       is  forcibly  terminated  if(3,n)  it  does   not   complete   within   com-
       mand_time_limit  seconds.   Command  exit(3,n,1 builtins)  status codes are expected to
       follow the conventions defined in(1,8) <sysexits.h>.

       A limited amount of message context is exported via  environment  vari-
       ables.  Characters  that  may  have  special  meaning  to the shell are
       replaced by underscores.  The list of acceptable characters  is  speci-
       fied with the command_expansion_filter configuration parameter.

       SHELL  The recipient user's login(1,3,5) shell.

       HOME   The recipient user's home directory.

       USER   The bare recipient name.

       EXTENSION
              The optional recipient address extension.

       DOMAIN The recipient address domain part.

       LOGNAME
              The bare recipient name.

       LOCAL  The  entire recipient address localpart (text to the left of the
              rightmost @ character).

       RECIPIENT
              The entire recipient address.

       SENDER The entire sender address.

       Additional remote client information is made available via the  follow-
       ing environment variables:

       CLIENT_ADDRESS
              Remote client network address. Available as of Postfix 2.2.

       CLIENT_HELO
              Remote  client  EHLO  command parameter. Available as of Postfix
              2.2.

       CLIENT_HOSTNAME
              Remote client hostname. Available as of Postfix 2.2.

       CLIENT_PROTOCOL
              Remote client protocol. Available as of Postfix 2.2.

       SASL_METHOD
              SASL authentication method specified in(1,8) the remote  client  AUTH
              command. Available as of Postfix 2.2.

       SASL_SENDER
              SASL  sender  address  specified  in(1,8) the remote client MAIL FROM
              command. Available as of Postfix 2.2.

       SASL_USERNAME
              SASL username specified  in(1,8)  the  remote  client  AUTH  command.
              Available as of Postfix 2.2.

       The  PATH  environment  variable  is always reset(1,7,1 tput) to a system-dependent
       default path, and environment variables whose names are blessed by  the
       export_environment configuration parameter are exported unchanged.

       The current working directory is the mail(1,8) queue(1,3) directory.

       The local(8) daemon prepends a "From sender time_stamp" envelope header
       to each message, prepends an X-Original-To: header with  the  recipient
       address  as given to Postfix, prepends an optional Delivered-To: header
       with the final recipient  envelope  address,  prepends  a  Return-Path:
       header with the sender envelope address, and appends no empty line.

EXTERNAL FILE DELIVERY
       The  delivery  format  depends on the destination filename syntax.  The
       default is to use UNIX-style mailbox format.  Specify a name ending  in(1,8)
       / for qmail-compatible maildir(1,5) delivery.

       The  allow_mail_to_files  configuration parameter restricts delivery to
       external files. The default setting (alias, forward) forbids file(1,n)  des-
       tinations in(1,8) :include: files.

       In  the  case  of  UNIX-style  mailbox  delivery,  the  local(8) daemon
       prepends a "From sender time_stamp" envelope header  to  each  message,
       prepends  an  X-Original-To: header with the recipient address as given
       to Postfix, prepends an optional Delivered-To: header  with  the  final
       recipient  envelope  address, prepends a > character to lines beginning
       with "From ", and appends an empty line.  The envelope  sender  address
       is  available  in(1,8)  the  Return-Path: header.  When the destination is a
       regular file(1,n), it is locked for exclusive access(2,5) while  delivery  is  in(1,8)
       progress. In case of problems, an attempt is made to truncate(2,7) a regular
       file(1,n) to its original length.

       In the case of maildir(1,5) delivery, the local daemon prepends an  optional
       Delivered-To:  header  with  the  final envelope recipient address, and
       prepends an X-Original-To: header with the recipient address  as  given
       to  Postfix.   The  envelope sender address is available in(1,8) the Return-
       Path: header.

ADDRESS EXTENSION
       The optional recipient_delimiter configuration parameter specifies  how
       to separate address extensions from local recipient names.

       For  example,  with  "recipient_delimiter  =  +",  mail(1,8) for name+foo is
       delivered to the alias name+foo or to the alias name, to  the  destina-
       tions listed in(1,8) ~name/.forward+foo or in(1,8) ~name/.forward, to the mailbox
       owned by the user name, or it is sent back as undeliverable.

       In all cases the local(8) daemon prepends  an  optional  `Delivered-To:
       header line with the final recipient address.

DELIVERY RIGHTS
       Deliveries  to  external  files and external commands are made with the
       rights of the receiving user on whose behalf the delivery is made.   In
       the  absence  of  a  user  context,  the local(8) daemon uses the owner
       rights of the :include: file(1,n) or alias database.  When those  files  are
       owned by the superuser, delivery is made with the rights specified with
       the default_privs configuration parameter.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).  Corrupted  message
       files are marked so that the queue(1,3) manager can move(3x,7,3x curs_move) them to the corrupt
       queue(1,3) afterwards.

