1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 5<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 6<title> Postfix manual - proxymap(8) </title> 7</head> <body> <pre> 8PROXYMAP(8) PROXYMAP(8) 9 10<b>NAME</b> 11 proxymap - Postfix lookup table proxy server 12 13<b>SYNOPSIS</b> 14 <b>proxymap</b> [generic Postfix daemon options] 15 16<b>DESCRIPTION</b> 17 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write table lookup 18 service to Postfix processes. These services are implemented with dis- 19 tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose 20 of these services is: 21 22 <b>o</b> To overcome chroot restrictions. For example, a chrooted SMTP 23 server needs access to the system passwd file in order to reject 24 mail for non-existent local addresses, but it is not practical 25 to maintain a copy of the passwd file in the chroot jail. The 26 solution: 27 28 <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = 29 <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a> 30 31 <b>o</b> To consolidate the number of open lookup tables by sharing one 32 open table among multiple processes. For example, making mysql 33 connections from every Postfix daemon process results in "too 34 many connections" errors. The solution: 35 36 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = 37 <a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf 38 39 The total number of connections is limited by the number of 40 proxymap server processes. 41 42 <b>o</b> To provide single-updater functionality for lookup tables that 43 do not reliably support multiple writers (i.e. all file-based 44 tables). 45 46 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests: 47 48 <b>open</b> <i>maptype:mapname flags</i> 49 Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled 50 by <i>flags</i>. The reply includes the <i>maptype</i> dependent flags (to 51 distinguish a fixed string table from a regular expression ta- 52 ble). 53 54 <b>lookup</b> <i>maptype:mapname flags key</i> 55 Look up the data stored under the requested key. The reply is 56 the request completion status code and the lookup result value. 57 The <i>maptype:mapname</i> and <i>flags</i> are the same as with the <b>open</b> 58 request. 59 60 <b>update</b> <i>maptype:mapname flags key value</i> 61 Update the data stored under the requested key. The reply is 62 the request completion status code. The <i>maptype:mapname</i> and 63 <i>flags</i> are the same as with the <b>open</b> request. 64 65 To implement single-updater maps, specify a process limit of 1 66 in the <a href="master.5.html">master.cf</a> file entry for the <b>proxywrite</b> service. 67 68 This request is supported in Postfix 2.5 and later. 69 70 <b>delete</b> <i>maptype:mapname flags key</i> 71 Delete the data stored under the requested key. The reply is 72 the request completion status code. The <i>maptype:mapname</i> and 73 <i>flags</i> are the same as with the <b>open</b> request. 74 75 This request is supported in Postfix 2.5 and later. 76 77 <b>sequence</b> <i>maptype:mapname flags function</i> 78 Iterate over the specified database. The <i>function</i> is one of 79 DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. The reply is the 80 request completion status code and a lookup key and result 81 value, if found. 82 83 This request is supported in Postfix 2.9 and later. 84 85 The request completion status is one of OK, RETRY, NOKEY (lookup failed 86 because the key was not found), BAD (malformed request) or DENY (the 87 table is not approved for proxy read or update access). 88 89 There is no <b>close</b> command, nor are tables implicitly closed when a 90 client disconnects. The purpose is to share tables among multiple 91 client processes. 92 93<b>SERVER PROCESS MANAGEMENT</b> 94 <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a> server. 95 Each server can handle multiple simultaneous connections. When all 96 servers are busy while a client connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new 97 <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server process, provided that the process limit is not 98 exceeded. Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b> 99 clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time. 100 101<b>SECURITY</b> 102 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved via the 103 <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does not 104 talk to users, and can run at fixed low privilege, chrooted or not. 105 However, running the proxymap server chrooted severely limits usabil- 106 ity, because it can open only chrooted tables. 107 108 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be 109 used to look up sensitive information such as UNIX user or group IDs, 110 mailbox file/directory names or external commands. 111 112 In Postfix version 2.2 and later, the proxymap client recognizes 113 requests to access a table for security-sensitive purposes, and opens 114 the table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by 115 sensitive and non-sensitive processes. 116 117 Postfix-writable data files should be stored under a dedicated direc- 118 tory that is writable only by the Postfix mail system, such as the 119 Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. 120 121 In particular, Postfix-writable files should never exist in root-owned 122 directories. That would open up a particular type of security hole 123 where ownership of a file or directory does not match the provider of 124 its content. 125 126<b>DIAGNOSTICS</b> 127 Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. 128 129<b>BUGS</b> 130 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple clients, and must 131 therefore not be used for tables that have high-latency lookups. 132 133 The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly close lookup 134 tables (even if it did, this could not be relied on, because the 135 process may be terminated between table updates). The read-write ser- 136 vice should therefore not be used with tables that leave persistent 137 storage in an inconsistent state between updates (for example, CDB). 138 Tables that support "sync on update" should be safe (for example, 139 Berkeley DB) as should tables that are implemented by a real DBMS. 140 141<b>CONFIGURATION PARAMETERS</b> 142 On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>proxymap</b>(8)</a> relevant 143 changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the command "<b>postfix reload</b>" to 144 speed up a change. 145 146 The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for 147 more details including examples. 148 149 <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> 150 The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- 151 figuration files. 152 153 <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b> 154 The directory with Postfix-writable data files (for example: 155 caches, pseudo-random numbers). 156 157 <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> 158 How much time a Postfix daemon process may take to handle a 159 request before it is terminated by a built-in watchdog timer. 160 161 <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> 162 The time limit for sending or receiving information over an 163 internal communication channel. 164 165 <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> 166 The maximum amount of time that an idle Postfix daemon process 167 waits for an incoming connection before terminating voluntarily. 168 169 <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> 170 The maximal number of incoming connections that a Postfix daemon 171 process will service before terminating voluntarily. 172 173 <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> 174 The process ID of a Postfix command or daemon process. 175 176 <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> 177 The process name of a Postfix command or daemon process. 178 179 <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b> 180 The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to 181 access for the read-only service. 182 183 Available in Postfix 2.5 and later: 184 185 <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b> 186 The directory with Postfix-writable data files (for example: 187 caches, pseudo-random numbers). 188 189 <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b> 190 The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to 191 access for the read-write service. 192 193 Available in Postfix 3.3 and later: 194 195 <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> 196 The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. 197 198<b>SEE ALSO</b> 199 <a href="postconf.5.html">postconf(5)</a>, configuration parameters 200 <a href="master.5.html">master(5)</a>, generic daemon options 201 202<b>README FILES</b> 203 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 204 205<b>LICENSE</b> 206 The Secure Mailer license must be distributed with this software. 207 208<b>HISTORY</b> 209 The proxymap service was introduced with Postfix 2.0. 210 211<b>AUTHOR(S)</b> 212 Wietse Venema 213 IBM T.J. Watson Research 214 P.O. Box 704 215 Yorktown Heights, NY 10598, USA 216 217 Wietse Venema 218 Google, Inc. 219 111 8th Avenue 220 New York, NY 10011, USA 221 222 PROXYMAP(8) 223</pre> </body> </html> 224