Provided by: courier-mta_0.47-13ubuntu5_i386
localmailfilter - Local mail filtering
echo /usr/bin/maildrop >/etc/courier/maildropfilter
vi $HOME/.mailfilters/rcptfilter $HOME/.mailfilters/rcptfilter-ext
vi $HOME/.mailfilters/smtpfilter $HOME/.mailfilters/smtpfilter-ext
chmod 700 $HOME/.mailfilters
chmod 600 $HOME/.mailfilters/*
The maildrop mail filter can be used by Courier as a mail filtering
engine, rejecting unwanted mail on a per-recipient basis.
The actual filtering interface used by Courier does not really require
that maildrop must be used as a mail filtering engine, it just so
happens that maildrop has a compatible interface that can be used right
out of the box. The following brief information can be used to craft a
homebrewed mail filter to take maildrop’s place.
The local mail filter only works for addresses that correspond to local
accounts. This filtering is not used if the recipient is a remote
address on another mail server. The local mail filter is disabled by
default. To enable local mail filtering you will need to initialize the
/etc/courier/maildropfilter configuration file to contain the pathname
to your local mail filter.
Local mail filtering is performed in two distinct phases:
When Courier receives an address naming a local mail recipient,
the local mail recipient’s mail filter is executed before
Courier acknowledges the address. The local mail filter tells
Courier whether to: A) accept message unconditionally - the
message is whitelisted; B) reject the message unconditionally -
Courier tells the mail server that the recipient address is
invalid; or C) accept this recipient, but run the content mail
filter, once the message’s contents are available.
After receiving the contents of the message, the mail filter is
executed again for any recipients whose recipient filters used
the third option. The content filter can now examine the
contents of the message, and indicate whether the message should
be accepted or rejected. Content filtering is not available for
It should be noted that mail filtering is executed as an integral part
of receiving a message from a remote mail server. If the message is
rejected, Courier refuses to accept the message for delivery.
The local mail filter will be invoked as follows:
HOME=$HOME FILTER -D uid/gid -M filter
The local mail filter will NOT be invoked as root, so if it needs to
access files in the recipient’s account, it must be installed setuid to
root (as maildrop is installed by default).
"uid/gid" is the recipient account’s system userid and group id,
respectively. The recipient account’s home directory is placed in the
HOME environment variable, prior to running FILTER, and "filter" is set
The mail filter is invoked initially when the remote mail server
specifies this address as a recipient. FILTER should terminate
with one of the following exit codes: 0 - this sender is
acceptable; 99 - this sender is acceptable, but I want to run
the content filter for this the message; any other non-zero exit
code - the sender is not acceptable, reject the message.
If FILTER terminates with exit code 99, FILTER runs again with
this parameter set to the word smtpfilter. FILTER will be
invoked once the message has been received from the remote mail
server, but not yet acknowledged. If FILTER terminates with a
non-zero exit code, the message is rejected. If FILTER
terminated with the exit code of zero, the message is accepted.
If the recipient created sub-addresses - see dot-courier(5) - a
dash followed by the subaddress "ext" is appended to the name of
This is how FILTER gets invoked if the address is a locally
defined mail alias (ext is the alias name).
The rcptfilter invocation must terminate with a zero exit code when the
message originates from a mailing list or any other source that should
be considered as "whitelisted". This filtering model does not fit very
well with some mail transfer protocols, so unless trusted sources are
explicitly declared to be whitelisted, there is a remote possibility
that the recipient will be removed from a mailing list because of a
poorly-written mail filter from some other recipient of the same
message. The 0 return exit code (which is the implied default if no
mail filtering is installed) protects the recipient from being
adversely affected, in any way, by anyone else’s mail filter.
The mail filters may print a diagnostic message before rejecting a
message. The diagnostic message will be returned to the sending mail
relay, where possible.
The mail filters inherit environment variables that describe the
incoming mail. The following environment variables are provided by
SENDER The return address on the message.
When the message is received via ESMTP, these variables specify
the remote IP address and the corresponding hostname. Hostname
is empty if the IP address does not have a reverse DNS record,
or is set to "softdnserr" if there was a temporary failure while
looking up this IP address.
BLOCK2 The default Courier configuration sets this environment variable
if the remote IP address is listed in an unsecured relay
blacklist. See /etc/courier/esmtpd for more information. Other
environment variables may also be available. For mail received
via ESMTP, environment variables are usually set in the
/etc/courier/smtpaccess configuration file.
Maildrop implements this mail filtering API as follows:
This directory contains the filtering recipes. This directory,
and its contents, cannot have any group or world permissions.
These mail filtering recipes directly correspond to the events
defined in the previous section. Maildrop’s "import" statement
can be used to gain access to the environment variables (these
mail filters are executed in maildrop’s embedded mode). The mail
filtering recipes can set the EXITCODE variable appropriately
before terminating, in order to accept or reject the message.
See maildrop(1) for more information.
FILTERING MAIL TO ALIASES
The /etc/courier/aliases configuration file is used to mail aliases,
see makealiases(8). The system administrator may set aside a reserved
local account that will be used to specify a local mail filter for
messages addressed to aliases. The configuration file
/etc/courier/aliasfilteracct specifies the home directory of the mail
account that will be used to filter alias recipients.
For example, if /etc/courier/aliasfilteracct contains /home/admin, then
Courier runs the mail filter as follows:
HOME=/home/admin FILTER -D uid/gid -M rcptfilter-alias-name
Here, "uid/gid" is owner uid and gid of the specified directory NOTE:
"name" is a fully qualified address, and the local aliases listed in
/etc/courier/aliases do not typically include the domain name. If
defines an alias called "system", for example, the -M option will
probably be "email@example.com", if example.com is the contents of
/etc/courier/me configuration file.
Unfortunately, currently it is not possible to specify content filters
(a.k.a. smtpfilters) for aliases, only recipient filters.
Local mail filtering engine.
Account that is used to filter mail to aliases.