Provided by: postfix_3.0.4-5build1_i386 bug

NAME

       local - Postfix local mail delivery

SYNOPSIS

       local [generic Postfix daemon options]

DESCRIPTION

       The  local(8) daemon processes delivery requests from the Postfix queue
       manager to deliver mail to local  recipients.   Each  delivery  request
       specifies  a  queue file, a sender address, a domain or host to deliver
       to, and one or more recipients.  This program expects to  be  run  from
       the master(8) process manager.

       The  local(8)  daemon  updates  queue  files  and  marks  recipients as
       finished, or it informs the queue manager that delivery should be tried
       again  at  a  later  time.  Delivery  status  reports  are  sent to the
       bounce(8), defer(8) or trace(8) daemon as appropriate.

CASE FOLDING

       All delivery decisions are made using the bare recipient name (i.e. the
       address  localpart),  folded  to  lower  case.   See also under ADDRESS
       EXTENSION below for a few exceptions.

SYSTEM-WIDE AND USER-LEVEL ALIASING

       The  system  administrator  can  set  up  one   or   more   system-wide
       sendmail-style   alias   databases.    Users  can  have  sendmail-style
       ~/.forward files.  Mail for name is delivered to  the  alias  name,  to
       destinations  in ~name/.forward, to the mailbox owned by the user name,
       or it is sent back as undeliverable.

       The system administrator can specify a comma/space  separated  list  of
       ~/.forward like files through the forward_path configuration parameter.
       Upon delivery, the local delivery agent tries each pathname in the list
       until a file is found.

       Delivery  via  ~/.forward  files  is  done  with  the privileges of the
       recipient.  Thus,  ~/.forward  like  files  must  be  readable  by  the
       recipient,   and   their  parent  directory  needs  to  have  "execute"
       permission for the recipient.

       The  forward_path  parameter  is  subject  to  interpolation  of  $user
       (recipient   username),   $home   (recipient  home  directory),  $shell
       (recipient shell), $recipient (complete recipient address),  $extension
       (recipient  address  extension),  $domain  (recipient  domain),  $local
       (entire recipient  address  localpart)  and  $recipient_delimiter.  The
       forms  ${name?value}  and  ${name:value}  expand conditionally to value
       when $name is (is not)  defined.   Characters  that  may  have  special
       meaning  to  the shell or file system are replaced by underscores.  The
       list   of    acceptable    characters    is    specified    with    the
       forward_expansion_filter configuration parameter.

       An  alias  or  ~/.forward  file  may  list  any combination of external
       commands,  destination  file  names,  :include:  directives,  or   mail
       addresses.   See  aliases(5)  for a precise description. Each line in a
       user's .forward file has the same syntax as the right-hand part  of  an
       alias.

       When  an  address is found in its own alias expansion, delivery is made
       to the user instead. When a user is listed in the user's own ~/.forward
       file,  delivery  is  made  to  the  user's  mailbox  instead.  An empty
       ~/.forward file means do not forward mail.

       In order to prevent the mail system from using up unreasonable  amounts
       of  memory,  input records read from :include: or from ~/.forward files
       are broken up into chunks of length line_length_limit.

       While expanding aliases, ~/.forward  files,  and  so  on,  the  program
       attempts  to  avoid  duplicate  deliveries.  The duplicate_filter_limit
       configuration parameter limits the number of remembered recipients.

MAIL FORWARDING

       For the sake of reliability, forwarded mail is re-submitted  as  a  new
       message,  so that each recipient has a separate on-file delivery status
       record.

       In order to stop mail forwarding loops  early,  the  software  adds  an
       optional   Delivered-To:  header  with  the  final  envelope  recipient
       address. If mail arrives for a recipient that is already  listed  in  a
       Delivered-To: header, the message is bounced.

MAILBOX DELIVERY

       The default per-user mailbox is a file in the UNIX mail spool directory
       (/var/mail/user or /var/spool/mail/user); the location can be specified
       with  the  mail_spool_directory configuration parameter. Specify a name
       ending in / for qmail-compatible maildir delivery.

       Alternatively, the per-user mailbox can be a file in  the  user's  home
       directory  with  a  name  specified  via the home_mailbox configuration
       parameter. Specify a relative path name. Specify a name ending in / for
       qmail-compatible maildir delivery.

       Mailbox delivery can be delegated to an external command specified with
       the mailbox_command_maps and mailbox_command configuration  parameters.
       The  command  executes  with  the  privileges  of  the  recipient  user
       (exceptions: secondary groups are not enabled; in case of  delivery  as
       root, the command executes with the privileges of default_privs).

