Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
LOCAL(8)		    System Manager's Manual		      LOCAL(8)

NAME
       local - Postfix local mail delivery

SYNOPSIS
       local [generic Postfix daemon options]

DESCRIPTION
       The  local(8) daemon processes delivery requests	from the Postfix queue
       manager to deliver mail to local	 recipients.   Each  delivery  request
       specifies  a  queue file, a sender address, a domain or host to deliver
       to, and one or more recipients.	This program expects to	 be  run  from
       the master(8) process manager.

       The  local(8)  daemon  updates queue files and marks recipients as fin-
       ished, or it informs the	queue manager that delivery  should  be	 tried
       again  at  a  later  time.  Delivery  status  reports  are  sent	to the
       bounce(8), defer(8) or trace(8) daemon as appropriate.

CASE FOLDING
       All delivery decisions are made using the bare recipient	name (i.e. the
       address	localpart),  folded  to	 lower	case.	See also under ADDRESS
       EXTENSION below for a few exceptions.

SYSTEM-WIDE AND	USER-LEVEL ALIASING
       The system administrator	can set	up one or more	system-wide  sendmail-
       style alias databases.  Users can have sendmail-style ~/.forward	files.
       Mail for	name is	delivered  to  the  alias  name,  to  destinations  in
       ~name/.forward,	to  the	 mailbox owned by the user name, or it is sent
       back as undeliverable.

       The system administrator	can specify a comma/space  separated  list  of
       ~/.forward like files through the forward_path configuration parameter.
       Upon delivery, the local	delivery agent tries each pathname in the list
       until a file is found.

       Delivery	via ~/.forward files is	done with the privileges of the	recip-
       ient.  Thus, ~/.forward like files must be readable by  the  recipient,
       and  their  parent directory needs to have "execute" permission for the
       recipient.

       The forward_path	parameter is subject to	interpolation of $user (recip-
       ient  username),	 $home	(recipient  home directory), $shell (recipient
       shell), $recipient (complete recipient address),	$extension  (recipient
       address	extension), $domain (recipient domain),	$local (entire recipi-
       ent   address   localpart)   and	  $recipient_delimiter.	  The	 forms
       ${name?value}  and  ${name:value}  expand  conditionally	 to value when
       $name is	(is not) defined.  Characters that may have special meaning to
       the  shell  or  file  system  are replaced by underscores.  The list of
       acceptable characters is	specified  with	 the  forward_expansion_filter
       configuration parameter.

       An  alias  or ~/.forward	file may list any combination of external com-
       mands, destination file names, :include:	directives, or mail addresses.
       See  aliases(5)	for a precise description. Each	line in	a user's .for-
       ward file has the same syntax as	the right-hand part of an alias.

       When an address is found	in its own alias expansion, delivery  is  made
       to the user instead. When a user	is listed in the user's	own ~/.forward
       file, delivery is made to the user's mailbox instead.  An empty ~/.for-
       ward file means do not forward mail.

       In  order to prevent the	mail system from using up unreasonable amounts
       of memory, input	records	read from :include: or from  ~/.forward	 files
       are broken up into chunks of length line_length_limit.

       While  expanding	 aliases,  ~/.forward  files,  and  so on, the program
       attempts	to avoid duplicate deliveries. The duplicate_filter_limit con-
       figuration parameter limits the number of remembered recipients.

MAIL FORWARDING
       For  the	 sake  of reliability, forwarded mail is re-submitted as a new
       message,	so that	each recipient has a separate on-file delivery	status
       record.

       In  order  to  stop  mail  forwarding loops early, the software adds an
       optional	 Delivered-To:	header	with  the  final  envelope   recipient
       address.	 If  mail  arrives for a recipient that	is already listed in a
       Delivered-To: header, the message is bounced.

MAILBOX	DELIVERY
       The default per-user mailbox is a file in the UNIX mail spool directory
       (/var/mail/user or /var/spool/mail/user); the location can be specified
       with the	mail_spool_directory configuration parameter. Specify  a  name
       ending in / for qmail-compatible	maildir	delivery.

