1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - proxymap(8) </title>
</head> <body> <pre>
PROXYMAP(8) PROXYMAP(8)
<b>NAME</b>
proxymap - Postfix lookup table proxy server
<b>SYNOPSIS</b>
<b>proxymap</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only table lookup
service to Postfix processes. The purpose of the service
is:
<b>o</b> To overcome chroot restrictions. For example, a
chrooted SMTP server needs access to the system
passwd file in order to reject mail for non-exis-
tent local addresses, but it is not practical to
maintain a copy of the passwd file in the chroot
jail. The solution:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
<b>o</b> To consolidate the number of open lookup tables by
sharing one open table among multiple processes.
For example, making mysql connections from every
Postfix daemon process results in "too many connec-
tions" errors. The solution:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
<a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf
The total number of connections is limited by the
number of proxymap server processes.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
<b>open</b> <i>maptype:mapname flags</i>
Open the table with type <i>maptype</i> and name <i>mapname</i>,
as controlled by <i>flags</i>. The reply includes the <i>map-</i>
<i>type</i> dependent flags (to distinguish a fixed string
table from a regular expression table).
<b>lookup</b> <i>maptype:mapname flags key</i>
Look up the data stored under the requested key.
The reply is the request completion status code
(below) and the lookup result value. The <i>map-</i>
<i>type:mapname</i> and <i>flags</i> are the same as with the
<b>open</b> request.
There is no <b>close</b> command, nor are tables implicitly
closed when a client disconnects. The purpose is to share
tables among multiple client processes.
<b>SERVER PROCESS MANAGEMENT</b>
<a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>mas-</b></a>
<a href="master.8.html"><b>ter</b>(8)</a> server. Each server can handle multiple simultane-
ous connections. When all servers are busy while a client
connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server
process, provided that the process limit is not exceeded.
Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.
<b>SECURITY</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved
via the <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> configuration parameter, does not
talk to users, and can run at fixed low privilege,
chrooted or not. However, running the proxymap server
chrooted severely limits usability, because it can open
only chrooted tables.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process,
and must not be used to look up sensitive information such
as user or group IDs, mailbox file/directory names or
external commands.
In Postfix version 2.2 and later, the proxymap client rec-
ognizes requests to access a table for security-sensitive
purposes, and opens the table directly. This allows the
same <a href="postconf.5.html">main.cf</a> setting to be used by sensitive and non-sen-
sitive processes.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple
clients, and must therefore not be used for tables that
have high-latency lookups.
<b>CONFIGURATION PARAMETERS</b>
On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>prox-</b></a>
<a href="proxymap.8.html"><b>ymap</b>(8)</a> relevant changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
allowed to access.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
The proxymap service was introduced with Postfix 2.0.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
PROXYMAP(8)
</pre> </body> </html>
|