       Mailbox  delivery  can  be  delegated to alternative message transports
       specified  in  the  master.cf  file.   The  mailbox_transport_maps  and
       mailbox_transport  configuration parameters specify an optional message
       transport that is to be used for all local  recipients,  regardless  of
       whether   they   are   found   in   the   UNIX  passwd  database.   The
       fallback_transport_maps and fallback_transport  parameters  specify  an
       optional  message  transport  for  recipients that are not found in the
       aliases(5) or UNIX passwd database.

       In the  case  of  UNIX-style  mailbox  delivery,  the  local(8)  daemon
       prepends  a  "From  sender time_stamp" envelope header to each message,
       prepends an X-Original-To: header with the recipient address  as  given
       to  Postfix,  prepends  an optional Delivered-To: header with the final
       envelope recipient address, prepends a  Return-Path:  header  with  the
       envelope sender address, prepends a > character to lines beginning with
       "From ", and  appends  an  empty  line.   The  mailbox  is  locked  for
       exclusive access while delivery is in progress. In case of problems, an
       attempt is made to truncate the mailbox to its original length.

       In the case of maildir delivery, the local daemon prepends an  optional
       Delivered-To:   header  with  the  final  envelope  recipient  address,
       prepends an X-Original-To: header with the recipient address  as  given
       to Postfix, and prepends a Return-Path: header with the envelope sender
       address.

EXTERNAL COMMAND DELIVERY

       The allow_mail_to_commands configuration parameter  restricts  delivery
       to  external  commands.  The  default  setting (alias, forward) forbids
       command destinations in :include: files.

       Optionally, the process  working  directory  is  changed  to  the  path
       specified  with  command_execution_directory  (Postfix  2.2 and later).
       Failure to change directory causes mail to be deferred.

       The  command_execution_directory  parameter   value   is   subject   to
       interpolation  of  $user  (recipient  username),  $home (recipient home
       directory), $shell (recipient shell),  $recipient  (complete  recipient
       address),  $extension (recipient address extension), $domain (recipient
       domain),   $local   (entire   recipient    address    localpart)    and
       $recipient_delimiter.  The forms ${name?value} and ${name:value} expand
       conditionally to value when $name is (is not) defined.  Characters that
       may  have  special  meaning to the shell or file system are replaced by
       underscores.  The list of acceptable characters is specified  with  the
       execution_directory_expansion_filter configuration parameter.

       The  command  is  executed  directly  where possible. Assistance by the
       shell (/bin/sh on UNIX systems) is used only when the command  contains
       shell  magic  characters,  or when the command invokes a shell built-in
       command.

       A limited amount of command output (standard output and standard error)
       is  captured for inclusion with non-delivery status reports.  A command
       is   forcibly   terminated   if   it   does   not    complete    within
       command_time_limit  seconds.  Command exit status codes are expected to
       follow the conventions defined in <sysexits.h>.  Exit  status  0  means
       normal successful completion.

       Postfix  version  2.3  and later support RFC 3463-style enhanced status
       codes.  If a command terminates with a non-zero exit  status,  and  the
       command  output  begins  with an enhanced status code, this status code
       takes precedence over the non-zero exit status.

       A limited  amount  of  message  context  is  exported  via  environment
       variables.  Characters  that  may have special meaning to the shell are
       replaced  by  underscores.   The  list  of  acceptable  characters   is
       specified with the command_expansion_filter configuration parameter.

       SHELL  The recipient user's login shell.

       HOME   The recipient user's home directory.

       USER   The bare recipient name.

       EXTENSION
              The optional recipient address extension.

       DOMAIN The recipient address domain part.

       LOGNAME
              The bare recipient name.

       LOCAL  The  entire recipient address localpart (text to the left of the
              rightmost @ character).

       ORIGINAL_RECIPIENT
              The entire recipient address, before any  address  rewriting  or
              aliasing (Postfix 2.5 and later).

       RECIPIENT
              The entire recipient address.

       SENDER The entire sender address.

       Additional   remote  client  information  is  made  available  via  the
       following environment variables:

       CLIENT_ADDRESS
              Remote client network address. Available as of Postfix 2.2.

       CLIENT_HELO
              Remote client EHLO command parameter. Available  as  of  Postfix
              2.2.

       CLIENT_HOSTNAME
              Remote client hostname. Available as of Postfix 2.2.

       CLIENT_PROTOCOL
              Remote client protocol. Available as of Postfix 2.2.

