<html> <head> </head> <body> <pre> VIRTUAL(8) VIRTUAL(8) <b>NAME</b> virtual - Postfix virtual domain mail delivery agent <b>SYNOPSIS</b> <b>virtual</b> [generic Postfix daemon options] <b>DESCRIPTION</b> The <b>virtual</b> delivery agent is designed for virtual mail hosting services. Originally based on the Postfix local delivery agent, this agent looks up recipients with map lookups of their full recipient address, instead of using hard-coded unix password file lookups of the address local part only. This delivery agent only delivers mail. Other features such as mail forwarding, out-of-office notifications, etc., must be configured via virtual_alias maps or via similar lookup mechanisms. <b>MAILBOX</b> <b>LOCATION</b> The mailbox location is controlled by the <b>virtual</b><i>_</i><b>mail-</b> <b>box</b><i>_</i><b>base</b> and <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> configuration parameters (see below). The <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> table is indexed by the full recipient address. The mailbox pathname is constructed as follows: <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base/$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps(</b><i>recipient</i><b>)</b> where <i>recipient</i> is the full recipient address. <b>UNIX</b> <b>MAILBOX</b> <b>FORMAT</b> When the mailbox location does not end in <b>/</b>, the message is delivered in UNIX mailbox format. This format stores multiple messages in one textfile. The <b>virtual</b> delivery agent prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to each message, prepends a <b>Delivered-To:</b> message header with the envelope recipient address, prepends an <b>X-Original-To:</b> header with the recip- ient address as given to Postfix, prepends a <b>Return-Path:</b> message header with the envelope sender address, prepends a > character to lines beginning with "<b>From</b> ", and appends an empty line. The mailbox is locked for exclusive access while delivery is in progress. In case of problems, an attempt is made to truncate the mailbox to its original length. <b>QMAIL</b> <b>MAILDIR</b> <b>FORMAT</b> When the mailbox location ends in <b>/</b>, the message is deliv- ered in qmail <b>maildir</b> format. This format stores one mes- sage per file. The <b>virtual</b> delivery agent daemon prepends a <b>Delivered-To:</b> message header with the final envelope recipient address, prepends an <b>X-Original-To:</b> header with the recipient address as given to Postfix, and prepends a <b>Return-Path:</b> message header with the envelope sender address. By definition, <b>maildir</b> format does not require file lock- ing during mail delivery or retrieval. <b>MAILBOX</b> <b>OWNERSHIP</b> Mailbox ownership is controlled by the <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> and <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> lookup tables, which are indexed with the full recipient address. Each table provides a string with the numerical user and group ID, respectively. The <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> parameter imposes a lower bound on numerical user ID values that may be specified in any <b>vir-</b> <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>. <b>SECURITY</b> The virtual delivery agent is not security sensitive, pro- vided that the lookup tables with recipient user/group ID information are adequately protected. This program is not designed to run chrooted. <b>STANDARDS</b> <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages) <b>DIAGNOSTICS</b> Mail bounces when the recipient has no mailbox or when the recipient is over disk quota. In all other cases, mail for an existing recipient is deferred and a warning is logged. Problems and transactions are logged to <b>syslogd</b>(8). Cor- rupted message files are marked so that the queue manager can move them to the <b>corrupt</b> queue afterwards. Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter, the postmaster is notified of bounces and of other trou- ble. <b>BUGS</b> This delivery agent silently ignores address extensions. Postfix should have lookup tables that can return multiple result attributes. In order to avoid the inconvenience of maintaining three tables, use an LDAP or MYSQL database. <b>CONFIGURATION</b> <b>PARAMETERS</b> The following <b>main.cf</b> parameters are especially relevant to this program. See the Postfix <b>main.cf</b> file for syntax details and for default values. Use the <b>postfix</b> <b>reload</b> command after a configuration change. <b>Mailbox</b> <b>delivery</b> <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> Specifies a path that is prepended to all mailbox or maildir paths. This is a safety measure to ensure that an out of control map in <b>virtual</b><i>_</i><b>mail-</b> <b>box</b><i>_</i><b>maps</b> doesn't litter the filesystem with mail- boxes. While it could be set to "/", this setting isn't recommended. <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> Recipients are looked up in these maps to determine the path to their mailbox or maildir. If the returned path ends in a slash ("/"), maildir-style delivery is carried out, otherwise the path is assumed to specify a UNIX-style mailbox file. While searching a lookup table, an address exten- sion (<i>user+foo@domain.tld</i>) is ignored. In a lookup table, specify a left-hand side of <i>@domain.tld</i> to match any user in the specified domain that does not have a specific <i>user@domain.tld</i> entry. Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally prepended to this path. For security reasons, regular expression maps are allowed but regular expression substitution of $1 etc. is disallowed, because that would open a secu- rity hole. For security reasons, proxied table lookup is not allowed, because that would open a security hole. <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b> The list of domains that should be delivered via the Postfix virtual delivery agent. This uses the same syntax as the <b>mydestination</b> configuration parameter. <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> Specifies a minimum uid that will be accepted as a return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b> <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than this will be rejected, and the message will be deferred. <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> Recipients are looked up in these maps to determine the user ID to be used when writing to the target mailbox. While searching a lookup table, an address exten- sion (<i>user+foo@domain.tld</i>) is ignored. In a lookup table, specify a left-hand side of <i>@domain.tld</i> to match any user in the specified domain that does not have a specific <i>user@domain.tld</i> entry. For security reasons, regular expression maps are allowed but regular expression substitution of $1 etc. is disallowed, because that would open a secu- rity hole. For security reasons, proxied table lookup is not allowed, because that would open a security hole. <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> Recipients are looked up in these maps to determine the group ID to be used when writing to the target mailbox. While searching a lookup table, an address exten- sion (<i>user+foo@domain.tld</i>) is ignored. In a lookup table, specify a left-hand side of <i>@domain.tld</i> to match any user in the specified domain that does not have a specific <i>user@domain.tld</i> entry. For security reasons, regular expression maps are allowed but regular expression substitution of $1 etc. is disallowed, because that would open a secu- rity hole. For security reasons, proxied table lookup is not allowed, because that would open a security hole. <b>Locking</b> <b>controls</b> <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b> How to lock UNIX-style mailboxes: one or more of <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method requires that the recipient UID or GID has write access to the parent directory of the mailbox file. This setting is ignored with <b>maildir</b> style deliv- ery, because such deliveries are safe without explicit locks. Use the command <b>postconf</b> <b>-l</b> to find out what lock- ing methods are available on your system. <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b> Limit the number of attempts to acquire an exclu- sive lock on a UNIX-style mailbox file. <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b> Time (default: seconds) between successive attempts to acquire an exclusive lock on a UNIX-style mail- box file. The actual delay is slightly randomized. <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b> Limit the time after which a stale lockfile is removed (applicable to UNIX-style mailboxes only). <b>Resource</b> <b>controls</b> <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> Limit the number of parallel deliveries to the same domain via the <b>virtual</b> delivery agent. The default limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b> <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by the Postfix queue manager. <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> Limit the number of recipients per message delivery via the <b>virtual</b> delivery agent. The default limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b> <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the Postfix queue manager. <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b> The maximal size in bytes of a mailbox or maildir file. Set to zero to disable the limit. <b>HISTORY</b> This agent was originally based on the Postfix local delivery agent. Modifications mainly consisted of removing code that either was not applicable or that was not safe in this context: aliases, ~user/.forward files, delivery to "|command" or to /file/name. The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by Daniel Bernstein. The <b>maildir</b> structure appears in the <b>qmail</b> system by Daniel Bernstein. <b>SEE</b> <b>ALSO</b> <a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format <a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format <a href="bounce.8.html">bounce(8)</a> non-delivery status reports syslogd(8) system logging <a href="qmgr.8.html">qmgr(8)</a> queue manager <b>LICENSE</b> The Secure Mailer license must be distributed with this software. <b>AUTHOR(S)</b> Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA Andrew McNamara andrewm@connect.com.au connect.com.au Pty. Ltd. Level 3, 213 Miller St North Sydney 2060, NSW, Australia VIRTUAL(8) </pre> </body> </html>