Locking should (safely) be done by spawing a copy of mail.local for the duration of the operation. This is designed to be safe even when using NFS spools.
NFS spools are the reason people kept running into trouble trying to design something safe. A few years ago we settled on this method which is safe. Lots of mailer programs want direct access to the spool, and will do it wrong. Proper locking in an NFS directory like that is hard. This makes it easier.
