LOCAL(8) LOCAL(8)
NAME
local - Postfix local mail delivery
SYNOPSIS
local [generic Postfix daemon options]
DESCRIPTION
The local daemon processes delivery requests from the
Postfix queue manager to deliver mail to local recipients.
Each delivery request specifies a queue file, a sender
address, a domain or host to deliver to, and one or more
recipients. This program expects to be run from the mas-
ter(8) process manager.
The local daemon updates queue files and marks recipients
as finished, or it informs the queue manager that delivery
should be tried again at a later time. Delivery problem
reports are sent to the bounce(8) or defer(8) daemon as
appropriate.
SYSTEM-WIDE AND USER-LEVEL ALIASING
The system adminstrator can set up one or more system-wide
sendmail-style alias databases. Users can have sendmail-
style ~/.forward files. Mail for name is delivered to the
alias name, to destinations in ~name/.forward, to the
mailbox owned by the user name, or it is sent back as
undeliverable.
The system administrator can specify a comma/space sepa-
rated list of ~/.forward like files through the for-
ward_path configuration parameter. Upon delivery, the
local delivery agent tries each pathname in the list until
a file is found. The forward_path parameter is subject to
interpolation of $user (recipient username), $home (recip-
ient home directory), $shell (recipient shell), $recipient
(complete recipient address), $extension (recipient
address extension), $domain (recipient domain), local
(entire recipient address localpart) and $recipient_delim-
iter. The forms ${name?value} and ${name:value} expand
conditionally to value when $name is (is not) defined.
Characters that may have special meaning to the shell or
file system are replaced by underscores. The list of
acceptable characters is specified with the forward_expan-
sion_filter configuration parameter.
An alias or ~/.forward file may list any combination of
external commands, destination file names, :include:
directives, or mail addresses. See aliases(5) for a pre-
cise description. Each line in a user's .forward file has
the same syntax as the right-hand part of an alias.
When an address is found in its own alias expansion,
delivery is made to the user instead. When a user is
listed in the user's own ~/.forward file, delivery is made
1
LOCAL(8) LOCAL(8)
to the user's mailbox instead. An empty ~/.forward file
means do not forward mail.
In order to prevent the mail system from using up unrea-
sonable amounts of memory, input records read from
:include: or from ~/.forward files are broken up into
chunks of length line_length_limit.
While expanding aliases, ~/.forward files, and so on, the
program attempts to avoid duplicate deliveries. The dupli-
cate_filter_limit configuration parameter limits the num-
ber of remembered recipients.
MAIL FORWARDING
For the sake of reliability, forwarded mail is re-submit-
ted as a new message, so that each recipient has a sepa-
rate on-file delivery status record.
In order to stop mail forwarding loops early, the software
adds an optional Delivered-To: header with the envelope
recipient address. If mail arrives for a recipient that is
already listed in a Delivered-To: header, the message is
bounced.
MAILBOX DELIVERY
The default per-user mailbox is a file in the UNIX mail
spool directory (/var/mail/user or /var/spool/mail/user);
the location can be specified with the mail_spool_direc-
tory configuration parameter.
Alternatively, the per-user mailbox can be a file in the
user's home directory with a name specified via the
home_mailbox configuration parameter. Specify a relative
path name. Specify a name ending in / for qmail-compatible
maildir delivery.
Mailbox delivery can be delegated to an external command
specified with the mailbox_command configuration parame-
ter. The command executes with the privileges of the
recipient user (exception: in case of delivery as root,
the command executes with the privileges of
default_privs).
Mailbox delivery can be delegated to alternative message
transports specified in the master.cf file. The mail-
box_transport configuration parameter specifies a message
transport that is to be used for all local recipients,
regardless of whether they are found in the UNIX passwd
database. The fallback_transport parameter specifies a
message transport for recipients that are not found in the
UNIX passwd database.
