table of contents
- NAME
- SYNOPSIS
- DESCRIPTION
- CASE FOLDING
- SYSTEM-WIDE AND USER-LEVEL ALIASING
- MAIL FORWARDING
- MAILBOX DELIVERY
- EXTERNAL COMMAND DELIVERY
- EXTERNAL FILE DELIVERY
- ADDRESS EXTENSION
- DELIVERY RIGHTS
- STANDARDS
- DIAGNOSTICS
- SECURITY
- BUGS
- CONFIGURATION PARAMETERS
- COMPATIBILITY CONTROLS
- DELIVERY METHOD CONTROLS
- MAILBOX LOCKING CONTROLS
- RESOURCE AND RATE CONTROLS
- SECURITY CONTROLS
- MISCELLANEOUS CONTROLS
- FILES
- SEE ALSO
- LICENSE
- HISTORY
- AUTHOR(S)
other versions
- wheezy 2.9.6-2
- wheezy-backports 2.11.2-1~bpo70+1
- jessie 2.11.3-1+deb8u2
- testing 3.1.4-7
- unstable 3.1.4-7
- experimental 3.2.0-1
other sections
LOCAL(8postfix) | LOCAL(8postfix) |
NAME¶
local - Postfix local mail deliverySYNOPSIS¶
local [generic Postfix daemon options]
DESCRIPTION¶
The local(8) daemon processes delivery requests from the Postfix queue manager to deliver mail to local recipients. Each delivery request specifies a queue file, a sender address, a domain or host to deliver to, and one or more recipients. This program expects to be run from the master(8) process manager.
CASE FOLDING¶
All delivery decisions are made using the bare recipient name (i.e. the address localpart), folded to lower case. See also under ADDRESS EXTENSION below for a few exceptions.
SYSTEM-WIDE AND USER-LEVEL ALIASING¶
The system administrator can set up one or more system-wide sendmail-style alias databases. Users can have sendmail-style ~/. forward files. Mail for name is delivered to the alias name, to destinations in ~ name/.forward, to the mailbox owned by the user name, or it is sent back as undeliverable.
MAIL FORWARDING¶
For the sake of reliability, forwarded mail is re-submitted as a new message, so that each recipient has a separate on-file delivery status record.
MAILBOX DELIVERY¶
The default per-user mailbox is a file in the UNIX mail spool directory ( /var/mail/ user or /var/spool/mail/user); the location can be specified with the mail_spool_directory configuration parameter. Specify a name ending in / for qmail-compatible maildir delivery.
EXTERNAL COMMAND DELIVERY¶
The allow_mail_to_commands configuration parameter restricts delivery to external commands. The default setting ( alias, forward) forbids command destinations in :include: files.
- SHELL
- The recipient user's login shell.
- HOME
- The recipient user's home directory.
- USER
- The bare recipient name.
- EXTENSION
- The optional recipient address extension.
- DOMAIN
- The recipient address domain part.
- LOGNAME
- The bare recipient name.
- LOCAL
- The entire recipient address localpart (text to the left of the rightmost @ character).
- ORIGINAL_RECIPIENT
- The entire recipient address, before any address rewriting or aliasing (Postfix 2.5 and later).
- RECIPIENT
- The entire recipient address.
- SENDER
- The entire sender address.
- CLIENT_ADDRESS
- Remote client network address. Available as of Postfix 2.2.
- CLIENT_HELO
- Remote client EHLO command parameter. Available as of Postfix 2.2.
- CLIENT_HOSTNAME
- Remote client hostname. Available as of Postfix 2.2.
- CLIENT_PROTOCOL
- Remote client protocol. Available as of Postfix 2.2.
- SASL_METHOD
- SASL authentication method specified in the remote client AUTH command. Available as of Postfix 2.2.
- SASL_SENDER
- SASL sender address specified in the remote client MAIL FROM command. Available as of Postfix 2.2.
- SASL_USERNAME
- SASL username specified in the remote client AUTH command. Available as of Postfix 2.2.