       Alternatively,  the  per-user  mailbox can be a file in the user's home
       directory with a	name  specified	 via  the  home_mailbox	 configuration
       parameter. Specify a relative path name.	Specify	a name ending in / for
       qmail-compatible	maildir	delivery.

       Mailbox delivery	can be delegated to an external	command	specified with
       the  mailbox_command_maps and mailbox_command configuration parameters.
       The command executes with the privileges	of the recipient user  (excep-
       tions:  secondary  groups are not enabled; in case of delivery as root,
       the command executes with the privileges	of default_privs).

       Mailbox delivery	can be delegated  to  alternative  message  transports
       specified  in the master.cf file.  The mailbox_transport_maps and mail-
       box_transport configuration  parameters	specify	 an  optional  message
       transport  that	is  to be used for all local recipients, regardless of
       whether they  are  found	 in  the  UNIX	passwd	database.   The	 fall-
       back_transport_maps   and   fallback_transport  parameters  specify  an
       optional	message	transport for recipients that are  not	found  in  the
       aliases(5) or UNIX passwd database.

       In  the	case  of  UNIX-style  mailbox  delivery,  the  local(8)	daemon
       prepends	a "From	sender time_stamp" envelope header  to	each  message,
       prepends	 an  X-Original-To: header with	the recipient address as given
       to Postfix, prepends an optional	Delivered-To: header  with  the	 final
       envelope	 recipient  address,  prepends	a Return-Path: header with the
       envelope	sender address,	prepends a > character to lines	beginning with
       "From  ",  and appends an empty line.  The mailbox is locked for	exclu-
       sive access while delivery is in	progress.  In  case  of	 problems,  an
       attempt is made to truncate the mailbox to its original length.

       In  the case of maildir delivery, the local daemon prepends an optional
       Delivered-To:  header  with  the	 final	envelope  recipient   address,
       prepends	 an  X-Original-To: header with	the recipient address as given
       to Postfix, and prepends	a Return-Path: header with the envelope	sender
       address.

EXTERNAL COMMAND DELIVERY
       The  allow_mail_to_commands  configuration parameter restricts delivery
       to external commands. The default setting (alias, forward) forbids com-
       mand destinations in :include: files.

       Optionally, the process working directory is changed to the path	speci-
       fied with command_execution_directory (Postfix 2.2 and later).  Failure
       to change directory causes mail to be deferred.

       The  command_execution_directory	parameter value	is subject to interpo-
       lation of $user (recipient username), $home (recipient home directory),
       $shell  (recipient  shell),  $recipient	(complete  recipient address),
       $extension (recipient address extension), $domain  (recipient  domain),
       $local  (entire	recipient address localpart) and $recipient_delimiter.
       The forms ${name?value} and ${name:value} expand	conditionally to value
       when $name is (is not) defined.	Characters that	may have special mean-
       ing to the shell	or file	system are replaced by underscores.  The  list
       of   acceptable	characters  is	specified  with	 the  execution_direc-
       tory_expansion_filter configuration parameter.

       The command is executed directly	 where	possible.  Assistance  by  the
       shell  (/bin/sh on UNIX systems)	is used	only when the command contains
       shell magic characters, or when the command invokes  a  shell  built-in
       command.

       A limited amount	of command output (standard output and standard	error)
       is captured for inclusion with non-delivery status reports.  A  command
       is   forcibly   terminated   if	 it  does  not	complete  within  com-
       mand_time_limit seconds.	 Command exit status  codes  are  expected  to
       follow  the  conventions	 defined in <sysexits.h>.  Exit	status 0 means
       normal successful completion.

       Postfix version 2.3 and later support RFC  3463-style  enhanced	status
       codes.	If  a  command terminates with a non-zero exit status, and the
       command output begins with an enhanced status code,  this  status  code
       takes precedence	over the non-zero exit status.

