Man Linux: Main Page and Category List


       maildrop - mail delivery filter/agent


       maildrop [option...] [-d user] [arg...]

       maildrop [option...] [filename] [arg...]


       maildrop is a replacement local mail delivery agent that includes a
       mail filtering language. The system administrator can either replace
       the existing mail delivery agent with maildrop, or users may run
       maildrop using the ´forward to program´ mechanism of the existing mail
       delivery agent.

       maildrop first reads the E-mail message on standard input. Trailing
       carriage return characters are automatically stripped. An E-mail
       message consists of header lines, followed by a blank line, followed by
       the contents of the message. The message may contain an mbox-style
       From_ line before the first header line. If the message does not
       contain a From_ line, maildrop will create one (if needed).

       If the file /etc/maildroprc exists, mail delivery or mail filtering
       instructions are read from that file.  maildrop´s delivery/filtering
       instructions may direct maildrop to save the message in specific
       mailbox, discard it, return it to sender, or forward it to a different
       E-mail address.

       If /etc/maildroprc does not exist, or its mail delivery instructions do
       not completely dispose of this message, maildrop then reads the mail
       delivery instructions from $HOME/.mailfilter. If it doesn´t exist, or
       its mail delivery instructions do not completely dispose of the
       message, maildrop then saves the E-mail message in the default mailbox.

       maildrop knows how to deliver mail to an standard mailbox files; it
       also knows how to deliver to maildirs. A maildir is a directory-based
       mail format used by the Courier[1] and Qmail[2] mail servers. Many
       other mail servers also know how to read maildirs. When delivering to
       mailbox files, maildrop will lock the mailbox for the duration of the

       At least one mail program writes an empty line before a From_ header
       when saving a message into a file.  maildrop ignores empty lines at the
       beginning of messages. Therefore, maildrop requires that every message
       must have at least one header line.

       This is the general mail delivery behavior. There are minor differences
       in behavior depending on maildrop delivery mode, which is determined
       based on how maildrop was started.  maildrop uses three different
       primary operating modes:

       Manual mode
           A file containing filtering instructions - filename is specified as
           an argument to the maildrop command.  maildrop reads this filename
           (after /etc/maildroprc) and follows the instructions in it. Unless
           the message is explicitly forwarded, bounced, deleted, or delivered
           to a specific mailbox, it will be delivered to the user´s system

       Delivery mode

           maildrop is the mail server´s mail delivery agent.  maildrop runs
           in delivery mode when no filename is specified on the command line.
           maildrop changes the current directory to the user´s home
           directory, then reads /etc/maildroprc, then $HOME/.mailfilter.

       Embedded mode

           maildrop functions as a part of another application. The embedded
           mode is used by the Courier[1] mail server to integrate mail
           filtering directly into the process of receiving mail from a remote
           mail relay, thus rejecting unwanted mail before it is even accepted
           for local mail delivery. Embedded mode is used when either the -m,
           or the -M, option is specified, and is described below. See below
           for a more extensive description of the embedded mode.


       It is safe to install maildrop as a root setuid program.  The Courier
       mail server[1] installs maildrop as a root setuid program by default,
       in order to be able to use maildrop in embedded mode. If root runs
       maildrop (or it is setuided to root) the -d option may be used to
       specify the message´s recipient.  maildrop immediately resets its
       userid to the one specified by the -d option. The user´s
       $HOME/.mailfilter is read (if it exists), and the message is delivered
       to the indicated user.

       The system administrator can configure maildrop to restrict the -d
       option for everyone except the mail system itself.

       If in delivery mode the user´s home directory has the sticky bit set,
       maildrop immediately terminates with an exit code of EX_TEMPFAIL,
       without doing anything. Mail servers interpret the EX_TEMPFAIL exit
       code as a request to reschedule the message for another delivery
       attempt later. Setting the sticky bit allows $HOME/.mailfilter to be
       edited while temporarily holding all incoming mail.

       maildrop also terminates with EX_TEMPFAIL if the user´s home directory
       has world write permissions.

       maildrop immediately terminates with EX_TEMPFAIL if the filename is not
       owned by the user, or if it has any group or world permissions. This
       includes read permissions. The permissions on $HOME/.mailfilter may
       only include read and write privileges to the user.

       When using the special embedded mode (see below) maildrop immediately
       terminates with the exit code set to EX_TEMPFAIL if $HOME/.mailfilters
       is not owned by the user, or if it has any group or world permissions.


       maildrop is heavily optimized and tries to use as little resources as
       possible.  maildrop reads smalle messages into memory, then filters
       and/or delivers the message directly from memory. For larger messages,
       maildrop accesses the message directly from the file. If the standard
       input is not a file, maildrop writes the message to a temporary file,
       then accesses the message from the temporary file. The temporary file
       is automatically removed when the message is delivered.


           Makes the Courier Authentication Library usage mandatory, i.e.
           maildrop will throw a temporary error code if the call to the
           authlib mechanism fails for some reason, such as authdaemon being

               This setting may already be the default, depending on
               maildrop´s configuration.