       SASL_METHOD
              SASL  authentication  method specified in the remote client AUTH
              command. Available as of Postfix 2.2.

       SASL_SENDER
              SASL sender address specified in the  remote  client  MAIL  FROM
              command. Available as of Postfix 2.2.

       SASL_USERNAME
              SASL  username  specified  in  the  remote  client AUTH command.
              Available as of Postfix 2.2.

       The PATH environment variable is always  reset  to  a  system-dependent
       default  path, and environment variables whose names are blessed by the
       export_environment configuration parameter are exported unchanged.

       The current working directory is the mail queue directory.

       The local(8) daemon prepends a "From sender time_stamp" envelope header
       to  each  message, prepends an X-Original-To: header with the recipient
       address as given to Postfix, prepends an optional Delivered-To:  header
       with  the  final  recipient  envelope  address, prepends a Return-Path:
       header with the sender envelope address, and appends no empty line.

EXTERNAL FILE DELIVERY

       The delivery format depends on the destination  filename  syntax.   The
       default  is to use UNIX-style mailbox format.  Specify a name ending in
       / for qmail-compatible maildir delivery.

       The allow_mail_to_files configuration parameter restricts  delivery  to
       external  files.  The  default  setting  (alias,  forward) forbids file
       destinations in :include: files.

       In the  case  of  UNIX-style  mailbox  delivery,  the  local(8)  daemon
       prepends  a  "From  sender time_stamp" envelope header to each message,
       prepends an X-Original-To: header with the recipient address  as  given
       to  Postfix,  prepends  an optional Delivered-To: header with the final
       recipient envelope address, prepends a > character to  lines  beginning
       with  "From  ", and appends an empty line.  The envelope sender address
       is available in the Return-Path: header.  When  the  destination  is  a
       regular  file,  it  is locked for exclusive access while delivery is in
       progress. In case of problems, an attempt is made to truncate a regular
       file to its original length.

       In  the case of maildir delivery, the local daemon prepends an optional
       Delivered-To: header with the final  envelope  recipient  address,  and
       prepends  an  X-Original-To: header with the recipient address as given
       to  Postfix.   The  envelope  sender  address  is  available   in   the
       Return-Path: header.

ADDRESS EXTENSION

       The  optional recipient_delimiter configuration parameter specifies how
       to separate address extensions from local recipient names.

       For example, with "recipient_delimiter  =  +",  mail  for  name+foo  is
       delivered  to  the  alias  name+foo  or  to  the  alias  name,  to  the
       destinations listed in ~name/.forward+foo or in ~name/.forward, to  the
       mailbox owned by the user name, or it is sent back as undeliverable.

DELIVERY RIGHTS

       Deliveries  to  external  files and external commands are made with the
       rights of the receiving user on whose behalf the delivery is made.   In
       the  absence  of  a  user  context,  the local(8) daemon uses the owner
       rights of the :include: file or alias database.  When those  files  are
       owned by the superuser, delivery is made with the rights specified with
       the default_privs configuration parameter.

STANDARDS

       RFC 822 (ARPA Internet Text Messages)
       RFC 3463 (Enhanced status codes)

DIAGNOSTICS

       Problems and transactions are logged to syslogd(8).  Corrupted  message
       files are marked so that the queue manager can move them to the corrupt
       queue afterwards.

       Depending  on  the  setting  of  the  notify_classes   parameter,   the
       postmaster is notified of bounces and of other trouble.

SECURITY

       The  local(8)  delivery agent needs a dual personality 1) to access the
       private Postfix  queue  and  IPC  mechanisms,  2)  to  impersonate  the
       recipient  and  deliver to recipient-specified files or commands. It is
       therefore security sensitive.

       The local(8) delivery agent disallows regular  expression  substitution
       of $1 etc. in alias_maps, because that would open a security hole.

       The  local(8)  delivery  agent will silently ignore requests to use the
       proxymap(8) server within alias_maps. Instead it will  open  the  table
       directly.  Before Postfix version 2.2, the local(8) delivery agent will
       terminate with a fatal error.

BUGS

       For security reasons, the message delivery status of external  commands
       or  of  external  files is never checkpointed to file. As a result, the
       program may occasionally  deliver  more  than  once  to  a  command  or
       external file. Better safe than sorry.

       Mutually-recursive  aliases or ~/.forward files are not detected early.
       The resulting mail  forwarding  loop  is  broken  by  the  use  of  the
       Delivered-To: message header.

CONFIGURATION PARAMETERS

       Changes  to  main.cf are picked up automatically, as local(8) processes
       run for only a limited amount of time. Use the command "postfix reload"
       to speed up a change.