       A  limited  amount of message context is	exported via environment vari-
       ables. Characters that may  have	 special  meaning  to  the  shell  are
       replaced	 by  underscores.  The list of acceptable characters is	speci-
       fied with the command_expansion_filter configuration parameter.

       SHELL  The recipient user's login shell.

       HOME   The recipient user's home	directory.

       USER   The bare recipient name.

       EXTENSION
	      The optional recipient address extension.

       DOMAIN The recipient address domain part.

       LOGNAME
	      The bare recipient name.

       LOCAL  The entire recipient address localpart (text to the left of  the
	      rightmost	@ character).

       ORIGINAL_RECIPIENT
	      The  entire  recipient  address, before any address rewriting or
	      aliasing (Postfix	2.5 and	later).

       RECIPIENT
	      The entire recipient address.

       SENDER The entire sender	address.

       Additional remote client	information is made available via the  follow-
       ing environment variables:

       CLIENT_ADDRESS
	      Remote client network address. Available as of Postfix 2.2.

       CLIENT_HELO
	      Remote  client  EHLO  command parameter. Available as of Postfix
	      2.2.

       CLIENT_HOSTNAME
	      Remote client hostname. Available	as of Postfix 2.2.

       CLIENT_PROTOCOL
	      Remote client protocol. Available	as of Postfix 2.2.

       SASL_METHOD
	      SASL authentication method specified in the remote  client  AUTH
	      command. Available as of Postfix 2.2.

       SASL_SENDER
	      SASL  sender  address  specified	in the remote client MAIL FROM
	      command. Available as of Postfix 2.2.

       SASL_USERNAME
	      SASL username specified  in  the	remote	client	AUTH  command.
	      Available	as of Postfix 2.2.

       The  PATH  environment  variable	 is always reset to a system-dependent
       default path, and environment variables whose names are blessed by  the
       export_environment configuration	parameter are exported unchanged.

       The current working directory is	the mail queue directory.

       The local(8) daemon prepends a "From sender time_stamp" envelope	header
       to each message,	prepends an X-Original-To: header with	the  recipient
       address	as given to Postfix, prepends an optional Delivered-To:	header
       with the	final recipient	 envelope  address,  prepends  a  Return-Path:
       header with the sender envelope address,	and appends no empty line.

EXTERNAL FILE DELIVERY
       The  delivery  format  depends on the destination filename syntax.  The
       default is to use UNIX-style mailbox format.  Specify a name ending  in
       / for qmail-compatible maildir delivery.

       The  allow_mail_to_files	 configuration parameter restricts delivery to
       external	files. The default setting (alias, forward) forbids file  des-
       tinations in :include: files.

       In  the	case  of  UNIX-style  mailbox  delivery,  the  local(8)	daemon
       prepends	a "From	sender time_stamp" envelope header  to	each  message,
       prepends	 an  X-Original-To: header with	the recipient address as given
       to Postfix, prepends an optional	Delivered-To: header  with  the	 final
       recipient  envelope  address, prepends a	> character to lines beginning
       with "From ", and appends an empty line.	 The envelope  sender  address
       is  available  in  the  Return-Path: header.  When the destination is a
       regular file, it	is locked for exclusive	access while  delivery	is  in
       progress. In case of problems, an attempt is made to truncate a regular
       file to its original length.

       In the case of maildir delivery,	the local daemon prepends an  optional
       Delivered-To:  header  with  the	 final envelope	recipient address, and
       prepends	an X-Original-To: header with the recipient address  as	 given
       to  Postfix.   The  envelope sender address is available	in the Return-
       Path: header.

ADDRESS	EXTENSION
       The optional recipient_delimiter	configuration parameter	specifies  how
       to separate address extensions from local recipient names.

       For  example,  with  "recipient_delimiter  =  +",  mail for name+foo is
       delivered to the	alias name+foo or to the alias name, to	 the  destina-
       tions listed in ~name/.forward+foo or in	~name/.forward,	to the mailbox
       owned by	the user name, or it is	sent back as undeliverable.

