User delivery specification file
The delivery of mail by the local channel can run through various cour‐
ses, including using a user tailorable file. The delivery follows the
following strategy, giving up at any point it considers the message
1) If the address indicates a pipe or file default then that is
2) The file .maildelivery (or something similar) in the home
directory is read if it exists and the actions in it are
3) A system-wide file is consulted next, such as
/usr/lib/maildelivery and the actions are similar to 2.
4) If the message still hasn't been delivered, then it is put
into the user's normal mailbox (.mail or mailbox) depending
on the system.
The format of the .maildelivery file is
field <FS> pattern <FS> action <FS> result <FS> string
field is name of a field that is to be searched for a pattern.
This is any header field that you might find in a message.
The most commonly used headers are usually From, to, cc, sub‐
ject and sender. As well as the standard headers, there are
some psuedo-headers that are can also be used. These are :-
source The out of band sender information. This is the
address MMDF would use for reporting delivery prob‐
lems with the message.
addr the address that was used to mail to you, normally
'yourname' or 'yourname=string' (see below).
default if the message hasn't been delivered yet, this
field is matched.
* this case is always true regardless of any other
pattern is some sequence of characters that may be matched in the
above field. Case is not significant.
action is one of the mail delivery actions supported by the local
channel. Currently the supported actions are file or >,
which appends the message to the given file, with delimiters;
pipe or |, which starts up a process with the message as the
standard input; and destroy which throws the message away.
There is also qpipe or ^, which fakes a pipe command and is
quicker than the standard pipe, but does not do header refor‐
For piped commands, the exit status of the command is signif‐
icant. An exit status of 0 implies that the command suc‐
ceeded and everything went well. An exit status of octal
0300-0377 indicates that a permanent failure occured and the
message should be rejected; these error codes are given in
mmdf.h. Any other exit status indicates a temporary failure
and the delivery attempt will be aborted and restarted at a
result is one of the letters A, R or ? which stand for Accept,
Reject and "Accept if not delivered yet". They have the fol‐
A If the result of this line's action is OK, then the
message can be considered delivered.
R The message is not to be considered delivered by
? This is equivalent to A except that the action is
not carried out if the message has already been
The file is always read completely so that several matches can be made,
and several actions taken. As a security check, the .maildelivery file
must be owned by either the user or root, and must not have group or
general write permission. In addition the system delivery file has the
above restrictions but must also be owned by root. If the field speci‐
fied does not need a pattern a dash (-) or similar symbol is usually
inserted to show that the field is present but not used. The field
separator character can be either a tab, space or comma (,). These
characters can be included in a string by quoting them with double
quotes (") (double quotes can be included with a backslash '\').
MMDF treats local addresses which contain an equals sign ('=') in a
special manner. Everything in a local address from an equals sign to
the '@' is ignored and passed on to the local channel. The local chan‐
nel will make the entire string available for matching against the addr
string of the .maildelivery file. For example, if you were to sub‐
scribe to a digest as "foo=digest@bar.NET", submit and the local chan‐
nel will verify that it is legal to deliver to "foo", but then the
entire string "foo=digest" will be available for string matching
against the .maildelivery file for the addr field.
The environment in which piped programs are run contains a few standard
HOME is set to the user's home directory.
USER is set to the user's login name.
SHELL is set to the user's login shell (defaults to /bin/sh).
The default umask is set up to 077, this gives a very protective cre‐
ation mask. Initgroups is called if the 4.2 version of UNIX is run‐
ning. If further requirements are needed, then a shell script can be
run first to set up more complex environments.
There are certain built-in variables that you can give to a piped pro‐
gram. These are $(sender), $(address), $(size), $(reply-to) and
$(info). $(sender) is set to the return address for the message.
$(address) is set to the address that was used to mail to you, normally
`yourname' or `yourname=string'. $(size) is set to the size in bytes
of this message. $(reply-to) is set to the Reply-To: field (or the
From: field if the former is missing) and so can be used for automatic
replies. $(info) is the info field from the internal mail header and
is probably only of interest to the system maintainers.
Here is a rough idea of what a .maildelivery file looks like:
# lines starting with a '#' are ignored.
# as are blank lines
# file mail with mmdf2 in the "To:" line into file mmdf2.log
To mmdf2 file A mmdf2.log
# Messages from mmdf pipe to the program err-message-archive
From mmdf pipe A err-message-archive
# Anything with the "Sender:" address "uk-mmdf-workers"
# file in mmdf2.log if not filed already
Sender uk-mmdf-workers file ? mmdf2.log
# "To:" unix - put in file unix-news
To Unix > A unix-news
# if the address is jpo=mmdf - pipe into mmdf-redist
Addr jpo=mmdf | A mmdf-redist
# if the address is jpo=ack - send an acknowledgement copy back
Addr jpo=ack | R "resend -r $(reply-to)"
# anything from steve - destroy!
from steve destroy A -
# anything not matched yet - put into mailbox
default - > ? mailbox
# always run rcvalert
* - | R rcvalert
$HOME/.maildelivery - the file's normal location.
/usr/lib/maildelivery - the system file. This should be protected
against attack. It may contain contents such as:
default - pipe A stdreceive
* - | R ttynotify
This allows interfacing to non-standard mail systems, ones that don't
believe in delimiter-separated mailboxes.
And why not?
1 October, 1985 MAILDELIVERY(5)