       Depending on the setting of the notify_classes parameter, the  postmas-
       ter is notified of bounces and of other trouble.

SECURITY
       The  local(8)  delivery agent needs a dual personality 1) to access(2,5) the
       private Postfix queue(1,3) and IPC mechanisms, 2) to impersonate the recipi-
       ent  and deliver to recipient-specified files or commands. It is there-
       fore security sensitive.

       The local(8) delivery agent disallows regular  expression  substitution
       of $1 etc. in(1,8) alias_maps, because that would open(2,3,n) a security hole.

       The  local(8)  delivery  agent will silently ignore requests to use the
       proxymap(8) server within alias_maps. Instead it will  open(2,3,n)  the  table
       directly.  Before Postfix version(1,3,5) 2.2, the local(8) delivery agent will
       terminate with a fatal error.

BUGS
       For security reasons, the message delivery status of external  commands
       or  of  external  files is never checkpointed to file. As a result, the
       program may occasionally deliver more than once to a command or  exter-
       nal file. Better safe than sorry.

       Mutually-recursive  aliases or ~/.forward files are not detected early.
       The resulting mail(1,8) forwarding loop is broken by the use of  the  Deliv-
       ered-To: message header.

CONFIGURATION PARAMETERS
       Changes  to  main.cf are picked up automatically, as local(8) processes
       run for only a limited amount of time. Use the command "postfix reload"
       to speed up a change.

       The  text  below provides only a parameter summary. See postconf(1,5)(5) for
       more details including examples.

COMPATIBILITY CONTROLS
       biff (yes)
              Whether or not to use the local biff service.

       expand_owner_alias (no)
              When delivering to an alias  "aliasname"  that  has  an  "owner-
              aliasname"  companion  alias, set(7,n,1 builtins) the envelope sender address to
              the expansion of the "owner-aliasname" alias.

       owner_request_special (yes)
              Give special treatment to  owner-listname  and  listname-request
              address  localparts: don't split(1,n) such addresses when the recipi-
              ent_delimiter is set(7,n,1 builtins) to "-".

       sun_mailtool_compatibility (no)
              Obsolete SUN mailtool compatibility feature.

DELIVERY METHOD CONTROLS
       The precedence of local(8)  delivery  methods  from  high  to  low  is:
       aliases, .forward files, mailbox_transport, mailbox_command_maps, mail-
       box_command, home_mailbox, mail_spool_directory, fallback_transport and
       luser_relay.

       alias_maps (see 'postconf(1,5) -d' output)
              The alias databases that are used for local(8) delivery.

       forward_path (see 'postconf(1,5) -d' output)
              The  local(8)  delivery agent search list for finding a .forward
              file(1,n) with user-specified delivery methods.

       mailbox_transport (empty)
              Optional message delivery transport that the  local(8)  delivery
              agent  should  use for mailbox delivery to all local recipients,
              whether or not they are found in(1,8) the UNIX passwd(1,5) database.

       mailbox_command_maps (empty)
              Optional lookup tables with per-recipient external  commands  to
              use for local(8) mailbox delivery.

       mailbox_command (empty)
              Optional  external  command  that  the  local(8)  delivery agent
              should use for mailbox delivery.

       home_mailbox (empty)
              Optional pathname of a  mailbox  file(1,n)  relative  to  a  local(8)
              user's home directory.

       mail_spool_directory (see 'postconf(1,5) -d' output)
              The directory where local(8) UNIX-style mailboxes are kept.

       fallback_transport (empty)
              Optional  message  delivery transport that the local(8) delivery
              agent should use for names that are not found in(1,8) the  aliases(5)
              database or in(1,8) the UNIX passwd(1,5) database.

       luser_relay (empty)
              Optional  catch-all destination for unknown local(8) recipients.

       Available in(1,8) Postfix version(1,3,5) 2.2 and later:

       command_execution_directory (empty)
              The local(8) delivery agent working directory  for  delivery  to
              external command.

MAILBOX LOCKING CONTROLS
       deliver_lock_attempts (20)
              The maximal number of attempts to acquire an exclusive lock on a
              mailbox file(1,n) or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time(1,2,n) between attempts to acquire  an  exclusive  lock  on  a
              mailbox file(1,n) or bounce(8) logfile.

       stale_lock_time (500s)
              The  time(1,2,n)  after  which  a  stale  exclusive mailbox lockfile is
              removed.

       mailbox_delivery_lock (see 'postconf(1,5) -d' output)
              How to lock a  UNIX-style  local(8)  mailbox  before  attempting
              delivery.