In the case of UNIX-style mailbox delivery, the local dae-
mon prepends a "From sender time_stamp" envelope header to
2
LOCAL(8) LOCAL(8)
each message, prepends an optional Delivered-To: header
with the envelope recipient address, prepends a Return-
Path: header with the envelope sender address, prepends a
> character to lines beginning with "From ", and appends
an empty line. The mailbox is locked for exclusive access
while delivery is in progress. In case of problems, an
attempt is made to truncate the mailbox to its original
length.
In the case of maildir delivery, the local daemon prepends
an optional Delivered-To: header with the envelope recipi-
ent address and prepends a Return-Path: header with the
envelope sender address.
EXTERNAL COMMAND DELIVERY
The allow_mail_to_commands configuration parameter
restricts delivery to external commands. The default set-
ting (alias, forward) forbids command destinations in
:include: files.
The command is executed directly where possible. Assis-
tance by the shell (/bin/sh on UNIX systems) is used only
when the command contains shell magic characters, or when
the command invokes a shell built-in command.
A limited amount of command output (standard output and
standard error) is captured for inclusion with non-deliv-
ery status reports. A command is forcibly terminated if
it does not complete within command_time_limit seconds.
Command exit status codes are expected to follow the con-
ventions defined in <sysexits.h>.
A limited amount of message context is exported via envi-
ronment variables. Characters that may have special mean-
ing to the shell are replaced by underscores. The list of
acceptable characters is specified with the command_expan-
sion_filter configuration parameter.
SHELL The recipient user's login shell.
HOME The recipient user's home directory.
USER The bare recipient name.
EXTENSION
The optional recipient address extension.
DOMAIN The recipient address domain part.
LOGNAME
The bare recipient name.
LOCAL The entire recipient address localpart (text to the
left of the rightmost @ character).
3
LOCAL(8) LOCAL(8)
RECIPIENT
The entire recipient address.
The PATH environment variable is always reset to a system-
dependent default path, and the TZ (time zone) environment
variable is always passed on without change.
The current working directory is the mail queue directory.
The local daemon prepends a "From sender time_stamp" enve-
lope header to each message, prepends an optional Deliv-
ered-To: header with the recipient envelope address,
prepends a Return-Path: header with the sender envelope
address, and appends an empty line.
EXTERNAL FILE DELIVERY
The allow_mail_to_files configuration parameter restricts
delivery to external files. The default setting (alias,
forward) forbids file destinations in :include: files.
Specify a pathname ending in / for qmail-compatible
maildir delivery.
The local daemon prepends a "From sender time_stamp" enve-
lope header to each message, prepends an optional Deliv-
ered-To: header with the recipient envelope address,
prepends a > character to lines beginning with "From ",
and appends an empty line. The envelope sender address is
available in the Return-Path: header. When the destina-
tion is a regular file, it is locked for exclusive access
while delivery is in progress. In case of problems, an
attempt is made to truncate a regular file to its original
length.
In the case of maildir delivery, the local daemon prepends
an optional Delivered-To: header with the envelope recipi-
ent address. The envelope sender address is available in
the Return-Path: header.
ADDRESS EXTENSION
The optional recipient_delimiter configuration parameter
specifies how to separate address extensions from local
recipient names.
For example, with "recipient_delimiter = +", mail for
name+foo is delivered to the alias name+foo or to the
alias name, to the destinations listed in ~name/.for-
ward+foo or in ~name/.forward, to the mailbox owned by the
user name, or it is sent back as undeliverable.
In all cases the local daemon prepends an opional `Deliv-
ered-To: name+foo' header line.
DELIVERY RIGHTS
Deliveries to external files and external commands are
4
LOCAL(8) LOCAL(8)
made with the rights of the receiving user on whose behalf
the delivery is made. In the absence of a user context,
the local daemon uses the owner rights of the :include:
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the default_privs configuration parameter.
STANDARDS
RFC 822 (ARPA Internet Text Messages)
DIAGNOSTICS
Problems and transactions are logged to syslogd(8). Cor-
rupted message files are marked so that the queue manager
can move them to the corrupt queue afterwards.
Depending on the setting of the notify_classes parameter,
the postmaster is notified of bounces and of other trou-
ble.
BUGS
For security reasons, the message delivery status of
external commands or of external files is never check-
pointed to file. As a result, the program may occasionally
deliver more than once to a command or external file. Bet-
ter safe than sorry.
Mutually-recursive aliases or ~/.forward files are not
detected early. The resulting mail forwarding loop is
broken by the use of the Delivered-To: message header.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. See the Postfix main.cf file for syntax
details and for default values. Use the postfix reload
command after a configuration change.
Miscellaneous
alias_maps
List of alias databases.
expand_owner_alias
When delivering to an alias that has an owner- com-
panion alias, set the envelope sender address to
the right-hand side of the owner alias, instead
using of the left-hand side address.
forward_path
Search list for .forward files. The names are sub-
ject to $name expansion.
local_command_shell
Shell to use for external command execution (for
example, /some/where/smrsh -c). When a shell is
specified, it is invoked even when the command
5
LOCAL(8) LOCAL(8)
contains no shell built-in commands or meta charac-
ters.
owner_request_special
Give special treatment to owner-xxx and xxx-request
addresses.
prepend_delivered_header
Prepend an optional Delivered-To: header upon
external forwarding, delivery to command or file.
Specify zero or more of: command, file, forward.
Turning off Delivered-To: when forwarding mail is
not recommended.
recipient_delimiter
Separator between username and address extension.
Mailbox delivery
fallback_transport
Message transport for recipients that are not found
in the UNIX passwd database. This parameter over-
rides luser_relay.
home_mailbox
Pathname of a mailbox relative to a user's home
directory. Specify a path ending in / for maildir-
style delivery.
luser_relay
Destination (@domain or address) for non-existent
users. The address is subjected to $name expan-
sion.
mail_spool_directory
Directory with UNIX-style mailboxes. The default
pathname is system dependent.
mailbox_command
External command to use for mailbox delivery. The
command executes with the recipient privileges
(exception: root). The string is subject to $name
expansions.
mailbox_transport
Message transport to use for mailbox delivery to
all local recipients, whether or not they are found
in the UNIX passwd database. This parameter over-
rides all other configuration parameters that con-
trol mailbox delivery, including luser_relay.
Locking controls
deliver_lock_attempts
Limit the number of attempts to acquire an exclu-
sive lock on a mailbox or external file.
6
LOCAL(8) LOCAL(8)
deliver_lock_delay
Time in seconds between successive attempts to
acquire an exclusive lock.
stale_lock_time
Limit the time after which a stale lock is removed.
Resource controls
command_time_limit
Limit the amount of time for delivery to external
command.
duplicate_filter_limit
Limit the size of the duplicate filter for results
from alias etc. expansion.
line_length_limit
Limit the amount of memory used for processing a
partial input line.
local_destination_concurrency_limit
Limit the number of parallel deliveries to the same
user. The default limit is taken from the
default_destination_concurrency_limit parameter.
local_destination_recipient_limit
Limit the number of recipients per message deliv-
ery. The default limit is taken from the
default_destination_recipient_limit parameter.
Security controls
allow_mail_to_commands
Restrict the usage of mail delivery to external
command.
allow_mail_to_files
Restrict the usage of mail delivery to external
file.
command_expansion_filter
What characters are allowed to appear in $name
expansions of mailbox_command. Illegal characters
are replaced by underscores.
default_privs
Default rights for delivery to external file or
command.
forward_expansion_filter
What characters are allowed to appear in $name
expansions of forward_path. Illegal characters are
replaced by underscores.
7
LOCAL(8) LOCAL(8)
HISTORY
The Delivered-To: header appears in the qmail system by
Daniel Bernstein.
The maildir structure appears in the qmail system by
Daniel Bernstein.
SEE ALSO
aliases(5) format of alias database
bounce(8) non-delivery status reports
postalias(1) create/update alias database
syslogd(8) system logging
qmgr(8) queue manager
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
8