1VIRTUAL(8) System Manager's Manual VIRTUAL(8)
2
3
4
6 virtual - Postfix virtual domain mail delivery agent
7
9 virtual [generic Postfix daemon options]
10
12 The virtual(8) delivery agent is designed for virtual mail hosting ser‐
13 vices. Originally based on the Postfix local(8) delivery agent, this
14 agent looks up recipients with map lookups of their full recipient
15 address, instead of using hard-coded unix password file lookups of the
16 address local part only.
17
18 This delivery agent only delivers mail. Other features such as mail
19 forwarding, out-of-office notifications, etc., must be configured via
20 virtual_alias maps or via similar lookup mechanisms.
21
23 The mailbox location is controlled by the virtual_mailbox_base and vir‐
24 tual_mailbox_maps configuration parameters (see below). The vir‐
25 tual_mailbox_maps table is indexed by the recipient address as
26 described under TABLE SEARCH ORDER below.
27
28 The mailbox pathname is constructed as follows:
29
30 $virtual_mailbox_base/$virtual_mailbox_maps(recipient)
31
32 where recipient is the full recipient address.
33
35 When the mailbox location does not end in /, the message is delivered
36 in UNIX mailbox format. This format stores multiple messages in one
37 textfile.
38
39 The virtual(8) delivery agent prepends a "From sender time_stamp" enve‐
40 lope header to each message, prepends a Delivered-To: message header
41 with the envelope recipient address, prepends an X-Original-To: header
42 with the recipient address as given to Postfix, prepends a Return-Path:
43 message header with the envelope sender address, prepends a > character
44 to lines beginning with "From ", and appends an empty line.
45
46 The mailbox is locked for exclusive access while delivery is in
47 progress. In case of problems, an attempt is made to truncate the mail‐
48 box to its original length.
49
51 When the mailbox location ends in /, the message is delivered in qmail
52 maildir format. This format stores one message per file.
53
54 The virtual(8) delivery agent prepends a Delivered-To: message header
55 with the final envelope recipient address, prepends an X-Original-To:
56 header with the recipient address as given to Postfix, and prepends a
57 Return-Path: message header with the envelope sender address.
58
59 By definition, maildir format does not require application-level file
60 locking during mail delivery or retrieval.
61
63 Mailbox ownership is controlled by the virtual_uid_maps and vir‐
64 tual_gid_maps lookup tables, which are indexed with the full recipient
65 address. Each table provides a string with the numerical user and group
66 ID, respectively.
67
68 The virtual_minimum_uid parameter imposes a lower bound on numerical
69 user ID values that may be specified in any virtual_uid_maps.
70
72 All delivery decisions are made using the full recipient address,
73 folded to lower case. See also the next section for a few exceptions
74 with optional address extensions.
75
77 Normally, a lookup table is specified as a text file that serves as
78 input to the postmap(1) command. The result, an indexed file in dbm or
79 db format, is used for fast searching by the mail system.
80
81 The search order is as follows. The search stops upon the first suc‐
82 cessful lookup.
83
84 · When the recipient has an optional address extension the
85 user+extension@domain.tld address is looked up first.
86
87 With Postfix versions before 2.1, the optional address extension
88 is always ignored.
89
90 · The user@domain.tld address, without address extension, is
91 looked up next.
92
93 · Finally, the recipient @domain is looked up.
94
95 When the table is provided via other means such as NIS, LDAP or SQL,
96 the same lookups are done as for ordinary indexed files.
97
98 Alternatively, a table can be provided as a regular-expression map
99 where patterns are given as regular expressions. In that case, only the
100 full recipient address is given to the regular-expression map.
101
103 The virtual(8) delivery agent is not security sensitive, provided that
104 the lookup tables with recipient user/group ID information are ade‐
105 quately protected. This program is not designed to run chrooted.
106
107 The virtual(8) delivery agent disallows regular expression substitution
108 of $1 etc. in regular expression lookup tables, because that would open
109 a security hole.
110
111 The virtual(8) delivery agent will silently ignore requests to use the
112 proxymap(8) server. Instead it will open the table directly. Before
113 Postfix version 2.2, the virtual delivery agent will terminate with a
114 fatal error.
115
117 RFC 822 (ARPA Internet Text Messages)
118
120 Mail bounces when the recipient has no mailbox or when the recipient is
121 over disk quota. In all other cases, mail for an existing recipient is
122 deferred and a warning is logged.
123
124 Problems and transactions are logged to syslogd(8). Corrupted message
125 files are marked so that the queue manager can move them to the corrupt
126 queue afterwards.
127
128 Depending on the setting of the notify_classes parameter, the postmas‐
129 ter is notified of bounces and of other trouble.
130
132 This delivery agent supports address extensions in email addresses and
133 in lookup table keys, but does not propagate address extension informa‐
134 tion to the result of table lookup.
135
136 Postfix should have lookup tables that can return multiple result
137 attributes. In order to avoid the inconvenience of maintaining three
138 tables, use an LDAP or MYSQL database.
139
141 Changes to main.cf are picked up automatically, as virtual(8) processes
142 run for only a limited amount of time. Use the command "postfix reload"
143 to speed up a change.