       -A "Header: value"
           Adds an additional header to the message. Specifying -A "Foo: Bar"
           effectively adds this header to the message being delivered.

           The mail transport agent usually adds additional headers when
           delivering a message to a local mailbox. The way it´s usually done
           is by the mail transport agent sending the message using a pipe to
           the local delivery agent - such as maildrop - and adding some
           additional headers in the process. Because maildrop receives the
           message from a pipe, maildrop must either save the message in
           memory or write the message into a temporary file.

           The -A option enables the file containing the message to be
           provided to maildrop directly, as standard input, and the
           additional headers specified on the command line. Because the
           standard input is a file, maildrop will not need a temporary file.
           Multiple -A options may be specified.

       -d user
           Run maildrop in delivery mode for this user ID.

           The system administrator may optionally restrict the -d option to
           be available to the mail system only, so it may not be available to
           you. In all cases, the -d option is allowed if user is the same
           user who is running maildrop. Also, for the -d option to work at
           all, maildrop must be executed by root, or maildrop must be a
           root-owned program with the setuid bit set. Absence of a filename
           on maildrop´s command line implies the -d option for the user
           running maildrop.

           If -d is not specified, the first argument following all the
           options is a name of the file containing filtering instructions.
           The remaining arguments, if any, are assigned to the variables $1,
           $2, and so on (see "Environment"[3] and "Variable

       -f address
           Sets the FROM variable (message envelope sender) to address. The
           system administrator may optionally disable the -f option for
           users, so it may not be available to you.

           Run maildrop in embedded mode. It´s possible to use both the -m,
           and the -d options, but it doesn´t make much sense to do so. Even
           if you really wanted to run your message through someone else´s
           .mailfilter, that .mailfilter probably has at least one instruction
           which is not allowed in the embedded mode.

           The filename argument to maildrop should be specified.  filename is
           a file that includes filtering instructions to be processed in
           embedded mode. The -m option is used for debugging filter files
           which are later placed in $HOME/.mailfilters, and used with the -M

       -M filterfile
           Run maildrop in a special embedded mode. The -d option is implied
           when -M is used, and if absent it defaults to the userid running

           All the requirements for the -d option apply.  maildrop must either
           be executed by root, or the maildrop program must be owned by root
           with the setuid bit set.  maildrop immediately gives up root
           privileges by changing its user ID to the one specified by -d, then
           reads $HOME/.mailfilters/filterfile. For security reasons the name
           of the file may not begin with a slash or include periods.
           maildrop is very paranoid: both $HOME/.mailfilters, and
           $HOME/.mailfilters/filterfile must be owned by the user, and may
           not have any group or world permissions.

           The -M option allows for some friendly cooperation between the user
           running the application, and the user who provides a filter for the
           embedded mode. The user running the application can use someone
           else´s canned filter and be assured that the filter is not going to
           run amok and start sending mail or create files all over the place.
           The user who provides the filter can be assured that the
           environment variables are clean, and that there are no surprises.

           maildrop supports the concept of "default" filter files. If the
           file specified by the -M option cannot be found in
           $HOME/.mailfilters, maildrop will try to open
           $HOME/.mailfilters/filterfileprefix-default.  filterfileprefix is
           the initial part of filterfile up until the last ´-´ character in

           If $HOME/.mailfilters/filterfileprefix-default does not exist, and
           there are any other dashes left in filterfileprefix, maildrop
           removes the last dash and everything following it, then tries

           As a last resort maildrop tries to open $HOME/.mailfilters/default.

           For example, if the parameter to the -M option is
           mailfilter-lists-maildrop, maildrop will try to open the following
           files, in order:

           Note that maildrop looks for -default files ONLY if -M is used.

       -D uuu/ggg
           This option is reserved for use by the version of maildrop that
           comes integrated with the Courier mail server[1].

       -V level
           Initialize the VERBOSE variable to level. Because maildrop parses
           the entire before running it, this option is used to produce
           debugging output in the parsing phase. Otherwise, if filename has
           syntax errors, then no debugging output is possible because the
           VERBOSE variable is not yet set.

           -V is ignored when maildrop runs in delivery mode.

       -w N
           The -w N option places a warning message into the maildir if the
           maildir has a quota setting, and after the message was successfully
           delivered the maildir was at least N percent full. The warning
           message is copied verbatim from /etc/quotawarnmsg with the addition
           of the "Date:" and "Message-Id:" headers. The warning is repeated
           every 24 hours (at least), until the maildir drops below N percent


       If a filename is not specified on the command line, or if the -d option
       is used, maildrop will run in delivery mode. In delivery mode, maildrop
       changes to the home directory of the user specified by the -d option
       (or the user who is running maildrop if the -d option was not given)
       and reads $HOME/.mailfilter for filtering instructions.
       $HOME/.mailfilter must be owned by the user, and have no group or
       global permissions (maildrop terminates if it does).

