NAME
binmail - local mail delivery agent for sendmail
SYNOPSIS
binmail [ -bdhlqv ] [ -n num ] [ -s num ] [ -r|-f sender ] person
DESCRIPTION
Binmail is the local delivery agent used by sendmail(8). As such it is not a user tool. The message given as standard input is appended to the indicated user's mail box.
Binmail returns an exit status code indicating success (the message was delivered), a fatal error (the message cannot be delivered and should be returned to the sender), or a nonfatal error (the message could not be delivered but should be tried again later). See status codes documented in sysexits.h.
OPTIONS
The -b option checks that users don't have bad shells. If the user's shell is not returned by getusershell(3) then the message should not be delivered to the user. This helps to control message delivery to accounts that have been expired but not removed.
The -d option is required to effect delivery of a message and preserves a compatiblity with other versions of binmail.
The -h option tells binmail to deliver to $HOME/INBOX instead of the shared mail spool area.
The -l option forces the old lock file strategy. Normally binmail only uses flock(2) to lock a mail box. With this option it will use old fashioned lock files and flock(2). Unfortunately there still are many systems still using the old method. Stale lock files are ignored and logged with syslog(3).
The -n option defines the number of locking attempts. If either lock cannot be grabbed after several attempts binmail returns an exit status which sendmail(8) honors to retry delivery later. Default value is 5 attempts.
The -s option defines the age in seconds for a stale lock file. A stale lock file will be ignored under the assumption that some process didn't clean up. Default value is 10 minutes (ie. 600 seconds).
The -q option means that mail should honour any quota for `person'
The -v option means that input can be taken verbatim and appended to the users mail box. Normally messages are delivered with a new "From user date" line and all "From " lines are escaped with a `>'. Sendmail(8) can be configured to give binmail a properly formatted message.
The -f and -r options are methods for specifying an alternate sender address to be inserted on the "From user date" line. With the verbatim option the sender specification is not used in the construction of the "From " line. However, it is used in the determination of whether or not quotas should be honored. When using the -f or -r flag and the sender is "root@*" or "MAIL-DAEMON@*", mail will be delivered even if the recipient is over quota. This helps to control message delivery to accounts that are over quota and inactive but not removed but still ensure that overquota reminders ARE mailed.
BUGS
Binmail will not send to multiple recipients (which is a feature in my mind). There are probably others but they are well hidden.
Be aware that aggressive retries can have adverse impact on your system. When delivery fails it's probably wiser to exit quickly with a try again exit status than to sleep and retry again. You can, if you're not careful, easily fill your process table with instances waiting on locks.
SECURITY
Several problems with the original binmail and delivermail programs are addressed by this version:
Firstly, this version is not installed setuid root and it will only deliver mail. It includes no user agent services as found in other versions. This means the code is considerably simpler, easier to verify, and more secure.
This version is instrumented to log any suspicious problems encountered with syslog(3).
There was a problem with file links. This version is very careful to make sure that mail is delivered to the right place.
Because a kernel lock (lockf(3c or flock(3B)) can only be granted on an open file, it is possible to be granted a lock to a file that no longer exists except through the file descriptor that got the lock. Another process, even one honouring locks, could legitimately change the file between the open(2) and the kernel lock call. Binmail uses stat(2) and fstat(2) to ensure that the file being locked (and therefore written to) is the correct one.
FILES
/var/mail/user incoming mail for user
$HOME/INBOX incoming mail for user if -h option used /var/mail/user.lock lock file for user mail box $HOME/INBOX.lock lock file for user mail box if -h option used
SEE ALSO
BEWARE
When using the -q option, binmail will deliver mail setuid(recipient). If -h is not specified, then binmail will attempt to create a lock file in the system mailbox under the UID of the recipient. The system mailbox must be mode 1777 (ie: world writable), in which case binmail may be installed mode 755 or the system mailbox must be mode 0775 and binmail installed mode 2750 with the group ownership the same as that of the system mailbox. It is important that binmail not be installed both setgid and world executable as it allows ordinary users to directly append to other user's mailbox. Ordinary users should not be able to use binmail in this fashion, the proper way to do this is via sendmai(8) ).
AUTHOR
This version owes some of it's origins to the original version 7 UNIX system mail program and delivermail(1) of UCB as distributed with Sendmail 5.65; however, very little code remains from either.