DELIVERY RIGHTS
       Deliveries to external files and	external commands are  made  with  the
       rights  of the receiving	user on	whose behalf the delivery is made.  In
       the absence of a	user context,  the  local(8)  daemon  uses  the	 owner
       rights  of  the :include: file or alias database.  When those files are
       owned by	the superuser, delivery	is made	with the rights	specified with
       the default_privs configuration parameter.

STANDARDS
       RFC 822 (ARPA Internet Text Messages)
       RFC 3463	(Enhanced status codes)

DIAGNOSTICS
       Problems	 and transactions are logged to	syslogd(8).  Corrupted message
       files are marked	so that	the queue manager can move them	to the corrupt
       queue afterwards.

       Depending  on the setting of the	notify_classes parameter, the postmas-
       ter is notified of bounces and of other trouble.

SECURITY
       The local(8) delivery agent needs a dual	personality 1) to  access  the
       private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
       ent and deliver to recipient-specified files or commands. It is	there-
       fore security sensitive.

       The  local(8)  delivery agent disallows regular expression substitution
       of $1 etc. in alias_maps, because that would open a security hole.

       The local(8) delivery agent will	silently ignore	requests  to  use  the
       proxymap(8)  server  within  alias_maps.	Instead	it will	open the table
       directly.  Before Postfix version 2.2, the local(8) delivery agent will
       terminate with a	fatal error.

BUGS
       For  security reasons, the message delivery status of external commands
       or of external files is never checkpointed to file. As  a  result,  the
       program	may occasionally deliver more than once	to a command or	exter-
       nal file. Better	safe than sorry.

       Mutually-recursive aliases or ~/.forward	files are not detected	early.
       The  resulting  mail forwarding loop is broken by the use of the	Deliv-
       ered-To:	message	header.

CONFIGURATION PARAMETERS
       Changes to main.cf are picked up	automatically, as  local(8)  processes
       run for only a limited amount of	time. Use the command "postfix reload"
       to speed	up a change.

       The text	below provides only a parameter	summary. See  postconf(5)  for
       more details including examples.

COMPATIBILITY CONTROLS
       biff (yes)
	      Whether or not to	use the	local biff service.

       expand_owner_alias (no)
	      When  delivering	to  an	alias  "aliasname" that	has an "owner-
	      aliasname" companion alias, set the envelope sender  address  to
	      the expansion of the "owner-aliasname" alias.

       owner_request_special (yes)
	      Give  special  treatment	to owner-listname and listname-request
	      address localparts: don't	split such addresses when the  recipi-
	      ent_delimiter is set to "-".

       sun_mailtool_compatibility (no)
	      Obsolete SUN mailtool compatibility feature.

       Available in Postfix version 2.3	and later:

       frozen_delivered_to (yes)
	      Update  the  local(8) delivery agent's idea of the Delivered-To:
	      address (see prepend_delivered_header) only once,	at  the	 start
	      of  a  delivery attempt; do not update the Delivered-To: address
	      while expanding aliases or .forward files.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership	(yes)
	      Defer delivery when a mailbox file is not	owned by  its  recipi-
	      ent.

       reset_owner_alias (no)
	      Reset  the  local(8)  delivery  agent's  idea of the owner-alias
	      attribute, when delivering mail to a child alias that  does  not
	      have its own owner alias.

DELIVERY METHOD	CONTROLS
       The  precedence	of  local(8)  delivery	methods	 from  high to low is:
       aliases,	 .forward  files,  mailbox_transport_maps,  mailbox_transport,
       mailbox_command_maps,  mailbox_command, home_mailbox, mail_spool_direc-
       tory, fallback_transport_maps, fallback_transport, and luser_relay.

       alias_maps (see 'postconf -d' output)
	      The alias	databases that are used	for local(8) delivery.

       forward_path (see 'postconf -d' output)
	      The local(8) delivery agent search list for finding  a  .forward
	      file with	user-specified delivery	methods.

       mailbox_transport_maps (empty)
	      Optional	lookup	tables	with  per-recipient  message  delivery
	      transports to use	for local(8) mailbox delivery, whether or  not
	      the recipients are found in the UNIX passwd database.

