llooccaall [generic Postfix daemon options]
The llooccaall(8) daemon updates queue files and marks recipients as finished, or it informs the queue manager that delivery should be tried again at a later time. Delivery status reports are sent to the bboouunnccee(8), ddeeffeerr(8) or ttrraaccee(8) daemon as appropriate.
All delivery decisions are made using the bare recipient name (i.e. the address localpart), folded to lower case. See also under ADDRESS EXTENSION below for a few exceptions.
The system administrator can set up one or more system-wide sseennddmmaaiill-style alias databases. Users can have sseennddmmaaiill-style ~/.ffoorrwwaarrdd files. Mail for _n_a_m_e is delivered to the alias _n_a_m_e, to destinations in ~_n_a_m_e/.ffoorrwwaarrdd, to the mailbox owned by the user _n_a_m_e, or it is sent back as undeliverable.
The system administrator can specify a comma/space separated list of ~/.ffoorrwwaarrdd like files through the ffoorrwwaarrdd__ppaatthh configuration parameter. Upon delivery, the local delivery agent tries each pathname in the list until a file is found.
Delivery via ~/.ffoorrwwaarrdd files is done with the privileges of the recipient. Thus, ~/.ffoorrwwaarrdd like files must be readable by the recipient, and their parent directory needs to have "execute" permission for the recipient.
The ffoorrwwaarrdd__ppaatthh parameter is subject to interpolation of $$uusseerr (recipient username), $$hhoommee (recipient home directory), $$sshheellll (recipient shell), $$rreecciippiieenntt (complete recipient address), $$eexxtteennssiioonn (recipient address extension), $$ddoommaaiinn (recipient domain), $$llooccaall (entire recipient address localpart) and $$rreecciippiieenntt__ddeelliimmiitteerr.. The forms _$_{_n_a_m_e_?_v_a_l_u_e_} and _$_{_n_a_m_e_:_v_a_l_u_e_} expand conditionally to _v_a_l_u_e when _$_n_a_m_e is (is not) defined. Characters that may have special meaning to the shell or file system are replaced by underscores. The list of acceptable characters is specified with the ffoorrwwaarrdd__eexxppaannssiioonn__ffiilltteerr configuration parameter.
An alias or ~/.ffoorrwwaarrdd file may list any combination of external commands, destination file names, ::iinncclluuddee:: directives, or mail addresses. See aalliiaasseess(5) for a precise description. Each line in a user's .ffoorrwwaarrdd file has the same syntax as the right-hand part of an alias.
When an address is found in its own alias expansion, delivery is made to the user instead. When a user is listed in the user's own ~/.ffoorrwwaarrdd file, delivery is made to the user's mailbox instead. An empty ~/.ffoorrwwaarrdd file means do not forward mail.
In order to prevent the mail system from using up unreasonable amounts of memory, input records read from ::iinncclluuddee:: or from ~/.ffoorrwwaarrdd files are broken up into chunks of length lliinnee__lleennggtthh__lliimmiitt.
While expanding aliases, ~/.ffoorrwwaarrdd files, and so on, the program attempts to avoid duplicate deliveries. The dduupplliiccaattee__ffiilltteerr__lliimmiitt configuration parameter limits the number of remembered recipients.
For the sake of reliability, forwarded mail is re-submitted as a new message, so that each recipient has a separate on-file delivery status record.
In order to stop mail forwarding loops early, the software adds an optional DDeelliivveerreedd--TToo:: header with the final envelope recipient address. If mail arrives for a recipient that is already listed in a DDeelliivveerreedd--TToo:: header, the message is bounced.
The default per-user mailbox is a file in the UNIX mail spool directory (//vvaarr//mmaaiill//_u_s_e_r or //vvaarr//ssppooooll//mmaaiill//_u_s_e_r); the location can be specified with the mmaaiill__ssppooooll__ddiirreeccttoorryy configuration parameter. Specify a name ending in // for qqmmaaiill-compatible mmaaiillddiirr delivery.
Alternatively, the per-user mailbox can be a file in the user's home directory with a name specified via the hhoommee__mmaaiillbbooxx configuration parameter. Specify a relative path name. Specify a name ending in // for qqmmaaiill-compatible mmaaiillddiirr delivery.
Mailbox delivery can be delegated to an external command specified with the mmaaiillbbooxx__ccoommmmaanndd__mmaappss and mmaaiillbbooxx__ccoommmmaanndd configuration parameters. The command executes with the privileges of the recipient user (exceptions: secondary groups are not enabled; in case of delivery as root, the command executes with the privileges of ddeeffaauulltt__pprriivvss).
