File: proxymap.8.html

package info (click to toggle)
postfix 2.3.8-2%2Betch1
  • links: PTS
  • area: main
  • in suites: etch
  • size: 15,744 kB
  • ctags: 11,426
  • sloc: ansic: 81,810; makefile: 10,743; sh: 7,874; perl: 2,468; awk: 41
file content (160 lines) | stat: -rw-r--r-- 7,914 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - proxymap(8) </title>
</head> <body> <pre>
PROXYMAP(8)                                                        PROXYMAP(8)

<b>NAME</b>
       proxymap - Postfix lookup table proxy server

<b>SYNOPSIS</b>
       <b>proxymap</b> [generic Postfix daemon options]

<b>DESCRIPTION</b>
       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  provides  read-only table lookup
       service to Postfix processes. The purpose of  the  service
       is:

       <b>o</b>      To  overcome  chroot  restrictions.  For example, a
              chrooted SMTP server needs  access  to  the  system
              passwd  file  in order to reject mail for non-exis-
              tent local addresses, but it is  not  practical  to
              maintain  a  copy  of the passwd file in the chroot
              jail.  The solution:

              <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
                  <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>

       <b>o</b>      To consolidate the number of open lookup tables  by
              sharing  one  open  table among multiple processes.
              For example, making mysql  connections  from  every
              Postfix daemon process results in "too many connec-
              tions" errors. The solution:

              <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
                  <a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf

              The total number of connections is limited  by  the
              number of proxymap server processes.

       The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:

       <b>open</b> <i>maptype:mapname flags</i>
              Open  the table with type <i>maptype</i> and name <i>mapname</i>,
              as controlled by <i>flags</i>. The reply includes the <i>map-</i>
              <i>type</i> dependent flags (to distinguish a fixed string
              table from a regular expression table).

       <b>lookup</b> <i>maptype:mapname flags key</i>
              Look up the data stored under  the  requested  key.
              The  reply  is  the  request completion status code
              (below) and the  lookup  result  value.   The  <i>map-</i>
              <i>type:mapname</i>  and  <i>flags</i>  are  the same as with the
              <b>open</b> request.

       There is no  <b>close</b>  command,  nor  are  tables  implicitly
       closed  when a client disconnects. The purpose is to share
       tables among multiple client processes.

<b>SERVER PROCESS MANAGEMENT</b>
       <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix  <a href="master.8.html"><b>mas-</b></a>
       <a href="master.8.html"><b>ter</b>(8)</a> server.  Each server can handle multiple simultane-
       ous connections.  When all servers are busy while a client
       connects,  the  <a href="master.8.html"><b>master</b>(8)</a> creates a new <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server
       process, provided that the process limit is not  exceeded.
       Each  server  terminates  after  serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
       clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.

<b>SECURITY</b>
       The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved
       via  the <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> configuration parameter, does not
       talk to  users,  and  can  run  at  fixed  low  privilege,
       chrooted  or  not.   However,  running the proxymap server
       chrooted severely limits usability, because  it  can  open
       only chrooted tables.

       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  is not a trusted daemon process,
       and must not be used to look up sensitive information such
       as  user  or  group  IDs,  mailbox file/directory names or
       external commands.

       In Postfix version 2.2 and later, the proxymap client rec-
       ognizes  requests to access a table for security-sensitive
       purposes, and opens the table directly.  This  allows  the
       same  <a href="postconf.5.html">main.cf</a> setting to be used by sensitive and non-sen-
       sitive processes.

<b>DIAGNOSTICS</b>
       Problems and transactions are logged to <b>syslogd</b>(8).

<b>BUGS</b>
       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  provides  service  to   multiple
       clients,  and  must  therefore not be used for tables that
       have high-latency lookups.

<b>CONFIGURATION PARAMETERS</b>
       On busy mail systems a long time  may  pass  before  <a href="proxymap.8.html"><b>prox-</b></a>
       <a href="proxymap.8.html"><b>ymap</b>(8)</a> relevant changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the
       command "<b>postfix reload</b>" to speed up a change.

       The text below provides  only  a  parameter  summary.  See
       <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.

       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
              <a href="master.5.html">master.cf</a> configuration files.

       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
              How much time a Postfix daemon process may take  to
              handle  a  request  before  it  is  terminated by a
              built-in watchdog timer.

       <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
              The time limit for sending or receiving information
              over an internal communication channel.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
              The  maximum  amount  of  time that an idle Postfix
              daemon process waits for the next  service  request
              before exiting.

       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
              The  maximal number of connection requests before a
              Postfix daemon process terminates.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
              The process ID  of  a  Postfix  command  or  daemon
              process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
              The  process  name  of  a Postfix command or daemon
              process.

       <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
              The lookup tables that the  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  is
              allowed to access.

<b>SEE ALSO</b>
       <a href="postconf.5.html">postconf(5)</a>, configuration parameters
       <a href="master.5.html">master(5)</a>, generic daemon options

<b>README FILES</b>
       <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview

<b>LICENSE</b>
       The Secure Mailer license must be  distributed  with  this
       software.

<b>HISTORY</b>
       The proxymap service was introduced with Postfix 2.0.

<b>AUTHOR(S)</b>
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

                                                                   PROXYMAP(8)
</pre> </body> </html>