       The  text  below provides only a parameter summary. See postconf(5) for
       more details including examples.

COMPATIBILITY CONTROLS

       biff (yes)
              Whether or not to use the local biff service.

       expand_owner_alias (no)
              When  delivering  to  an   alias   "aliasname"   that   has   an
              "owner-aliasname"  companion  alias,  set  the  envelope  sender
              address to the expansion of the "owner-aliasname" alias.

       owner_request_special (yes)
              Give special treatment to  owner-listname  and  listname-request
              address   localparts:   don't  split  such  addresses  when  the
              recipient_delimiter is set to "-".

       sun_mailtool_compatibility (no)
              Obsolete SUN mailtool compatibility feature.

       Available in Postfix version 2.3 and later:

       frozen_delivered_to (yes)
              Update the local(8) delivery agent's idea of  the  Delivered-To:
              address  (see  prepend_delivered_header) only once, at the start
              of a delivery attempt; do not update the  Delivered-To:  address
              while expanding aliases or .forward files.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer  delivery  when  a  mailbox  file  is  not  owned  by  its
              recipient.

       reset_owner_alias (no)
              Reset the local(8) delivery  agent's  idea  of  the  owner-alias
              attribute,  when  delivering mail to a child alias that does not
              have its own owner alias.

       Available in Postfix version 3.0 and later:

       local_delivery_status_filter ($default_delivery_status_filter)
              Optional filter for the local(8) delivery agent  to  change  the
              status  code  or  explanatory text of successful or unsuccessful
              deliveries.

DELIVERY METHOD CONTROLS

       The precedence of local(8)  delivery  methods  from  high  to  low  is:
       aliases,  .forward  files,  mailbox_transport_maps,  mailbox_transport,
       mailbox_command_maps,          mailbox_command,           home_mailbox,
       mail_spool_directory,  fallback_transport_maps, fallback_transport, and
       luser_relay.

       alias_maps (see 'postconf -d' output)
              The alias databases that are used for local(8) delivery.

       forward_path (see 'postconf -d' output)
              The local(8) delivery agent search list for finding  a  .forward
              file with user-specified delivery methods.

       mailbox_transport_maps (empty)
              Optional  lookup  tables  with  per-recipient  message  delivery
              transports to use for local(8) mailbox delivery, whether or  not
              the recipients are found in the UNIX passwd database.

       mailbox_transport (empty)
              Optional  message  delivery transport that the local(8) delivery
              agent should use for mailbox delivery to all  local  recipients,
              whether or not they are found in the UNIX passwd database.

       mailbox_command_maps (empty)
              Optional  lookup  tables with per-recipient external commands to
              use for local(8) mailbox delivery.

       mailbox_command (empty)
              Optional external  command  that  the  local(8)  delivery  agent
              should use for mailbox delivery.

       home_mailbox (empty)
              Optional  pathname  of  a  mailbox  file  relative to a local(8)
              user's home directory.

       mail_spool_directory (see 'postconf -d' output)
              The directory where local(8) UNIX-style mailboxes are kept.

       fallback_transport_maps (empty)
              Optional  lookup  tables  with  per-recipient  message  delivery
              transports for recipients that the local(8) delivery agent could
              not find in the aliases(5) or UNIX password database.

       fallback_transport (empty)
              Optional message delivery transport that the  local(8)  delivery
              agent  should use for names that are not found in the aliases(5)
              or UNIX password database.

       luser_relay (empty)
              Optional catch-all destination for unknown local(8) recipients.

       Available in Postfix version 2.2 and later:

       command_execution_directory (empty)
              The local(8) delivery agent working directory  for  delivery  to
              external command.

MAILBOX LOCKING CONTROLS

       deliver_lock_attempts (20)
              The maximal number of attempts to acquire an exclusive lock on a
              mailbox file or bounce(8) logfile.

       deliver_lock_delay (1s)
              The time between attempts to acquire  an  exclusive  lock  on  a
              mailbox file or bounce(8) logfile.

       stale_lock_time (500s)
              The  time  after  which  a  stale  exclusive mailbox lockfile is
              removed.

       mailbox_delivery_lock (see 'postconf -d' output)
              How to lock a  UNIX-style  local(8)  mailbox  before  attempting
              delivery.

