PIPE(8)                                                   PIPE(8)

NAME
       pipe - Postfix delivery to external command

SYNOPSIS
       pipe [generic Postfix daemon options] command_attributes...

DESCRIPTION
       The  pipe daemon processes requests from the Postfix queue
       manager to deliver messages to  external  commands.   This
       program  expects to be run from the master(8) process man-
       ager.

       Message  attributes  such  as  sender  address,  recipient
       address  and  next-hop  host name can be specified as com-
       mand-line macros that are  expanded  before  the  external
       command is executed.

       The  pipe  daemon updates queue files and marks recipients
       as finished, or it informs the queue manager that delivery
       should  be  tried  again  at a later time. Delivery status
       reports are sent to the bounce(8),  defer(8)  or  trace(8)
       daemon as appropriate.

SINGLE-RECIPIENT DELIVERY
       Some external commands cannot handle more than one recipi-
       ent per delivery request. Examples of such transports  are
       pagers, fax machines, and so on.

       To  prevent  Postfix  from sending multiple recipients per
       delivery request, specify

           transport_destination_recipient_limit = 1

       in the Postfix main.cf file, where transport is  the  name
       in the first column of the Postfix master.cf entry for the
       pipe-based delivery transport.

COMMAND ATTRIBUTE SYNTAX
       The external command attributes are given in the master.cf
       file at the end of a service definition.  The syntax is as
       follows:

       directory=pathname (optional, default: $queue_directory)
              Change to the named directory before executing  the
              external  command.  Delivery is deferred in case of
              failure.

              This feature is available as of Postfix 2.2.

       eol=string (optional, default: \n)
              The output record delimiter.  Typically  one  would
              use  either \r\n or \n. The usual C-style backslash
              escape sequences are recognized: \a \b \f \n \r  \t
              \v \ddd (up to three octal digits) and \\.

       flags=BDFORhqu.> (optional)
              Optional  message  processing  flags. By default, a
              message is copied unchanged.

              B      Append a blank line at the end of each  mes-
                     sage.  This  is  required  by some mail user
                     agents that recognize  "From  "  lines  only
                     when preceded by a blank line.

              D      Prepend  a "Delivered-To: recipient" message
                     header with the envelope recipient  address.
                     Note: for this to work, the transport_desti-
                     nation_recipient_limit must be 1.

                     This feature is available as of Postfix 2.0.

              F      Prepend  a "From sender time_stamp" envelope
                     header to  the  message  content.   This  is
                     expected by, for example, UUCP software.

              O      Prepend  an  "X-Original-To: recipient" mes-
                     sage header with the  recipient  address  as
                     given  to  Postfix.  Note: for this to work,
                     the    transport_destination_recipient_limit
                     must be 1.

                     This feature is available as of Postfix 2.0.

              R      Prepend a Return-Path: message  header  with
                     the envelope sender address.

              h      Fold the command-line $recipient domain name
                     and $nexthop host name to lower case.   This
                     is recommended for delivery via UUCP.

              q      Quote  white space and other special charac-
                     ters in the command-line $sender and $recip-
                     ient address localparts (text to the left of
                     the right-most @ character), according to an
                     8-bit  transparent version of RFC 822.  This
                     is recommended  for  delivery  via  UUCP  or
                     BSMTP.

                     The  result  is  compatible with the address
                     parsing of command-line  recipients  by  the
                     Postfix sendmail mail submission command.

                     The  q  flag  affects only entire addresses,
                     not the partial address information from the
                     $user,  $extension  or $mailbox command-line
                     macros.

              u      Fold  the  command-line  $recipient  address
                     localpart  (text  to  the left of the right-
                     most @ character) to lower  case.   This  is
                     recommended for delivery via UUCP.

              .      Prepend "." to lines starting with ".". This
                     is needed by, for example, BSMTP software.

              >      Prepend ">" to lines starting with "From  ".
                     This is expected by, for example, UUCP soft-
                     ware.

       size=size_limit (optional)
              Messages greater in size than this limit (in bytes)
              will be bounced back to the sender.

       user=username (required)

       user=username:groupname
              The external command is executed with the rights of
              the specified username.  The  software  refuses  to
              execute  commands with root privileges, or with the
              privileges of the mail system owner.  If  groupname
              is  specified,  the  corresponding group ID is used
              instead of the group ID of username.

       argv=command... (required)
              The command to be executed. This must be  specified
              as the last command attribute.  The command is exe-
              cuted  directly,  i.e.  without  interpretation  of
              shell  meta  characters  by  a shell command inter-
              preter.

              In  the  command  argument  vector,  the  following
              macros are recognized and replaced with correspond-
              ing information  from  the  Postfix  queue  manager
              delivery request.

              In  addition  to  the form ${name}, the forms $name
              and $(name) are also recognized.  Specify $$  where
              a single $ is wanted.

              ${extension}
                     This  macro expands to the extension part of
                     a recipient address.  For example,  with  an
                     address  user+foo@domain  the  extension  is
                     foo.

                     A  command-line   argument   that   contains
                     ${extension}  expands  into as many command-
                     line arguments as there are recipients.

                     This information is modified by the  u  flag
                     for case folding.