       mailbox_transport (empty)
	      Optional	message	 delivery transport that the local(8) delivery
	      agent should use for mailbox delivery to all  local  recipients,
	      whether or not they are found in the UNIX	passwd database.

       mailbox_command_maps (empty)
	      Optional	lookup	tables with per-recipient external commands to
	      use for local(8) mailbox delivery.

       mailbox_command (empty)
	      Optional external	 command  that	the  local(8)  delivery	 agent
	      should use for mailbox delivery.

       home_mailbox (empty)
	      Optional	pathname  of  a	 mailbox  file	relative to a local(8)
	      user's home directory.

       mail_spool_directory (see 'postconf -d' output)
	      The directory where local(8) UNIX-style mailboxes	are kept.

       fallback_transport_maps (empty)
	      Optional	lookup	tables	with  per-recipient  message  delivery
	      transports for recipients	that the local(8) delivery agent could
	      not find in the aliases(5) or UNIX password database.

       fallback_transport (empty)
	      Optional message delivery	transport that the  local(8)  delivery
	      agent  should use	for names that are not found in	the aliases(5)
	      or UNIX password database.

       luser_relay (empty)
	      Optional catch-all destination for unknown local(8) recipients.

       Available in Postfix version 2.2	and later:

       command_execution_directory (empty)
	      The local(8) delivery agent working directory  for  delivery  to
	      external command.

MAILBOX	LOCKING	CONTROLS
       deliver_lock_attempts (20)
	      The maximal number of attempts to	acquire	an exclusive lock on a
	      mailbox file or bounce(8)	logfile.

       deliver_lock_delay (1s)
	      The time between attempts	to acquire  an	exclusive  lock	 on  a
	      mailbox file or bounce(8)	logfile.

       stale_lock_time (500s)
	      The  time	 after	which  a  stale	 exclusive mailbox lockfile is
	      removed.

       mailbox_delivery_lock (see 'postconf -d'	output)
	      How to lock a  UNIX-style	 local(8)  mailbox  before  attempting
	      delivery.

RESOURCE AND RATE CONTROLS
       command_time_limit (1000s)
	      Time limit for delivery to external commands.

       duplicate_filter_limit (1000)
	      The maximal number of addresses remembered by the	address	dupli-
	      cate filter for aliases(5) or virtual(5) alias expansion,	or for
	      showq(8) queue displays.

       local_destination_concurrency_limit (2)
	      The  maximal  number  of	parallel deliveries via	the local mail
	      delivery transport to the	same recipient	(when  "local_destina-
	      tion_recipient_limit  =  1")  or	the maximal number of parallel
	      deliveries  to  the  same	 local	domain	(when  "local_destina-
	      tion_recipient_limit > 1").

       local_destination_recipient_limit (1)
	      The  maximal  number  of recipients per message delivery via the
	      local mail delivery transport.

       mailbox_size_limit (51200000)
	      The maximal size of any local(8) individual mailbox  or  maildir
	      file, or zero (no	limit).

SECURITY CONTROLS
       allow_mail_to_commands (alias, forward)
	      Restrict local(8)	mail delivery to external commands.

       allow_mail_to_files (alias, forward)
	      Restrict local(8)	mail delivery to external files.

       command_expansion_filter	(see 'postconf -d' output)
	      Restrict	the characters that the	local(8) delivery agent	allows
	      in $name	expansions  of	$mailbox_command  and  $command_execu-
	      tion_directory.

       default_privs (nobody)
	      The  default  rights  used  by  the  local(8) delivery agent for
	      delivery to external file	or command.

       forward_expansion_filter	(see 'postconf -d' output)
	      Restrict the characters that the local(8)	delivery agent	allows
	      in $name expansions of $forward_path.

       Available in Postfix version 2.2	and later:

       execution_directory_expansion_filter (see 'postconf -d' output)
	      Restrict	the characters that the	local(8) delivery agent	allows
	      in $name expansions of $command_execution_directory.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership	(yes)
	      Defer delivery when a mailbox file is not	owned by  its  recipi-
	      ent.