Mailbox delivery can be delegated to alternative message transports specified in the mmaasstteerr..ccff file. The mmaaiillbbooxx__ttrraannssppoorrtt__mmaappss and mmaaiillbbooxx__ttrraannssppoorrtt configuration parameters specify an optional message transport that is to be used for all local recipients, regardless of whether they are found in the UNIX passwd database. The ffaallllbbaacckk__ttrraannssppoorrtt__mmaappss and ffaallllbbaacckk__ttrraannssppoorrtt parameters specify an optional message transport for recipients that are not found in the aliases(5) or UNIX passwd database.
In the case of UNIX-style mailbox delivery, the llooccaall(8) daemon prepends a "FFrroomm _s_e_n_d_e_r _t_i_m_e___s_t_a_m_p" envelope header to each message, prepends an XX--OOrriiggiinnaall--TToo:: header with the recipient address as given to Postfix, prepends an optional DDeelliivveerreedd--TToo:: header with the final envelope recipient address, prepends a RReettuurrnn--PPaatthh:: header with the envelope sender address, prepends a >> character to lines beginning with "FFrroomm ", and appends an empty line. The mailbox is locked for exclusive access while delivery is in progress. In case of problems, an attempt is made to truncate the mailbox to its original length.
In the case of mmaaiillddiirr delivery, the local daemon prepends an optional DDeelliivveerreedd--TToo:: header with the final envelope recipient address, prepends an XX--OOrriiggiinnaall--TToo:: header with the recipient address as given to Postfix, and prepends a RReettuurrnn--PPaatthh:: header with the envelope sender address.
The aallllooww__mmaaiill__ttoo__ccoommmmaannddss configuration parameter restricts delivery to external commands. The default setting (aalliiaass,, ffoorrwwaarrdd) forbids command destinations in ::iinncclluuddee:: files.
Optionally, the process working directory is changed to the path specified with ccoommmmaanndd__eexxeeccuuttiioonn__ddiirreeccttoorryy (Postfix 2.2 and later). Failure to change directory causes mail to be deferred.
The ccoommmmaanndd__eexxeeccuuttiioonn__ddiirreeccttoorryy parameter value is subject to interpolation of $$uusseerr (recipient username), $$hhoommee (recipient home directory), $$sshheellll (recipient shell), $$rreecciippiieenntt (complete recipient address), $$eexxtteennssiioonn (recipient address extension), $$ddoommaaiinn (recipient domain), $$llooccaall (entire recipient address localpart) and $$rreecciippiieenntt__ddeelliimmiitteerr.. The forms _$_{_n_a_m_e_?_v_a_l_u_e_} and _$_{_n_a_m_e_:_v_a_l_u_e_} expand conditionally to _v_a_l_u_e when _$_n_a_m_e is (is not) defined. Characters that may have special meaning to the shell or file system are replaced by underscores. The list of acceptable characters is specified with the eexxeeccuuttiioonn__ddiirreeccttoorryy__eexxppaannssiioonn__ffiilltteerr configuration parameter.
The command is executed directly where possible. Assistance by the shell (//bbiinn//sshh on UNIX systems) is used only when the command contains shell magic characters, or when the command invokes a shell built-in command.
A limited amount of command output (standard output and standard
error) is captured for inclusion with non-delivery status reports.
A command is forcibly terminated if it does not complete within
ccoommmmaanndd__ttiimmee__lliimmiitt seconds. Command exit status codes are
expected to follow the conventions defined in .
Exit status 0 means normal successful completion.
Postfix version 2.3 and later support RFC 3463-style enhanced status codes. If a command terminates with a non-zero exit status, and the command output begins with an enhanced status code, this status code takes precedence over the non-zero exit status.
A limited amount of message context is exported via environment variables. Characters that may have special meaning to the shell are replaced by underscores. The list of acceptable characters is specified with the ccoommmmaanndd__eexxppaannssiioonn__ffiilltteerr configuration parameter.
Additional remote client information is made available via the following environment variables:
The PPAATTHH environment variable is always reset to a system-dependent default path, and environment variables whose names are blessed by the eexxppoorrtt__eennvviirroonnmmeenntt configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
The llooccaall(8) daemon prepends a "FFrroomm _s_e_n_d_e_r _t_i_m_e___s_t_a_m_p" envelope header to each message, prepends an XX--OOrriiggiinnaall--TToo:: header with the recipient address as given to Postfix, prepends an optional DDeelliivveerreedd--TToo:: header with the final recipient envelope address, prepends a RReettuurrnn--PPaatthh:: header with the sender envelope address, and appends no empty line.