              ${mailbox}
                     This  macro  expands  to  the complete local
                     part of a recipient address.   For  example,
                     with  an address user+foo@domain the mailbox
                     is user+foo.

                     A  command-line   argument   that   contains
                     ${mailbox} expands into as many command-line
                     arguments as there are recipients.

                     This information is modified by the  u  flag
                     for case folding.

              ${nexthop}
                     This macro expands to the next-hop hostname.

                     This information is modified by the  h  flag
                     for case folding.

              ${recipient}
                     This macro expands to the complete recipient
                     address.

                     A  command-line   argument   that   contains
                     ${recipient}  expands  into as many command-
                     line arguments as there are recipients.

                     This information  is  modified  by  the  hqu
                     flags for quoting and case folding.

              ${sasl_method}
                     This  macro  expands to the SASL authentica-
                     tion mechanism used during the reception  of
                     the  message.  An  empty string is passed if
                     the message has been received  without  SASL
                     authentication.

                     This  is available in Postfix 2.2 and later.

              ${sasl_sender}
                     This macro expands to the SASL  sender  name
                     (i.e.  the  original  submitter  as  per RFC
                     2554) used during the reception of the  mes-
                     sage.

                     This  is available in Postfix 2.2 and later.

              ${sasl_username}
                     This macro expands to  the  SASL  user  name
                     used during the reception of the message. An
                     empty string is passed if  the  message  has
                     been received without SASL authentication.

                     This  is available in Postfix 2.2 and later.

              ${sender}
                     This macro expands to  the  envelope  sender
                     address.

                     This  information  is modified by the q flag
                     for quoting.

              ${size}
                     This macro expands to Postfix's idea of  the
                     message  size,  which is an approximation of
                     the size of the message as delivered.

              ${user}
                     This macro expands to the username part of a
                     recipient  address.   For  example,  with an
                     address user+foo@domain the username part is
                     user.

                     A   command-line   argument   that  contains
                     ${user} expands into  as  many  command-line
                     arguments as there are recipients.

                     This  information  is modified by the u flag
                     for case folding.

DIAGNOSTICS
       Command exit status codes are expected to follow the  con-
       ventions defined in <sysexits.h>.

       Problems  and transactions are logged to syslogd(8).  Cor-
       rupted message files are marked so that the queue  manager
       can move them to the corrupt queue for further inspection.

SECURITY
       This program needs a dual personality  1)  to  access  the
       private  Postfix  queue and IPC mechanisms, and 2) to exe-
       cute external commands as the specified user. It is there-
       fore security sensitive.

CONFIGURATION PARAMETERS
       Changes  to main.cf are picked up automatically as pipe(8)
       processes run for only a limited amount of time.  Use  the
       command "postfix reload" to speed up a change.

       The  text  below  provides  only  a parameter summary. See
       postconf(5) for more details including examples.

RESOURCE AND RATE CONTROLS
       In the text below, transport is the first field in a  mas-
       ter.cf entry.

       transport_destination_concurrency_limit ($default_destina-
       tion_concurrency_limit)
              Limit the number of parallel deliveries to the same
              destination, for delivery via the named  transport.
              The limit is enforced by the Postfix queue manager.

       transport_destination_recipient_limit   ($default_destina-
       tion_recipient_limit)
              Limit the number of recipients per  message  deliv-
              ery,  for  delivery  via  the named transport.  The
              limit is enforced by the Postfix queue manager.

       transport_time_limit ($command_time_limit)
              Limit the time for delivery  to  external  command,
              for delivery via the named transport.  The limit is
              enforced by the pipe delivery agent.

MISCELLANEOUS CONTROLS
       config_directory (see 'postconf -d' output)
              The default location of  the  Postfix  main.cf  and
              master.cf configuration files.

       daemon_timeout (18000s)
              How  much time a Postfix daemon process may take to
              handle a request  before  it  is  terminated  by  a
              built-in watchdog timer.

       export_environment (see 'postconf -d' output)
              The  list  of  environment variables that a Postfix
              process will export to non-Postfix processes.

       ipc_timeout (3600s)
              The time limit for sending or receiving information
              over an internal communication channel.

       mail_owner (postfix)
              The UNIX system account that owns the Postfix queue
              and most Postfix daemon processes.

       max_idle (100s)
              The maximum amount of time  that  an  idle  Postfix
              daemon  process  waits for the next service request
              before exiting.

       max_use (100)
              The maximal number of connection requests before  a
              Postfix daemon process terminates.

       process_id (read-only)
              The  process ID of a Postfix command or daemon pro-
              cess.

       process_name (read-only)
              The process name of a  Postfix  command  or  daemon
              process.

       queue_directory (see 'postconf -d' output)
              The  location of the Postfix top-level queue direc-
              tory.

       recipient_delimiter (empty)
              The separator between user names and address exten-
              sions (user+foo).

       syslog_facility (mail)
              The syslog facility of Postfix logging.

       syslog_name (postfix)
              The  mail system name that is prepended to the pro-
              cess  name  in  syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".

SEE ALSO
       qmgr(8), queue manager
       bounce(8), delivery status reports
       postconf(5), configuration parameters
       master(5), generic daemon options
       master(8), process manager
       syslogd(8), system logging

LICENSE
       The  Secure  Mailer  license must be distributed with this
       software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                          PIPE(8)