144
145 The text below provides only a parameter summary. See postconf(5) for
146 more details including examples.
147
149 virtual_mailbox_base (empty)
150 A prefix that the virtual(8) delivery agent prepends to all
151 pathname results from $virtual_mailbox_maps table lookups.
152
153 virtual_mailbox_maps (empty)
154 Optional lookup tables with all valid addresses in the domains
155 that match $virtual_mailbox_domains.
156
157 virtual_minimum_uid (100)
158 The minimum user ID value that the virtual(8) delivery agent
159 accepts as a result from $virtual_uid_maps table lookup.
160
161 virtual_uid_maps (empty)
162 Lookup tables with the per-recipient user ID that the virtual(8)
163 delivery agent uses while writing to the recipient's mailbox.
164
165 virtual_gid_maps (empty)
166 Lookup tables with the per-recipient group ID for virtual(8)
167 mailbox delivery.
168
169 Available in Postfix version 2.0 and later:
170
171 virtual_mailbox_domains ($virtual_mailbox_maps)
172 Postfix is final destination for the specified list of domains;
173 mail is delivered via the $virtual_transport mail delivery
174 transport.
175
176 virtual_transport (virtual)
177 The default mail delivery transport and next-hop destination for
178 final delivery to domains listed with $virtual_mailbox_domains.
179
180 Available in Postfix version 2.5.3 and later:
181
182 strict_mailbox_ownership (yes)
183 Defer delivery when a mailbox file is not owned by its recipi‐
184 ent.
185
187 virtual_mailbox_lock (see 'postconf -d' output)
188 How to lock a UNIX-style virtual(8) mailbox before attempting
189 delivery.
190
191 deliver_lock_attempts (20)
192 The maximal number of attempts to acquire an exclusive lock on a
193 mailbox file or bounce(8) logfile.
194
195 deliver_lock_delay (1s)
196 The time between attempts to acquire an exclusive lock on a
197 mailbox file or bounce(8) logfile.
198
199 stale_lock_time (500s)
200 The time after which a stale exclusive mailbox lockfile is
201 removed.
202
204 virtual_destination_concurrency_limit ($default_destination_concur‐
205 rency_limit)
206 The maximal number of parallel deliveries to the same destina‐
207 tion via the virtual message delivery transport.
208
209 virtual_destination_recipient_limit ($default_destination_recipi‐
210 ent_limit)
211 The maximal number of recipients per message for the virtual
212 message delivery transport.
213
214 virtual_mailbox_limit (51200000)
215 The maximal size in bytes of an individual mailbox or maildir
216 file, or zero (no limit).
217
219 config_directory (see 'postconf -d' output)
220 The default location of the Postfix main.cf and master.cf con‐
221 figuration files.
222
223 daemon_timeout (18000s)
224 How much time a Postfix daemon process may take to handle a
225 request before it is terminated by a built-in watchdog timer.
226
227 delay_logging_resolution_limit (2)
228 The maximal number of digits after the decimal point when log‐
229 ging sub-second delay values.
230
231 ipc_timeout (3600s)
232 The time limit for sending or receiving information over an
233 internal communication channel.
234
235 max_idle (100s)
236 The maximum amount of time that an idle Postfix daemon process
237 waits for an incoming connection before terminating voluntarily.
238
239 max_use (100)
240 The maximal number of incoming connections that a Postfix daemon
241 process will service before terminating voluntarily.
242
243 process_id (read-only)
244 The process ID of a Postfix command or daemon process.
245
246 process_name (read-only)
247 The process name of a Postfix command or daemon process.
248
249 queue_directory (see 'postconf -d' output)
250 The location of the Postfix top-level queue directory.
251
252 syslog_facility (mail)
253 The syslog facility of Postfix logging.
254
255 syslog_name (see 'postconf -d' output)
256 The mail system name that is prepended to the process name in
257 syslog records, so that "smtpd" becomes, for example, "post‐
258 fix/smtpd".
259
261 qmgr(8), queue manager
262 bounce(8), delivery status reports
263 postconf(5), configuration parameters
264 syslogd(8), system logging
265
267 Use "postconf readme_directory" or
268 "postconf html_directory" to locate this information.
269 VIRTUAL_README, domain hosting howto
270
272 The Secure Mailer license must be distributed with this software.
273
275 This delivery agent was originally based on the Postfix local delivery
276 agent. Modifications mainly consisted of removing code that either was
277 not applicable or that was not safe in this context: aliases,
278 ~user/.forward files, delivery to "|command" or to /file/name.
279
280 The Delivered-To: message header appears in the qmail system by Daniel
281 Bernstein.
282
283 The maildir structure appears in the qmail system by Daniel Bernstein.
284
286 Wietse Venema
287 IBM T.J. Watson Research
288 P.O. Box 704
289 Yorktown Heights, NY 10598, USA
290
291 Andrew McNamara
292 andrewm@connect.com.au
293 connect.com.au Pty. Ltd.
294 Level 3, 213 Miller St
295 North Sydney 2060, NSW, Australia
296
297
298
299 VIRTUAL(8)