RESOURCE AND RATE CONTROLS
       command_time_limit (1000s)
              Time limit for delivery to external commands.

       duplicate_filter_limit (1000)
              The maximal number of addresses remembered by the address dupli-
              cate filter(1,3x,3x curs_util) for aliases(5) or virtual(5,8)(5) alias expansion, or for
              showq(8) queue(1,3) displays.

       local_destination_concurrency_limit (2)
              The  maximal  number  of  parallel deliveries via the local mail(1,8)
              delivery transport to the same recipient  (when  "local_destina-
              tion_recipient_limit  =  1")  or  the maximal number of parallel
              deliveries  to  the  same  local  domain  (when  "local_destina-
              tion_recipient_limit > 1").

       local_destination_recipient_limit (1)
              The  maximal  number  of recipients per message delivery via the
              local mail(1,8) delivery transport.

       mailbox_size_limit (51200000)
              The maximal size of any local(8) individual mailbox  or  maildir(1,5)
              file(1,n), or zero (no limit).

SECURITY CONTROLS
       allow_mail_to_commands (alias, forward)
              Restrict local(8) mail(1,8) delivery to external commands.

       allow_mail_to_files (alias, forward)
              Restrict local(8) mail(1,8) delivery to external files.

       command_expansion_filter (see 'postconf(1,5) -d' output)
              Restrict  the characters that the local(8) delivery agent allows
              in(1,8) $name expansions of $mailbox_command.

       default_privs (nobody)
              The default rights used  by  the  local(8)  delivery  agent  for
              delivery to external file(1,n) or command.

       forward_expansion_filter (see 'postconf(1,5) -d' output)
              Restrict  the characters that the local(8) delivery agent allows
              in(1,8) $name expansions of $forward_path.

       Available in(1,8) Postfix version(1,3,5) 2.2 and later:

       execution_directory_expansion_filter (see 'postconf(1,5) -d' output)
              Restrict the characters that the local(8) delivery agent  allows
              in(1,8) $name expansions of $command_execution_directory.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf(1,5) -d' output)
              The  default  location of the Postfix main.cf and master.cf con-
              figuration files.

       daemon_timeout (18000s)
              How much time(1,2,n) a Postfix daemon process  may  take  to  handle  a
              request before it is terminated by a built-in watchdog(5,8) timer.

       export_environment (see 'postconf(1,5) -d' output)
              The  list  of  environment variables that a Postfix process will
              export to non-Postfix processes.

       ipc_timeout (3600s)
              The time(1,2,n) limit for sending  or  receiving  information  over  an
              internal communication channel.

       local_command_shell (empty)
              Optional shell program for local(8) delivery to non-Postfix com-
              mand.

       max_idle (100s)
              The maximum amount of time(1,2,n) that an idle Postfix  daemon  process
              waits for the next service request before exiting.

       max_use (100)
              The  maximal number of connection requests before a Postfix dae-
              mon process terminates.

       prepend_delivered_header (command, file(1,n), forward)
              The message delivery contexts where the Postfix local(8)  deliv-
              ery agent prepends a Delivered-To:  message header.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       propagate_unmatched_extensions (canonical, virtual(5,8))
              What  address  lookup  tables copy an address extension from the
              lookup key to the lookup result.

       queue_directory (see 'postconf(1,5) -d' output)
              The location of the Postfix top-level queue(1,3) directory.

       recipient_delimiter (empty)
              The  separator  between  user  names  and   address   extensions
              (user+foo).

       require_home_directory (no)
              Whether  or not a local(8) recipient's home directory must exist
              before mail(1,8) delivery is attempted.

       syslog_facility (mail(1,8))
              The syslog(2,3,5,3 Sys::Syslog) facility of Postfix logging.

       syslog_name (postfix)
              The mail(1,8) system name that is prepended to the  process  name  in(1,8)
              syslog(2,3,5,3 Sys::Syslog)  records,  so  that  "smtpd" becomes, for example, "post-
              fix/smtpd".

FILES
       The following are examples; details differ between systems.
       $HOME/.forward, per-user aliasing
       /etc/aliases, system-wide alias database
       /var/spool/mail(1,8), system mailboxes

SEE ALSO
       qmgr(8), queue(1,3) manager
       bounce(8), delivery status reports
       newaliases(1), create/update(7,n) alias database
       postalias(1), create/update(7,n) alias database
       aliases(5), format of alias database
       postconf(1,5)(5), configuration parameters
       master(5,8)(5), generic daemon options
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The Delivered-To: message header appears in(1,8) the qmail system by  Daniel
       Bernstein.

       The  maildir(1,5) structure appears in(1,8) the qmail system by Daniel Bernstein.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA



                                                                      LOCAL(8)

References for this manual (incoming links)