MISCELLANEOUS CONTROLS
       config_directory	(see 'postconf -d' output)
	      The  default  location of	the Postfix main.cf and	master.cf con-
	      figuration files.

       daemon_timeout (18000s)
	      How much time a Postfix daemon process  may  take	 to  handle  a
	      request before it	is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
	      The  maximal  number of digits after the decimal point when log-
	      ging sub-second delay values.

       export_environment (see 'postconf -d' output)
	      The list of environment variables	that a	Postfix	 process  will
	      export to	non-Postfix processes.

       ipc_timeout (3600s)
	      The  time	 limit	for  sending  or receiving information over an
	      internal communication channel.

       local_command_shell (empty)
	      Optional shell program for local(8) delivery to non-Postfix com-
	      mand.

       max_idle	(100s)
	      The  maximum  amount of time that	an idle	Postfix	daemon process
	      waits for	an incoming connection before terminating voluntarily.

       max_use (100)
	      The maximal number of incoming connections that a	Postfix	daemon
	      process will service before terminating voluntarily.

       prepend_delivered_header	(command, file,	forward)
	      The  message delivery contexts where the Postfix local(8)	deliv-
	      ery agent	prepends a  Delivered-To:   message  header  with  the
	      address that the mail was	delivered to.

       process_id (read-only)
	      The process ID of	a Postfix command or daemon process.

       process_name (read-only)
	      The process name of a Postfix command or daemon process.

       propagate_unmatched_extensions (canonical, virtual)
	      What  address  lookup  tables copy an address extension from the
	      lookup key to the	lookup result.

       queue_directory (see 'postconf -d' output)
	      The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
	      The set of characters that can separate a	 user  name  from  its
	      extension	 (example: user+foo), or a .forward file name from its
	      extension	(example: .forward+foo).

       require_home_directory (no)
	      Require that a local(8) recipient's home directory exists	before
	      mail delivery is attempted.

       syslog_facility (mail)
	      The syslog facility of Postfix logging.

       syslog_name (see	'postconf -d' output)
	      The  mail	 system	 name that is prepended	to the process name in
	      syslog records, so that "smtpd"  becomes,	 for  example,	"post-
	      fix/smtpd".

FILES
       The following are examples; details differ between systems.
       $HOME/.forward, per-user	aliasing
       /etc/aliases, system-wide alias database
       /var/spool/mail,	system mailboxes

SEE ALSO
       qmgr(8),	queue manager
       bounce(8), delivery status reports
       newaliases(1), create/update alias database
       postalias(1), create/update alias database
       aliases(5), format of alias database
       postconf(5), configuration parameters
       master(5), generic daemon options
       syslogd(8), system logging

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The  Delivered-To: message header appears in the	qmail system by	Daniel
       Bernstein.

       The maildir structure appears in	the qmail system by Daniel Bernstein.

AUTHOR(S)
       Wietse Venema
       IBM T.J.	Watson Research
       P.O. Box	704
       Yorktown	Heights, NY 10598, USA

								      LOCAL(8)

NAME | SYNOPSIS | DESCRIPTION | CASE FOLDING | SYSTEM-WIDE AND USER-LEVEL ALIASING | MAIL FORWARDING | MAILBOX DELIVERY | EXTERNAL COMMAND DELIVERY | EXTERNAL FILE DELIVERY | ADDRESS EXTENSION | DELIVERY RIGHTS | STANDARDS | DIAGNOSTICS | SECURITY | BUGS | CONFIGURATION PARAMETERS | COMPATIBILITY CONTROLS | DELIVERY METHOD CONTROLS | MAILBOX LOCKING CONTROLS | RESOURCE AND RATE CONTROLS | SECURITY CONTROLS | MISCELLANEOUS CONTROLS | FILES | SEE ALSO | LICENSE | HISTORY | AUTHOR(S)

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=local&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help