The pipe channel is used to perform delivery via per-user site-supplied programs. It provides a similar functionality to sendmail's pipe (|). The following differences are designed to not pose a security threat. First, delivery programs to be invoked by the pipe channel need to be "registered" by the system administrator. This registration is done performed via the imta program utility. See "imta program" on page 99 for information about imta program.
Second, unlike the sendmail pipe functionality, the IMTA pipe channel does not pipe the message to be processed to the program or script. Instead, it writes the message to be processed to a temporary file and then forks a subprocess to run the site-supplied command for that message. That command should make use of the name of the temporary file which can be substituted into the command by the channel. The temporary file should not be deleted or altered by the subprocess; the channel will delete the temporary file itself. If it is not possible to prevent the subprocess from disrupting the file, then the pipe channel should be marked with the single channel keyword.
Delivery programs invoked by the pipe channel must return meaningful error codes so that the channel knows whether to dequeue, deliver for later processing, or return messages.
If the subprocess exits with exit code of 0 (EX_OK), the message is presumed to have been delivered successfully and is removed from IMTA's queues. If it exits with an exit code of 71, 74, 75, or 79 (EX_OSERR, EX_IOERR, EX_TEMPFAIL, or EX_DB), a temporary error is presumed to have occurred and delivery of the message is deferred. If any other exit code is returned, then the message will be returned to its originator as undeliverable. These exit codes are defined in the system header file sysexits.h.