EXTERNAL FILE DELIVERY¶
The delivery format depends on the destination filename syntax. The default is to use UNIX-style mailbox format. Specify a name ending in / for qmail-compatible maildir delivery.
ADDRESS EXTENSION¶
The optional recipient_delimiter configuration parameter specifies how to separate address extensions from local recipient names.
DELIVERY RIGHTS¶
Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made. In the absence of a user context, the local(8) daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter.
STANDARDS¶
RFC 822 (ARPA Internet Text Messages) RFC 3463 (Enhanced status codes)
DIAGNOSTICS¶
Problems and transactions are logged to syslogd(8). Corrupted message files are marked so that the queue manager can move them to the corrupt queue afterwards.
SECURITY¶
The local(8) delivery agent needs a dual personality 1) to access the private Postfix queue and IPC mechanisms, 2) to impersonate the recipient and deliver to recipient-specified files or commands. It is therefore security sensitive.
BUGS¶
For security reasons, the message delivery status of external commands or of external files is never checkpointed to file. As a result, the program may occasionally deliver more than once to a command or external file. Better safe than sorry.
CONFIGURATION PARAMETERS¶
Changes to main.cf are picked up automatically, as local(8) processes run for only a limited amount of time. Use the command " postfix reload" to speed up a change.
COMPATIBILITY CONTROLS¶
- biff (yes)
- Whether or not to use the local biff service.
- expand_owner_alias (no)
- When delivering to an alias "aliasname" that has an "owner-aliasname" companion alias, set the envelope sender address to the expansion of the "owner-aliasname" alias.
- owner_request_special (yes)
- Give special treatment to owner-listname and listname-request address localparts: don't split such addresses when the recipient_delimiter is set to "-".
- sun_mailtool_compatibility (no)
- Obsolete SUN mailtool compatibility feature.
- frozen_delivered_to (yes)
- Update the local(8) delivery agent's idea of the Delivered-To: address (see prepend_delivered_header) only once, at the start of a delivery attempt; do not update the Delivered-To: address while expanding aliases or .forward files.
- strict_mailbox_ownership (yes)
- Defer delivery when a mailbox file is not owned by its recipient.
- reset_owner_alias (no)
- Reset the local(8) delivery agent's idea of the owner-alias attribute, when delivering mail to a child alias that does not have its own owner alias.
DELIVERY METHOD CONTROLS¶
The precedence of local(8) delivery methods from high to low is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, fallback_transport_maps, fallback_transport, and luser_relay.
- alias_maps (see 'postconf -d' output)
- The alias databases that are used for local(8) delivery.
- forward_path (see 'postconf -d' output)
- The local(8) delivery agent search list for finding a .forward file with user-specified delivery methods.
- mailbox_transport_maps (empty)
- Optional lookup tables with per-recipient message delivery transports to use for local(8) mailbox delivery, whether or not the recipients are found in the UNIX passwd database.
- mailbox_transport (empty)
- Optional message delivery transport that the local(8) delivery agent should use for mailbox delivery to all local recipients, whether or not they are found in the UNIX passwd database.
- mailbox_command_maps (empty)
- Optional lookup tables with per-recipient external commands to use for local(8) mailbox delivery.
- mailbox_command (empty)
- Optional external command that the local(8) delivery agent should use for mailbox delivery.
- home_mailbox (empty)
- Optional pathname of a mailbox file relative to a local(8) user's home directory.
- mail_spool_directory (see 'postconf -d' output)
- The directory where local(8) UNIX-style mailboxes are kept.
- fallback_transport_maps (empty)
- Optional lookup tables with per-recipient message delivery transports for recipients that the local(8) delivery agent could not find in the aliases(5) or UNIX password database.
- fallback_transport (empty)
- Optional message delivery transport that the local(8) delivery agent should use for names that are not found in the aliases(5) or UNIX password database.
- luser_relay (empty)
- Optional catch-all destination for unknown local(8) recipients.
- command_execution_directory (empty)
- The local(8) delivery agent working directory for delivery to external command.
MAILBOX LOCKING CONTROLS¶
- deliver_lock_attempts (20)
- The maximal number of attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile.
- deliver_lock_delay (1s)
- The time between attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile.