RESOURCE AND RATE CONTROLS

       command_time_limit (1000s)
              Time limit for delivery to external commands.

       duplicate_filter_limit (1000)
              The  maximal  number  of  addresses  remembered  by  the address
              duplicate filter for aliases(5) or virtual(5)  alias  expansion,
              or for showq(8) queue displays.

       local_destination_concurrency_limit (2)
              The  maximal  number  of  parallel deliveries via the local mail
              delivery    transport    to    the    same    recipient    (when
              "local_destination_recipient_limit  =  1") or the maximal number
              of  parallel  deliveries  to  the  same   local   domain   (when
              "local_destination_recipient_limit > 1").

       local_destination_recipient_limit (1)
              The  maximal  number  of recipients per message delivery via the
              local mail delivery transport.

       mailbox_size_limit (51200000)
              The maximal size of any local(8) individual mailbox  or  maildir
              file, or zero (no limit).

SECURITY CONTROLS

       allow_mail_to_commands (alias, forward)
              Restrict local(8) mail delivery to external commands.

       allow_mail_to_files (alias, forward)
              Restrict local(8) mail delivery to external files.

       command_expansion_filter (see 'postconf -d' output)
              Restrict  the characters that the local(8) delivery agent allows
              in     $name     expansions     of     $mailbox_command      and
              $command_execution_directory.

       default_privs (nobody)
              The  default  rights  used  by  the  local(8) delivery agent for
              delivery to external file or command.

       forward_expansion_filter (see 'postconf -d' output)
              Restrict the characters that the local(8) delivery agent  allows
              in $name expansions of $forward_path.

       Available in Postfix version 2.2 and later:

       execution_directory_expansion_filter (see 'postconf -d' output)
              Restrict  the characters that the local(8) delivery agent allows
              in $name expansions of $command_execution_directory.

       Available in Postfix version 2.5.3 and later:

       strict_mailbox_ownership (yes)
              Defer  delivery  when  a  mailbox  file  is  not  owned  by  its
              recipient.

MISCELLANEOUS CONTROLS

       config_directory (see 'postconf -d' output)
              The  default  location  of  the  Postfix  main.cf  and master.cf
              configuration files.

       daemon_timeout (18000s)
              How much time a Postfix daemon process  may  take  to  handle  a
              request before it is terminated by a built-in watchdog timer.

       delay_logging_resolution_limit (2)
              The  maximal  number  of  digits  after  the  decimal point when
              logging sub-second delay values.

       export_environment (see 'postconf -d' output)
              The list of environment variables that a  Postfix  process  will
              export to non-Postfix processes.

       ipc_timeout (3600s)
              The  time  limit  for  sending  or receiving information over an
              internal communication channel.

       local_command_shell (empty)
              Optional shell program  for  local(8)  delivery  to  non-Postfix
              command.

       max_idle (100s)
              The  maximum  amount of time that an idle Postfix daemon process
              waits for an incoming connection before terminating voluntarily.

       max_use (100)
              The maximal number of incoming connections that a Postfix daemon
              process will service before terminating voluntarily.

       prepend_delivered_header (command, file, forward)
              The   message  delivery  contexts  where  the  Postfix  local(8)
              delivery agent prepends a Delivered-To:  message header with the
              address that the mail was delivered to.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       propagate_unmatched_extensions (canonical, virtual)
              What  address  lookup  tables copy an address extension from the
              lookup key to the lookup result.

       queue_directory (see 'postconf -d' output)
              The location of the Postfix top-level queue directory.

       recipient_delimiter (empty)
              The set of characters that can separate a  user  name  from  its
              extension  (example: user+foo), or a .forward file name from its
              extension (example: .forward+foo).

       require_home_directory (no)
              Require that a local(8) recipient's home directory exists before
              mail delivery is attempted.

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (see 'postconf -d' output)
              The  mail  system  name that is prepended to the process name in
              syslog  records,  so  that   "smtpd"   becomes,   for   example,
              "postfix/smtpd".

FILES

       The following are examples; details differ between systems.
       $HOME/.forward, per-user aliasing
       /etc/aliases, system-wide alias database
       /var/spool/mail, system mailboxes

SEE ALSO

       qmgr(8), queue manager
       bounce(8), delivery status reports
       newaliases(1), create/update alias database
       postalias(1), create/update alias database
       aliases(5), format of alias database
       postconf(5), configuration parameters
       master(5), generic daemon options
       syslogd(8), system logging

LICENSE

       The Secure Mailer license must be distributed with this software.

HISTORY

       The  Delivered-To: message header appears in the qmail system by Daniel
       Bernstein.

       The maildir structure appears in the qmail system by Daniel Bernstein.

AUTHOR(S)

       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                               LOCAL(8postfix)