Because of security considerations (see below) dmail is not intended to be used for direct delivery by the mailer daemon; tmail(1) is the preferred tool for this purpose. If dmail is used for mailer daemon delivery, the mailer daemon must invoke dmail with the dmail process' user id set to the recipient's user id.
When dmail exits, it returns exit status values to enable procmail(1) to determine whether a message was delivered successfully or had a temporary (requeue for later delivery) or permanent (return to sender) failure.
If the user name is present, it must be the same as the logged-in user name.
If the +folder extension is included in the user argument (or appears by itself if there is no user argument), dmail will attempt to deliver to the designated folder. If the folder does not exist or the extension is not included, the message is delivered to the user's INBOX. If delivery is to INBOX and no INBOX currently exists, dmail will create a new INBOX. dmail recognizes the format of an existing INBOX or folder, and appends the new message in that format.
The -D flag specifies debugging; this enables additional message telemetry.
The -f or -r flag is used to specify a Return-Path.
The -s flag specifies that the message will be flagged as being "seen".
The -k flag is used to specify delivery keywords, which are
set on the message at delivery time if and only if the keywords are
already defined in the mailbox. Multiple keywords can be specified by using
a quoted string, e.g.,
dmail -k "$Junk Discard" +junkbox
However, this can also include such namespaces as #shared, #public, and #ftp. In most cases, it is undesirable to allow anybody sending mail to the user to deliver to these namespaces. Consequently, there needs to be a rule in place in the configuration of either sendmail(8) or procmail(1) to prevent such abuse.