- stale_lock_time (500s)
- The time after which a stale exclusive mailbox lockfile is removed.
- mailbox_delivery_lock (see 'postconf -d' output)
- How to lock a UNIX-style local(8) mailbox before attempting delivery.
RESOURCE AND RATE CONTROLS¶
- command_time_limit (1000s)
- Time limit for delivery to external commands.
- duplicate_filter_limit (1000)
- The maximal number of addresses remembered by the address duplicate filter for aliases(5) or virtual(5) alias expansion, or for showq(8) queue displays.
- local_destination_concurrency_limit (2)
- The maximal number of parallel deliveries via the local mail delivery transport to the same recipient (when "local_destination_recipient_limit = 1") or the maximal number of parallel deliveries to the same local domain (when "local_destination_recipient_limit > 1").
- local_destination_recipient_limit (1)
- The maximal number of recipients per message delivery via the local mail delivery transport.
- mailbox_size_limit (51200000)
- The maximal size of any local(8) individual mailbox or maildir file, or zero (no limit).
SECURITY CONTROLS¶
- allow_mail_to_commands (alias, forward)
- Restrict local(8) mail delivery to external commands.
- allow_mail_to_files (alias, forward)
- Restrict local(8) mail delivery to external files.
- command_expansion_filter (see 'postconf -d' output)
- Restrict the characters that the local(8) delivery agent allows in $name expansions of $mailbox_command and $command_execution_directory.
- default_privs (nobody)
- The default rights used by the local(8) delivery agent for delivery to external file or command.
- forward_expansion_filter (see 'postconf -d' output)
- Restrict the characters that the local(8) delivery agent allows in $name expansions of $forward_path.
- execution_directory_expansion_filter (see 'postconf -d' output)
- Restrict the characters that the local(8) delivery agent allows in $name expansions of $command_execution_directory.
- strict_mailbox_ownership (yes)
- Defer delivery when a mailbox file is not owned by its recipient.
MISCELLANEOUS CONTROLS¶
- config_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and master.cf configuration files.
- daemon_timeout (18000s)
- How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer.
- delay_logging_resolution_limit (2)
- The maximal number of digits after the decimal point when logging sub-second delay values.
- export_environment (see 'postconf -d' output)
- The list of environment variables that a Postfix process will export to non-Postfix processes.
- ipc_timeout (3600s)
- The time limit for sending or receiving information over an internal communication channel.
- local_command_shell (empty)
- Optional shell program for local(8) delivery to non-Postfix command.
- max_idle (100s)
- The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily.
- max_use (100)
- The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily.
- prepend_delivered_header (command, file, forward)
- The message delivery contexts where the Postfix local(8) delivery agent prepends a Delivered-To: message header with the address that the mail was delivered to.
- process_id (read-only)
- The process ID of a Postfix command or daemon process.
- process_name (read-only)
- The process name of a Postfix command or daemon process.
- propagate_unmatched_extensions (canonical, virtual)
- What address lookup tables copy an address extension from the lookup key to the lookup result.
- queue_directory (see 'postconf -d' output)
- The location of the Postfix top-level queue directory.
- recipient_delimiter (empty)
- The separator between user names and address extensions (user+foo).
- require_home_directory (no)
- Require that a local(8) recipient's home directory exists before mail delivery is attempted.
- syslog_facility (mail)
- The syslog facility of Postfix logging.
- syslog_name (see 'postconf -d' output)
- The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd".
FILES¶
The following are examples; details differ between systems. $HOME/.forward, per-user aliasing /etc/aliases, system-wide alias database /var/spool/mail, system mailboxes
SEE ALSO¶
qmgr(8), queue manager bounce(8), delivery status reports newaliases(1), create/update alias database postalias(1), create/update alias database aliases(5), format of alias database postconf(5), configuration parameters master(5), generic daemon options syslogd(8), system logging
LICENSE¶
The Secure Mailer license must be distributed with this software.
HISTORY¶
The Delivered-To: message header appears in the qmail system by Daniel Bernstein.
AUTHOR(S)¶
Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA