lmtpd

lmtpd -- LMTP server

lmtpd [ -C config-file ] [ -e ] [ -n name ] lmtpd -V

lmtpd is a LMTP server which delivers incomming mail into Maildirs. It has the following features :

- user defined filters

- user log files

- soft quota support

- may receive mail in shared folders

lmtpd can be run using unix socket, pipe or via inetd configured like this :

   lmtp  stream  tcp  nowait  root  /usr/local/libexec/lmtpd lmtpd

The following options are avaiable :

-C file

use file as configuration file instead of default,

-e

log to standard error in addition to syslog,

-V

show version and compilation option then exit.

-n name

set the name used for syslog and the tag for libhome identification.

The configuration file /usr/local/etc/lmtpd.conf by default) is read at startup. Lines containing only blanks or which begin with a by ’#’ are ignored. Other lines must have begin with a directive and be followed by its value. These are the valid directives:

Time and delay values may be suffixed by ’s’ (seconds, the default), ’m’ (minuts), ’h’ (hours), ’d’ (days) or ’w’ (weeks).

Boolean take ’yes’, ’true’ or ’1’ value in any case to mean true and

Limits

received.max

maximum number of Received headers allowed in incoming mail. An error code will be sent if this value is exceeded. The value should be lower than the local sendmail’s limit. Default is 25 hops.

size.max

maximum size of incoming messages. Default is 0 wich means no limit.

timeout.cmd

timeout between two commands from an incoming flow.

timeout.dataline

timeout between the reception of two lines of data.

timeout.deliver

timeout per recipient delivery.

forwards.max

Maximum number of time the message can be duplicated and forwarded to foreign adresses (using forward2 user filter command). Set to "0" to disable this command. A non positive number means unlimited duplicated forwarding. Default is "-1".

receieved.front regexp

Case sensitive extended regular expression matching the first Recieved header inserted by your mail service. Example:

  by (smtp-in1|smtp-in2).exemple.com

If empty (default) or never matched, the first found Recieved header not inserted my the LMTP server is taken. This is useful only if theyre is SMTP servers between the the Internet and LMTP client.

Files and permissions

include

Include the file name in argument as an additional configuration file.

uid

gid

Unix user and group ID to access to spool directory. Autentification and LMTD dialog are using this privileges too. Default for both is 65534.

missing.path.uid

missing.path.gid

The Unix user and group ID used to create missing directories to user home path. If one of this settings is -1, path are not created. Default for both is 65534.

mode.hier

Unix mode to use for the creation of missing path directories, octal values have to be prefixed by ’0’. Default value is 0755.

mode.mail

Unix mode to used for the creation of missing Maildir directories octal values have to be prefixed by ’0’. Default value is 0751.

share.domain

domain which receive mail for shared folders. If not defined, shared folder delivery will be disabled.

share.map

file containg folders and shared maildir paths If not defined, shared folder delivery will be disabled.

recipient.delimiter character

Character used to separate address extension from local recipient name. Default is "+"

domain.local

Domain name trimmed to recipient name before system password lookup of the recipient and appended to mailbox name. Default is empty, the getpwnam(3) routines shall manage domains or the no.domain.recipient option should be enabled.

no.domain.recipient

Boolean that indicate if the recipient address may have no domain part. This violates the RFC 2033 but it may be usefull if recipient addresses are not true recipient addresses. To make vacation messages work, your sendmail system should be able to reverse the recipients to real addresses, including the extension part (defined according recipient.delimiter) if enabled. Default is false.

sendmail.path

Path the sendmail program. Default is determined at compile time and may be seen running "lmtpd -V". This program will be called like this:

   sendmail -i -f <from-address> <to-address>

filesystem.with.noatime

Boolean. Set if the maildir filesystem is monted with noatime option (don’t change access time when file is read or recreated). This option make the access time to be changed when needed (ex: for logrotate user command).

filesystem.change.atime.when.write

Boolean. Workaround for some bogus filesystem who change atime when we just write file (Netapp for example) Currently used for user log file rotation.

SASL client authentication

Connection may be authenticated using SASL. CRAM-MD5 and PLAIN mechanisms are supported.

sasl.user user password

Username and password for SASL authentification. This directive may appear multiple times to define multiple user names.

sasl.need.auth

Boolean telling the server that SASL authentification is mandatory prior to submit mails. Default is false.

sasl.noplain

Boolean telling if the PLAIN authentification mechanism is disallowed. Default is false.

User filter settings

filtername filename ...

List of filename containing filter. The name are relative to user Maildir directory. They are executed in order until a final delivery command occurs. If empty (default), filtering is disabled.

log.name filename

name of the file where use mail logging is stored in the user Maildir folder. If not set, use logging is disabled. This file has to exist in the user Maildir and must have read and write permission for the user. Logs entries will be appended to the existing file.

log.maxsize size

Set the size limit beyond which the log file can rotate Default is 0 which means that the log file does not rotate.

log.mintime time

Set the minimum delay between log file rotation. Default is 0 which means log file doesn’t rotate.

log.msg path

Prefix for a file containing a message to send to the recipient when the logs exceed limits. The domain of the recipient will be added to this prefix to give the file name to use. If the filename does not exist, the prefix itself will be the file name. If a file is found, it must contain the headers and the body (separated by an empty line) of a mail message to send to the user. The following sequences are handled specially :

%D

the domain name of the recipient

%R

the recipient

%s

a string representing date and time ("%Y%m%d%H%M%S" strftime(3) format)

%L

The log itself

%%

the ’%’ character.

Default is empty which means log file doesn’t rotate. log.maxsize, log.mintime, and log.msg should be both non null to activate log rotation.

vacation.cache filename

name of the file where sender are cached for the vacation filter command. If not set, the vacation command will be disabled.

vacation.cache.create boolean

Create the vacation.cache file is not exists. Defaut is off, the user has to create the file by itself.

res.retry number

Set the number of retries for user DNS resolutions.

res.retrans time

Set the time between retransmissions for user DNS resolutions.

rbl.server nick domain

Associate a nickname of a blacklist service and the lookup domain. The blacklist should be designed to check the reverse IP addresses found in the Received headers. This directive may appear multiple times (one per allowed blacklist service). When the domain is empty, it just check the IP address syntax.

rhsbl.server nick domain

Associate the nickname of a blacklist service and the lookup domain. The blacklist should be designed to check the envelope forward domain. This directive may appear multiple times (one per allowed blacklist service).

bounce.message line

The default argument of the bounce command (default is "Permission denied").

mailinglists.file filename

File containing list of mailing lists (one per line) the user has subscribed. Default is empty. For sqwebmail, a good choise is "sqwebmail-mailinglists".

alias.file filename

alias.format regexp

alias.sub.addresses number

Define the filename of file with the aliases, the format of lines where aliases are defined and the ordinal number of the parenthesis subsexpression of the format which matches the aliases. Multiples aliases are defined in one subsexpression when they are separated by blanks or coma.

For mail(1) alias file :

  alias.file           ../.mailrc
  alias.format         ^alias +[^ ]+ +(.*)$
  alias.sub.addresses  1

For sqwebmail addressbook :

  alias.file           sqwebmail-addressbook
  alias.format         ^[^:]+: +".*" +<(.*)> *$
  alias.sub.addresses  1

syslog.acl host action

Check if the destination host is allowed for user syslog logging. If action is empty, the destination is allowed, else it’s denied. Multiple syslog.acl lines can appear.

the host has one of the folloing forms:

username@domainname

check the mailbox

@domainame

check the domain part of the mailbox.

hostname.domainame

check syslog

.domainname

check a subdomain part

ip1.ip2.ip3.ip4

check the full IP address

ip1.ip2.ip3.

ip1.ip2.

ip1.

check the first parts of a IP address.

Non unicast destinations are automatically denied.

syslog.src hostname[:port]

Set the origin of syslog packet for user syslog logging.

bodycheck.maxlen

maximum size allowed for body filtering. If its value is 0 (default) theyre is no maximum, if its value is a non positive number, body filtering is disabled.

timezone zonename

Set the time zone for display logs and compute scalars.

module.path directory

Set the directory containing module files. If undefined (default) modules are disabled.

filter.debug.msg mailbox file

Set the message format for debug user filter command. See Mailbox ACL format for mailbox argument. The mailbox domain will be concatened to the prefix to find a file. If theyre is no such file, the prefix itself will be the file name. If found, the following sequences within the file are handled specialy:

%D

the domain name of the recipient

%R

the recipient

%X

the debug output

%H

the original message headers

%B

the message body

%%

the ’%’ character.

file.charset.re regexp charset

Set the charset in use when the file match the extended regular expression. This directive may appear multiple times, the charset of the file will be those of the first matching expression. It’s currently not used.

Quota options

quota.warnmsg

Prefix for a file containing a warning message to send to the recipient when he has exceeded his quota. The domain of the recipient will be added to this prefix to give the file name to use. If the filename does not exists, the prefix itself will be the file name. If a file is found, it has to contain the headers and the body (separated by a empty line) of a mail message to send to the user. The following sequences are treated specialy :

%Q

the current user quota in byte

%D

the domain name of the recipient

%R

the recipient

%%

the ’%’ character.

The default value is empty which means that no warning message is send.

quota.timefatal delay

A duration as from which delivery into a over quota mail box returns a permanent error code. The default is a non positive delay wich means that errors are always transient. A zero value will signify that errors will always be permanent.

quota.timefatal.acl mailbox delay

Same as quota.timefatal but per mailbox configurable. See Mailbox ACL format section for mailbox format.

quota.mark filename

Empty timestamp file in user’s Maildir to avoid the sending of multiple quota warning message. When empty (the default), no quota warning message will be sent and messages over quota are alway transient.

quota.cache.timeout

To avoid continuous transfer of mail to mailbox over quota, a shared cache can keep the return code and the time when the quota was actually checked. quota.cache.timeout is the delay of validity of entries in the cache. If quota.mark is enabled, the entry will be immedialety removed from the cache when the mailbox goes under its quota. Default is a negative value which disables caching. A good value should be about the same than the LMTP client’s periodic flush delay. quota.maxchecks is the maximum number of entries seen in the cache timeout period before returning a persistant error code. This can help to keep the smtp server queue small if a user is mailbombed. A negative value disable this check.

quota.cache.method

Set the method used to store the over quota cache of users

db

use a Berkeley DB3 or DB4 environment

link

use symlinks in a directory

mysql

use a MySQL database

mysql.add

use a MySQL database and only store additions (do not do checks or deletions)

quota.db.file

On db cache method, set the file that contains the database. Default is "quota.db". If empty, use an in-memory database.

quota.db.env

On db cache method, set the file that contains the environment. Default is spool directory.

quota.link.dir

On link cache method, set a directory to drop the symbolic links. This directory should be writable by all cachable mail users.

quota.mysql.host

quota.mysql.user

quota.mysql.password

quota.mysql.database

quota.mysql.table

On mysql and mysql.add cache method, set the data host, user, passwords, database and table names.

quota.mysql.col.user

On mysql and mysql.add cache method, set the name of the columns where is user. this columns must be a UNIQ INDEX.

quota.mysql.col.time

quota.mysql.col.code

quota.mysql.col.num

On mysql cache method, they are 3 unsigned integer column names which must be defined.

Bounces

By default, bounce messages are forwarded using LMTP protocol. If the mybounce boolean is true persistant error are reported by forging an new mail send back to the envelope forward path. Internal bounces are send only for valid recipient (but maybe unknown). The LMTP client may send another bounce if some other condition occurs (for example, invalid address format). sendmail command must answer quickly for this command, it shall not spending time for name resolution or other checks.

mybounce

Boolean enabling internal bounces.

mybounce.msg

List of file name parts containing bounce messages. If an element begin with the ’/’, its an absolute file name. If this list is empty, a default bounce message will be send.

mybounce.path

Format of file names containing bounce messages. In this format, the sequence %s is replaced by the the elements of mybounce.msg list.

Example : If mybounce.path is set to /usr/local/etc/lmtpd/bounce.%s.txt and mybounce.msg set to "fr en", bounce messages will be read within /usr/local/etc/lmtpd/bounce.fr.txt and /usr/local/etc/lmtpd/bounce.en.txt files.

Messages should containt MIME part headers and bodies. If the list containt more than two elements, bounce description is send in a multipart/alternative MIME part. Notice that if all elements are acceptable in user environment, the last MIME part is often prefered. Within the message, the following escape sequences are reconised :

%%

The ’%’ character.

%u

List of users, one by line, who generared the bounce.

%s

List of error codes, one by line.

%h

Hostname of LMTP server.

Logging

syslog.facility facility

facility used to send message by syslog(3). Default is mail.

mysqllog.host hostname

mysqllog.user username

mysqllog.password password

mysqllog.database database

mysqllog.query insert into ...

If mysqllog.query is defined, log the errors in a MySQL database using host, user and password.

In the query string, sequence of two character begining by ’%’ are expanded like this :

%E

returned message (string)

%A

triggered action (string)

%m

recipient mailbox (string)

%r

recipient user (string)

%M

mail Message-ID (string)

%s

envellope sender (string)

%S

received message size (interger)

%p

process ID (integer)

%k

message counter (integer)

%L

LHLO name (string)

%H

hostname of lmtp server (string)

%P

peer host name and address (string)

%T

unix timestamp when the server started (integer)

%q

last client input line (string)

%%

percent character

Strings are automatically quoted. Unknown strings values are set to NULL and unknown integer value are set to 0.

reply.id boolean

Reply the current ID in LMTP protocol answer. May be useful to track the log from the LMTP client. Default is false.

Virus scan

av.type

Type of antivirus in use. Value is one of

none

(default) no antivirus.

drweb

Talk to some DrWeb servers. DrWeb is avaiable from http://www.drweb.ru/

clamd

Talk to some clamd servers. Clamd is ClamAV server avaiable from http://clamav.sourceforge.net/

sophie

Talk to some Sophie servers. Sophie is avaiable from http://www.vanja.com/tools/

When an antivirus is activated by the user, default message for "bounce" filter command will be changed according the virus name if any is found.

av.default.header

Default argument for antivirus filter command.

av.checkall

Boolean. Check all incoming mail for virus (and send ouput to syslog). Default is false.

av.clamd.servers

av.drweb.servers

av.sophie.servers

Space separated list of Clamd, DrWeb or Sophie servers. A server is a filename of a Unix socket or an IPv4 address suffixed by ’:’ and a port number.

av.clamd.servers.roll

av.drweb.servers.roll

av.sophie.servers.roll

Percentage of chance to switch a server from the list who a previously answered correclty. With 100 the next used server will be the next in the list, with 0 (default) servers are keeped until they fail to answer.

av.clamd.timeout

av.drweb.timeout

av.sophie.timeout

Timeout for Clamd/DrWeb/Sophie operations. Default is 0 (no timeout)

av.clamd.mbox_format

Send mail to clamd using mbox format (with a starting "From "). Default is false and mail are send it raw format. Set it true if you are using a old clamav (version 0.60 is old).

av.virus.keeper mailbox

Set a mailbox to catch all detected virus. Default is empty (virus are not keeped). You may use a filter on this mailbox but check for loops if this mailbox is shared.

av.action mailbox action

Set the action to do for default delivery command when a virus is found. Default delivery command is triggered when theyre is no explicit "deliver", "forward", etc on user filter. See Mailbox ACL format section for mailbox format. Action may be

(empty)

No antivirus check is done, mail is delivered.

drop

The virus is quietly droped

a filename prefix (begining by /)

The agent will open a filename with the recipient domain concatened with the prefix or, if the file does not exists, the prefix itself as filename. In this file, following sequences are substitued:

%%

The "%" character

%D

Recipient domain

%R

Full recipient name

%s

Time stamp

%v

The virus name

%F

The original From header value.

%S

The original Subject header value.

%H

Headers of received mail.

%B

Body of received mail.

Resulting notification data will be delivered as normal instead if the incoming mail. If an error occurs, the message will be delivered.

Default is to pass for every mailboxes.

Foreign filters

spamassassin.servers

Space separated list of SpamAssassin servers. A server is a filename of a Unix socket or an IPv4 address suffixed by ’:’ and a port number. Default is empty, this disable spamassassin command.

spamassassin.servers.roll

Percentage of chance to switch a server from the spamassassin.servers list who a previously answered correclty. With 100 the next used server will be the next in the list, with 0 (default) servers are keeped until they fail to answer.

spamassassin.timeout

Timeout for SpamAssassin operations. Default is 0 (no timeout)

spamassassin.maxsize

If positive, messages with theyre size bigger that this limit in bytes will not be send to SpamAssassin. Default is 0 (no limit). SpamAssassin FAQ recomands a limit around 200000.

spamassassin.acl mailbox action

Access list of mailboxes allowed to use Spam Assassin servers. If action is empty, the mailbox is allowed to ask Spam Assassin servers. Multiple spamassassin.acl lines can appear. See below for mailbox format. By default, all users may use servers if at least one is defined.

pipe.path mailbox path

Set the search path for programs for the pipe user filter command. The path is a sequence of directories, separated by colons. When empty, pipe command is denied. This is the default. See below for mailbox format.

Mailbox ACL format

With spamassassin.acl and pipe.path options, mailboxes may have one of the following formats:

user@domain.example

for a specific mailbox.

@domain.example

for all mailbox from the given domain.

@*.example

for all mailbox from all subdomains of the given domain.

@

for default action.

Perl filter

Don’t use. The interface is not stable yet.

When share.domain and share.map are set, delivery to shared folders will be enabled. share.map contains lines with two fields, first is the name of the shared folder, second the path of the Maildir folder. For example:

  foo /path/to/foo
  bar /path/to/bar

Mail addressed to foo@share.domain will be stored into /path/to/foo maildir. Filtering has to be set to deliverd into sub folders.

The differences with normal delivery are:

- mail are delivered in "cur" directory,

- mail files are publicly readable,

- the path to the Maildir is not automatically created if missing,

- the files are owned by the owner of the maildir,

- The first Received and Delivered-To headers are not stored in the message file.

The filtername files contain lines describing how incoming mail are handled. Blank lines or lines begining with ’#’ are ignored.

Filtering according headers

When a filter line has the following form

   Header:  expression command
   Header: !expression command

command will be executed if there is a header in the message in which the given expression is matched (or, in the second form, is not matched). See the expressions paragraph below for a description of expression syntax.

Headers can be grouped :

  Header1:Header2:Header3:  expression command

When multiple tests are made with the same group of headers, they may be marked within a header set which may be used prefixed by a ’%’:

  : header_set h Header1 Header2 Header3
  %h:    expression command

(see the header_set command for restrictions about the names of sets)

To make a header or header set to be decoded according RFC 2047 and converted in UTF-8 when possible, you shall prefix it by a ’~’:

 ~Header1:~Header2:~%h:  expression command

The form is negated when prefixed by a exclamation mark !, for example :

 !Header: expression command

execute command when no header Header matches the expression.

Header comparisons are case insensitive unless the Header declaration begins by the backslash (’\’) character.

Filtering with modules

When a filter line has the following form

&name expression command

&name !expression command

The module name will be run and if the returned message match expression (or, with the second form, not match) the command will be executed.

Modules syntax is the same as user filter syntax but the command set is different. Allowed commands in modules are

skipto label

score ...

work as user filter commands

ok

exit the module without message.

message text

exit the module returning "text" message

Score is kept untouched after module parsing and private headers are not checked.

Filtering according scalars

A scalar value is a number possibly followed by a one letter multiplicator :

s

size of incoming mail in bytes

l

number of lines in the message

r

number or local recipients

?

random floating number between 0 (included) and 1 (excluded).

v

number of viruses according the configurated antivirus. -1 when an error orrurs in mail scanning.

a

spam assassin score (floating number)

k

1024

m

1048576

g

1073741824

h[header1:header2:...]

The count of headers in the message. Followed by a colon (":") list of header, restrict the count to the header of this list.

tformat

get the time according format. format is a succession of letters that have the following meaning :

c

the century with 2 digits

y

the year in the century (2 digits)

m

the month from 01 to 12 with 2 digits

d

the day in the month, from 01 to 31 with 2 digits

w

the day in the week from 0 (Sunday) to 6 (Saturday) with one digit.

h

the hour from 00 to 23 with 2 digits

n

the minuts from 00 to 59 with 2 digits

s

the seconds from 00 to 59 with 2 digits

time is computed according user specified or system time zone.

Theyre is one scalar named score.

When the filter line has one of the following form,

$x=y command $x<y command $x<=y command $x<>y command $x>y command $x>=y command
where x and y are scalar the command will be executed if the x is equal, less, less or equal, different, greater, greater or equal to y. When x or y is empty, the compared value is the current score. If x is empty, the first $ may be ommited.

For exemple, the following sets of rules deliver in the small folder when the size if less than 10240 bytes :

  : score =s
  <10k         deliver small

  : score =s
  $<10k        deliver small

  $s<10k       deliver small

Labels

A filter line like

:label [command]

defines a label and executes the optional command. label can be omited. To run unconditionnaly a command, the following syntax is prefered:

: command

(with at least one space between ":" and the command)

Body filtering

If a filter line begin with a positive or negative number, the next expression will be matched against a part of the message body :

number Expression command

+number Expression command

executes command if the Expression is matched within the first number bytes of the message body

-number Expression command

executes command if the Expression is matched within the last number bytes at the end of the message body

The Expression is negated when prefixed by a bang ("!").

Expressions

A Expression has one of the following form:

/ ... /

...

/ ... /e

for case insensitive extended regular expression

/ ... /E

for case sensitive extended regular expression

/ ... /b

for case insensitive basic regular expression

/ ... /B

for case sensitive basic regular expression

/ ... /p

for case insensitive perl compatible regular expression

/ ... /P

for case sensitive perl compatible regular expression

/ ... /pu

for case insensitive perl compatible regular expression with utf-8

/ ... /Pu

for case sensitive perl compatible regular expression with utf-8

/ ... /s

for case insensitive substring comparison

/ ... /S

for case sensitive substring comparison

/ ... /a

for case insensitive address list check

/ ... /A

for case sensitive address list check

’ ... ’

" ... "

/ ... /f

for case insensitive shell like (see fnmatch(3)) expression

/ ... /F

for case sensitive shell like (see fnmatch(3)) expression

/.../t

for case insensitive approximative regular expression. The form may be followed by some arguments to determine the level of approximation.

tx

x (between 0 and 9) is the maximum number of errors (inserted, substitued or deleted characters)

dx

x (between 0 and 9) is the maximum number of deleted characters.

ix

x (between 0 and 9) is the maximum number of inserted, characters.

sx

x (between 0 and 9) is the maximum number of substitued characters.

For example, "/.../t2s1i1" means two errors one substitution and one insertion maximum. Default is one error maximum.

/.../T

for case sensitive approximative regular expression.

$word

A special expression is created according the mailbox status or some current message content. Depending of word :

$return-path

expression matching an insensitive substring where pattern is the envelope forward path or the fixed string "MAILER-DAEMON" when empty

$mailinglists

checks if the header containts an address from the file set by the mailinglists.file parameter.

$alias

check if the header containts an address from the alias file set by the alias.file parameter.

Address list expressions are list of mailboxes (see RFC2822) separated by a coma. The check verifies if the tested header contains at least one of the mailboxes of the list. If an address from the expression start by a ’@’, every addresses from the domain following the ’@’ are matched.

User filter commands list

deliver

deliver folder

deliver the message in the maildir, into an optional folder and finish filter. When mail is delivered, the vacation message, if any is sent. This command finishs the filter parsing.

deliver2

deliver2 folder

deliver the message in the maildir, into an optional folder then continue filter parsing.

drop

drop text

drop quietly incoming mail and finish filter. Optional argument will used for logging. This command finishs the filter parsing.

bounce

bounce [-text] reason

bounce the message and send the given reason and finish filter. The -text first arguments, if any, may be logged but not forwarded in the error message. This command finish the filter parsing.

moved

moved address

moved @domain

moved phrase

bounce the message, sending back a return code telling the user has moved then finish the filter. If theyre is no argument, The return code tell the user has moved but theyre is no forwarding address. If the argument is in one word, the return code tell to try this word as new address. If this word begin with ’@’, the forwarding address is forged from the local part of the recipient address and the domain name following the ’@’. If the argument list as more than one word, this phrase will be returned to the sender.

trash

trash [-text] reason

deliver the message in Trash folder and finish filter. If the reason is not empty, a bounce will be send to sender. The -text first arguments, if any, may be logged but not forwarded in the error message. This command finish the filter parsing.

archive

archive format

deliver the message in the folder defined by format then stop the filter. In format, the following sequences are expanded according the current date:

%%

the ’%’ character.

%y

the current year (2004, etc...)

%m

the current month with two digits (between 01 and 12)

%d

the current day with two digits (between 01 and 31)

archive2

archive2 format

deliver the message in the folder defined by format and continue filter parsing. The format is expanded as in "archive" command.

forward addresse

forward the message to the given e-mail address and finish filter. This command finish the filter parsing.

forward2 addresse

forward the message to the given e-mail address and continue filter parsing.

pipe command args...

pipe -folder command args...

send the message to the external command. If a folder is specified, prefixed by ’-’, the command output will be delivered in this folder. When no folder, the output is dropped. The command shall have no ’/’ character. The search path is taken from the pipe.path configuration ACL. When empty, piping is denied. This command finish the filter parsing.

default localpart@domain

default folder

default

set the default mail delivery method when no final action occurs. The argument may be empty (deliver into INBOX), a folder name or a foreign e-mail adress (with the character "@" inside).

stop

stop the filter file then use the default mail delivery method.

stow [directory]

deliver the message in the folder whose name is the recipient extension in lowercase into the optional directory, (i.e. the maildir is directory.extension) and finish filter parsing if this maildir already exists.

score +value

score -value

score *value

score /value

score %value

score =value

add, substract, multiply, divide, get the modulo or set the score with the scalar value.

skipto label

ignore lines until the given label.

trace [-header|--header ...] message

add message if not empty in the Trace log field. If an option -header is present, add this header in the log file. If an option --header is present, does not log this header.

vacation line

add a line to vacation message. The full vacation message will be sent only if a maildir delivery occurs.

log [+-]event[,[+-]event][,...]

change the user log event mask. If event is preceded by a + or a - its is added, removed from the mask. If not, the mask is set to the list of following events.

event is one of

deliver

the message has be delivered somewhere in the mailbox

bounce

an error has been sent to the sender

drop

the message has disapear

forward

the message has been forwared to an outside address

error

an error happened somewhere

all

on

yes

any event

none

off

no

no event

errors are alway logged unless -error is explicitly specified. An action will be logged in the user log file if this file can be opened and an event which caused the action is in the mask.

logrotate [hours]

force log rotation. If hour is specified, it’s the minimal delay allowed between forced rotations.

timezone [timezone]

set the time zone for date display. Empty value sets the system configured time zone.

header_set x [header ... ]

Mark the message headers who match the header arguments beeing into the set of headers x. Header sets name are one letter (from ’a’ to ’z’) and are case insensitive. Subsequent non blanks characters are skipped. For example, the following two line marks identicaly the same set of headers:

  : header_set f     From Sender Return-Path Reply-To
  : header_set From  From Sender Return-Path Reply-To

add Header: text

Add the given header in the message

blacklist nick1[,nick2, ...] [Header: text]

For each nick, look in the message Received headers if the relaying IP address is present or in the Return-Path domain in a blacklist service according to the rbl.server or rhsbl.server directive in the config file. If the header option is present, add the optional header in the message expanding the following character sequence:

%q

the queried ip address or domain

%r

the blacklist nick name

%d

the domain queried

%p

the nth Received header

%a

the returned A record

%t

the returned TXT record

Default message for "bounce" filter command will be changed according the returned TXT if any.

extension [ext]

Change the recipient extension for the stow command. At start of the filter, the extension the string following the character defined in recipient.delimiter in local part of recipient address.

syslog hostname

Log the action summary to the hostname in argument. If hostname is empty, remove user syslog logging. hostname is checked according syslog.acl access lists. Use syslog logging are send at level LOG_INFO and facility LOG_MAIL.

debug

Start debuging the filter actions. At the end of filter, a report will be delivered in default destination if filter.debug.msg is set for this mailbox.

mod name [header]

Execute the module name and add the returned module message in user header header (second argument) or X-Module-name. Module syntax is defined in the Filtering with modules section.

antivirus header

antivirus +header

Scan the message with the configured antivirus. Add the result within an header unless a scanning error occurs. If the -header form is used, the header will be added only when a virus is found. Default argument is the value of av.default.header parameter.

spamassassin

spamassassin prefix

Check the message on a SpamAssassin server within spamassassin.servers list then fill the private header X-Spam-Status and X-Spam-Levelwith returned informations. When prefix is specified, it replace the X-Spam

/usr/local/etc/lmtpd.conf - default configuration file.

/usr/local/etc/lmtpd-filter.pl - default perl filter (if server is compiled with perl support)

/var/spool/lmtpd - default spool directory (may be changed within the configuration).

$HOME/Maildir - user mail directories.

Local mail delivery in Maildir does not strictly follow qmail specification:

- Use of mkstemp(3) to create "tmp" files instead of stating and retrying every 2 seconds with a different timestamps.

- Theyre is no 24 hour timer to retry delivery in "new". In case of failure, lmtpd immediately sends a tanscient error message to the client.

Too many spelling mistakes in manual (Thanks Thomas CP Lee for corrections).

maildir(5), re_format(7), fnmatch(3), pcre(3), sendmail(8), home.conf(5)

Laurent Wacrenier <lwa@teaser.fr>