The delivery format depends on the destination filename syntax. The default is to use UNIX-style mailbox format. Specify a name ending in // for qqmmaaiill-compatible mmaaiillddiirr delivery.
The aallllooww__mmaaiill__ttoo__ffiilleess configuration parameter restricts delivery to external files. The default setting (aalliiaass,, ffoorrwwaarrdd) forbids file destinations in ::iinncclluuddee:: files.
In the case of UNIX-style mailbox delivery, the llooccaall(8) daemon prepends a "FFrroomm _s_e_n_d_e_r _t_i_m_e___s_t_a_m_p" envelope header to each message, prepends an XX--OOrriiggiinnaall--TToo:: header with the recipient address as given to Postfix, prepends an optional DDeelliivveerreedd--TToo:: header with the final recipient envelope address, prepends a >> character to lines beginning with "FFrroomm ", and appends an empty line. The envelope sender address is available in the RReettuurrnn--PPaatthh:: header. When the destination is a regular file, it is locked for exclusive access while delivery is in progress. In case of problems, an attempt is made to truncate a regular file to its original length.
In the case of mmaaiillddiirr delivery, the local daemon prepends an optional DDeelliivveerreedd--TToo:: header with the final envelope recipient address, and prepends an XX--OOrriiggiinnaall--TToo:: header with the recipient address as given to Postfix. The envelope sender address is available in the RReettuurrnn--PPaatthh:: header.
The optional rreecciippiieenntt__ddeelliimmiitteerr configuration parameter specifies how to separate address extensions from local recipient names.
For example, with "rreecciippiieenntt__ddeelliimmiitteerr == ++", mail for _n_a_m_e+_f_o_o is delivered to the alias _n_a_m_e+_f_o_o or to the alias _n_a_m_e, to the destinations listed in ~_n_a_m_e/.ffoorrwwaarrdd+_f_o_o or in ~_n_a_m_e/.ffoorrwwaarrdd, to the mailbox owned by the user _n_a_m_e, or it is sent back as undeliverable.
Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made. In the absence of a user context, the llooccaall(8) daemon uses the owner rights of the ::iinncclluuddee:: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the ddeeffaauulltt__pprriivvss configuration parameter.
RFC 822 (ARPA Internet Text Messages) RFC 3463 (Enhanced status codes)
Depending on the setting of the nnoottiiffyy__ccllaasssseess parameter, the postmaster is notified of bounces and of other trouble.
The llooccaall(8) delivery agent needs a dual personality 1) to access the private Postfix queue and IPC mechanisms, 2) to impersonate the recipient and deliver to recipient-specified files or commands. It is therefore security sensitive.
The llooccaall(8) delivery agent disallows regular expression substitution of $1 etc. in aalliiaass__mmaappss, because that would open a security hole.
The llooccaall(8) delivery agent will silently ignore requests to use the pprrooxxyymmaapp(8) server within aalliiaass__mmaappss. Instead it will open the table directly. Before Postfix version 2.2, the llooccaall(8) delivery agent will terminate with a fatal error.
Mutually-recursive aliases or ~/.ffoorrwwaarrdd files are not detected early. The resulting mail forwarding loop is broken by the use of the DDeelliivveerreedd--TToo:: message header.
Changes to mmaaiinn..ccff are picked up automatically, as llooccaall(8) processes run for only a limited amount of time. Use the command "ppoossttffiixx rreellooaadd" to speed up a change.
The text below provides only a parameter summary. See ppoossttccoonnff(5) for more details including examples.
Available in Postfix version 2.3 and later:
Available in Postfix version 2.5.3 and later:
The precedence of llooccaall(8) delivery methods from high to low is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, fallback_transport_maps, fallback_transport, and luser_relay.
Available in Postfix version 2.2 and later:
Available in Postfix version 2.2 and later:
Available in Postfix version 2.5.3 and later:
The following are examples; details differ between systems. $HOME/.forward, per-user aliasing /etc/aliases, system-wide alias database /var/spool/mail, system mailboxes
qmgr(8), queue manager bounce(8), delivery status reports newaliases(1), create/update alias database postalias(1), create/update alias database aliases(5), format of alias database postconf(5), configuration parameters master(5), generic daemon options syslogd(8), system logging
The Secure Mailer license must be distributed with this software.
The DDeelliivveerreedd--TToo:: message header appears in the qqmmaaiill system by Daniel Bernstein.
The _m_a_i_l_d_i_r structure appears in the qqmmaaiill system by Daniel Bernstein.
Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA