1VIRTUAL(8)                  System Manager's Manual                 VIRTUAL(8)
2
3
4

NAME

6       virtual - Postfix virtual domain mail delivery agent
7

SYNOPSIS

9       virtual [generic Postfix daemon options]
10

DESCRIPTION

12       The virtual(8) delivery agent is designed for virtual mail hosting ser‐
13       vices. Originally based on the Postfix local(8)  delivery  agent,  this
14       agent  looks  up  recipients  with  map lookups of their full recipient
15       address, instead of using hard-coded unix password file lookups of  the
16       address local part only.
17
18       This  delivery  agent  only delivers mail.  Other features such as mail
19       forwarding, out-of-office notifications, etc., must be  configured  via
20       virtual_alias maps or via similar lookup mechanisms.
21

MAILBOX LOCATION

23       The mailbox location is controlled by the virtual_mailbox_base and vir‐
24       tual_mailbox_maps  configuration  parameters  (see  below).   The  vir‐
25       tual_mailbox_maps   table  is  indexed  by  the  recipient  address  as
26       described under TABLE SEARCH ORDER below.
27
28       The mailbox pathname is constructed as follows:
29
30         $virtual_mailbox_base/$virtual_mailbox_maps(recipient)
31
32       where recipient is the full recipient address.
33

UNIX MAILBOX FORMAT

35       When the mailbox location does not end in /, the message  is  delivered
36       in  UNIX  mailbox format.   This format stores multiple messages in one
37       textfile.
38
39       The virtual(8) delivery agent prepends a "From sender time_stamp" enve‐
40       lope  header  to  each message, prepends a Delivered-To: message header
41       with the envelope recipient address, prepends an X-Original-To:  header
42       with the recipient address as given to Postfix, prepends a Return-Path:
43       message header with the envelope sender address, prepends a > character
44       to lines beginning with "From ", and appends an empty line.
45
46       The  mailbox  is  locked  for  exclusive  access  while  delivery is in
47       progress. In case of problems, an attempt is made to truncate the mail‐
48       box to its original length.
49

QMAIL MAILDIR FORMAT

51       When  the mailbox location ends in /, the message is delivered in qmail
52       maildir format. This format stores one message per file.
53
54       The virtual(8) delivery agent prepends a Delivered-To:  message  header
55       with  the  final envelope recipient address, prepends an X-Original-To:
56       header with the recipient address as given to Postfix, and  prepends  a
57       Return-Path: message header with the envelope sender address.
58
59       By  definition,  maildir format does not require application-level file
60       locking during mail delivery or retrieval.
61

MAILBOX OWNERSHIP

63       Mailbox ownership  is  controlled  by  the  virtual_uid_maps  and  vir‐
64       tual_gid_maps  lookup tables, which are indexed with the full recipient
65       address. Each table provides a string with the numerical user and group
66       ID, respectively.
67
68       The  virtual_minimum_uid  parameter  imposes a lower bound on numerical
69       user ID values that may be specified in any virtual_uid_maps.
70

CASE FOLDING

72       All delivery decisions are  made  using  the  full  recipient  address,
73       folded  to  lower  case. See also the next section for a few exceptions
74       with optional address extensions.
75

TABLE SEARCH ORDER

77       Normally, a lookup table is specified as a text  file  that  serves  as
78       input  to the postmap(1) command. The result, an indexed file in dbm or
79       db format, is used for fast searching by the mail system.
80
81       The search order is as follows. The search stops upon  the  first  suc‐
82       cessful lookup.
83
84       ·      When  the  recipient  has  an  optional  address  extension  the
85              user+extension@domain.tld address is looked up first.
86
87              With Postfix versions before 2.1, the optional address extension
88              is always ignored.
89
90       ·      The  user@domain.tld  address,  without  address  extension,  is
91              looked up next.
92
93       ·      Finally, the recipient @domain is looked up.
94
95       When the table is provided via other means such as NIS,  LDAP  or  SQL,
96       the same lookups are done as for ordinary indexed files.
97
98       Alternatively,  a  table  can  be  provided as a regular-expression map
99       where patterns are given as regular expressions. In that case, only the
100       full recipient address is given to the regular-expression map.
101

SECURITY

103       The  virtual(8) delivery agent is not security sensitive, provided that
104       the lookup tables with recipient user/group  ID  information  are  ade‐
105       quately protected. This program is not designed to run chrooted.
106
107       The virtual(8) delivery agent disallows regular expression substitution
108       of $1 etc. in regular expression lookup tables, because that would open
109       a security hole.
110
111       The  virtual(8) delivery agent will silently ignore requests to use the
112       proxymap(8) server. Instead it will open  the  table  directly.  Before
113       Postfix  version  2.2, the virtual delivery agent will terminate with a
114       fatal error.
115

STANDARDS

117       RFC 822 (ARPA Internet Text Messages)
118

DIAGNOSTICS

120       Mail bounces when the recipient has no mailbox or when the recipient is
121       over  disk quota. In all other cases, mail for an existing recipient is
122       deferred and a warning is logged.
123
124       Problems and transactions are logged to syslogd(8).  Corrupted  message
125       files are marked so that the queue manager can move them to the corrupt
126       queue afterwards.
127
128       Depending on the setting of the notify_classes parameter, the  postmas‐
129       ter is notified of bounces and of other trouble.
130

BUGS

132       This  delivery agent supports address extensions in email addresses and
133       in lookup table keys, but does not propagate address extension informa‐
134       tion to the result of table lookup.
135
136       Postfix  should  have  lookup  tables  that  can return multiple result
137       attributes. In order to avoid the inconvenience  of  maintaining  three
138       tables, use an LDAP or MYSQL database.
139

CONFIGURATION PARAMETERS

141       Changes to main.cf are picked up automatically, as virtual(8) processes
142       run for only a limited amount of time. Use the command "postfix reload"
143       to speed up a change.
144
145       The  text  below provides only a parameter summary. See postconf(5) for
146       more details including examples.
147

MAILBOX DELIVERY CONTROLS

149       virtual_mailbox_base (empty)
150              A prefix that the virtual(8)  delivery  agent  prepends  to  all
151              pathname results from $virtual_mailbox_maps table lookups.
152
153       virtual_mailbox_maps (empty)
154              Optional  lookup  tables with all valid addresses in the domains
155              that match $virtual_mailbox_domains.
156
157       virtual_minimum_uid (100)
158              The minimum user ID value that  the  virtual(8)  delivery  agent
159              accepts as a result from $virtual_uid_maps table lookup.
160
161       virtual_uid_maps (empty)
162              Lookup tables with the per-recipient user ID that the virtual(8)
163              delivery agent uses while writing to the recipient's mailbox.
164
165       virtual_gid_maps (empty)
166              Lookup tables with the per-recipient  group  ID  for  virtual(8)
167              mailbox delivery.
168
169       Available in Postfix version 2.0 and later:
170
171       virtual_mailbox_domains ($virtual_mailbox_maps)
172              Postfix  is final destination for the specified list of domains;
173              mail is  delivered  via  the  $virtual_transport  mail  delivery
174              transport.
175
176       virtual_transport (virtual)
177              The default mail delivery transport and next-hop destination for
178              final delivery to domains listed with $virtual_mailbox_domains.
179
180       Available in Postfix version 2.5.3 and later:
181
182       strict_mailbox_ownership (yes)
183              Defer delivery when a mailbox file is not owned by  its  recipi‐
184              ent.
185

LOCKING CONTROLS

187       virtual_mailbox_lock (see 'postconf -d' output)
188              How  to  lock  a UNIX-style virtual(8) mailbox before attempting
189              delivery.
190
191       deliver_lock_attempts (20)
192              The maximal number of attempts to acquire an exclusive lock on a
193              mailbox file or bounce(8) logfile.
194
195       deliver_lock_delay (1s)
196              The  time  between  attempts  to  acquire an exclusive lock on a
197              mailbox file or bounce(8) logfile.
198
199       stale_lock_time (500s)
200              The time after which  a  stale  exclusive  mailbox  lockfile  is
201              removed.
202

RESOURCE AND RATE CONTROLS

204       virtual_destination_concurrency_limit     ($default_destination_concur‐
205       rency_limit)
206              The maximal number of parallel deliveries to the  same  destina‐
207              tion via the virtual message delivery transport.
208
209       virtual_destination_recipient_limit       ($default_destination_recipi‐
210       ent_limit)
211              The maximal number of recipients per  message  for  the  virtual
212              message delivery transport.
213
214       virtual_mailbox_limit (51200000)
215              The  maximal  size  in bytes of an individual mailbox or maildir
216              file, or zero (no limit).
217

MISCELLANEOUS CONTROLS

219       config_directory (see 'postconf -d' output)
220              The default location of the Postfix main.cf and  master.cf  con‐
221              figuration files.
222
223       daemon_timeout (18000s)
224              How  much  time  a  Postfix  daemon process may take to handle a
225              request before it is terminated by a built-in watchdog timer.
226
227       delay_logging_resolution_limit (2)
228              The maximal number of digits after the decimal point  when  log‐
229              ging sub-second delay values.
230
231       ipc_timeout (3600s)
232              The  time  limit  for  sending  or receiving information over an
233              internal communication channel.
234
235       max_idle (100s)
236              The maximum amount of time that an idle Postfix  daemon  process
237              waits for an incoming connection before terminating voluntarily.
238
239       max_use (100)
240              The maximal number of incoming connections that a Postfix daemon
241              process will service before terminating voluntarily.
242
243       process_id (read-only)
244              The process ID of a Postfix command or daemon process.
245
246       process_name (read-only)
247              The process name of a Postfix command or daemon process.
248
249       queue_directory (see 'postconf -d' output)
250              The location of the Postfix top-level queue directory.
251
252       syslog_facility (mail)
253              The syslog facility of Postfix logging.
254
255       syslog_name (see 'postconf -d' output)
256              The mail system name that is prepended to the  process  name  in
257              syslog  records,  so  that  "smtpd" becomes, for example, "post‐
258              fix/smtpd".
259

SEE ALSO

261       qmgr(8), queue manager
262       bounce(8), delivery status reports
263       postconf(5), configuration parameters
264       syslogd(8), system logging
265

README_FILES

267       Use "postconf readme_directory" or
268       "postconf html_directory" to locate this information.
269       VIRTUAL_README, domain hosting howto
270

LICENSE

272       The Secure Mailer license must be distributed with this software.
273

HISTORY

275       This delivery agent was originally based on the Postfix local  delivery
276       agent.  Modifications mainly consisted of removing code that either was
277       not  applicable  or  that  was  not  safe  in  this  context:  aliases,
278       ~user/.forward files, delivery to "|command" or to /file/name.
279
280       The  Delivered-To: message header appears in the qmail system by Daniel
281       Bernstein.
282
283       The maildir structure appears in the qmail system by Daniel Bernstein.
284

AUTHOR(S)

286       Wietse Venema
287       IBM T.J. Watson Research
288       P.O. Box 704
289       Yorktown Heights, NY 10598, USA
290
291       Andrew McNamara
292       andrewm@connect.com.au
293       connect.com.au Pty. Ltd.
294       Level 3, 213 Miller St
295       North Sydney 2060, NSW, Australia
296
297
298
299                                                                    VIRTUAL(8)
Impressum