       If $HOME/.mailfilter does not exist, maildrop will simply deliver the
       message to the user´s mailbox.

       If the file /etc/maildroprc exists, maildrop reads filtering
       instructions from this file first, before reading $HOME/.mailfilter.
       This allows the system administrator to provide global filtering
       instructions for all users.

           /etc/maildroprc is read only in delivery mode.


       The -d option can also specify a name of a virtual account or mailbox.
       See the makeuserdb(1) manual page in the Courier Authentication
       library´s documentation for more information.


       The embedded mode is used when maildrop´s filtering abilities are
       desired, but no actual mail delivery is needed. In embedded mode
       maildrop is executed by another application, and is passed the -m or
       the -M option.[5] maildrop reads the message, then runs the filtering
       rules specified in filename.

       filename may contain any filtering instructions EXCEPT the following:

       ‘ ... ‘
           Text strings delimited by back-tick characters (run shell command)
           are not allowed.

           The cc command is not allowed in embedded mode.

           The dotlock command is not allowed in embedded mode.

           The flock command is not allowed in embedded mode.

           In embedded mode, GDBM databases may be opened only for reading.

           The log command is not allowed in embedded mode.

           The logfile command is not allowed in embedded mode.

           The to command is not allowed in embedded mode.

           The xfilter command is not allowed in embedded mode.

       Normally when the filename does not explicitly delivers a message,
       maildrop will deliver the message to the user´s default mailbox. This
       is also disabled in embedded mode.

       The filename may communicate with the parent application by using the
       echo[13] statement and the EXITCODE environment variable.

       If maildrop encounters an include[14] statement where the filename
       starts with /etc/maildroprcs/, the normal restrictions for the embedded
       mode are suspended while executing the filter file in the
       /etc/maildroprcs directory. The restrictions are also suspended for any
       additional filter files that are included from /etc/maildroprcs. The
       restrictions resume once maildrop finishes executing the file from

       This allows the system administrator to have a controlled environment
       for running external commands (via the backticks, or the xfilter[12]

       The name of the file may not contain any periods (so that a creative
       individual can´t write include

       Before executing the commands in the /etc/maildroprcs file, maildrop
       automatically resets the following variables to their initial values:
       PATH, SENDMAIL, and SHELL. Please note that the previous values of
       these variables (if they were changed) will NOT be restored once
       maildrop finishes executing the commands from /etc/maildroprcs.


       maildrop has a watchdog timer that attempts to abort runaway filtering.
       If filtering is not complete within a predefined time interval (defined
       by the system administrator, usually five minutes), maildrop


           Sets user´s home directory, and related variables. If NIS/YP is
           install, that will be used as well.

           Global filtering instructions for delivery mode.

           System mailbox (actual directory defined by the system

           Program to forward mail (exact program defined by the system

           Filtering instructions in delivery mode.

           Directory containing files used in special embedded mode.


       lockmail(1)[15], maildropfilter(7)[16], makedat(1)[17],
       maildropgdbm(7)[9], maildropex(7)[18], reformail(1)[19],
       makemime(1)[20], reformime(1)[21], egrep(1), grep(1), , courier(8)[22],


        1. Courier

        2. Qmail

        3. "Environment"

        4. "Variable substitution"
           [set $man.base.url.for.relative.links]/maildropfilter.html#varsubst

        5. is passed the -m or the -M option.
           [set $man.base.url.for.relative.links]/#options

        6. cc
           [set $man.base.url.for.relative.links]/maildropfilter.html#cc

        7. dotlock
           [set $man.base.url.for.relative.links]/maildropfilter.html#dotlock

        8. flock
           [set $man.base.url.for.relative.links]/maildropfilter.html#flock

        9. gdbmopen
           [set $man.base.url.for.relative.links]/maildropgdbm.html

       10. log
           [set $man.base.url.for.relative.links]/maildropfilter.html#log

       11. to
           [set $man.base.url.for.relative.links]/maildropfilter.html#to

       12. xfilter
           [set $man.base.url.for.relative.links]/maildropfilter.html#xfilter

       13. echo
           [set $man.base.url.for.relative.links]/maildropfilter.html#echo

       14. include
           [set $man.base.url.for.relative.links]/maildropfilter.html#include

       15. lockmail(1)
           [set $man.base.url.for.relative.links]/lockmail.html

       16. maildropfilter(7)
           [set $man.base.url.for.relative.links]/maildropfilter.html

       17. makedat(1)
           [set $man.base.url.for.relative.links]/makedat.html

       18. maildropex(7)
           [set $man.base.url.for.relative.links]/maildropex.html

       19. reformail(1)
           [set $man.base.url.for.relative.links]/reformail.html

       20. makemime(1)
           [set $man.base.url.for.relative.links]/makemime.html

       21. reformime(1)
           [set $man.base.url.for.relative.links]/reformime.html

       22. courier(8)
           [set $man.base.url.for.relative.links]/courier.html