223 lines
12 KiB
HTML
223 lines
12 KiB
HTML
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
"https://www.w3.org/TR/html4/loose.dtd">
|
|
<html> <head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
|
|
<title> Postfix manual - proxymap(8) </title>
|
|
</head> <body> <pre>
|
|
PROXYMAP(8) PROXYMAP(8)
|
|
|
|
<b><a name="name">NAME</a></b>
|
|
proxymap - Postfix lookup table proxy server
|
|
|
|
<b><a name="synopsis">SYNOPSIS</a></b>
|
|
<b>proxymap</b> [generic Postfix daemon options]
|
|
|
|
<b><a name="description">DESCRIPTION</a></b>
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write table lookup
|
|
service to Postfix processes. These services are implemented with dis-
|
|
tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose
|
|
of these services is:
|
|
|
|
<b>o</b> To overcome chroot restrictions. For example, a chrooted SMTP
|
|
server needs access to the system passwd file in order to reject
|
|
mail for non-existent local addresses, but it is not practical
|
|
to maintain a copy of the passwd file in the chroot jail. The
|
|
solution:
|
|
|
|
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
|
|
<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
|
|
|
|
<b>o</b> To consolidate the number of open lookup tables by sharing one
|
|
open table among multiple processes. For example, making mysql
|
|
connections from every Postfix daemon process results in "too
|
|
many connections" errors. The solution:
|
|
|
|
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
|
|
<a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf
|
|
|
|
The total number of connections is limited by the number of
|
|
proxymap server processes.
|
|
|
|
<b>o</b> To provide single-updater functionality for lookup tables that
|
|
do not reliably support multiple writers (i.e. all file-based
|
|
tables that are not based on <b>lmdb</b>).
|
|
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
|
|
|
|
<b>open</b> <i>maptype:mapname flags</i>
|
|
Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled
|
|
by <i>flags</i>. The reply includes the <i>maptype</i> dependent flags (to
|
|
distinguish a fixed string table from a regular expression ta-
|
|
ble).
|
|
|
|
<b>lookup</b> <i>maptype:mapname flags key</i>
|
|
Look up the data stored under the requested key. The reply is
|
|
the request completion status code and the lookup result value.
|
|
The <i>maptype:mapname</i> and <i>flags</i> are the same as with the <b>open</b>
|
|
request.
|
|
|
|
<b>update</b> <i>maptype:mapname flags key value</i>
|
|
Update the data stored under the requested key. The reply is
|
|
the request completion status code. The <i>maptype:mapname</i> and
|
|
<i>flags</i> are the same as with the <b>open</b> request.
|
|
|
|
To implement single-updater maps, specify a process limit of 1
|
|
in the <a href="master.5.html">master.cf</a> file entry for the <b>proxywrite</b> service.
|
|
|
|
This request is supported in Postfix 2.5 and later.
|
|
|
|
<b>delete</b> <i>maptype:mapname flags key</i>
|
|
Delete the data stored under the requested key. The reply is
|
|
the request completion status code. The <i>maptype:mapname</i> and
|
|
<i>flags</i> are the same as with the <b>open</b> request.
|
|
|
|
This request is supported in Postfix 2.5 and later.
|
|
|
|
<b>sequence</b> <i>maptype:mapname flags function</i>
|
|
Iterate over the specified database. The <i>function</i> is one of
|
|
DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. The reply is the
|
|
request completion status code and a lookup key and result
|
|
value, if found.
|
|
|
|
This request is supported in Postfix 2.9 and later.
|
|
|
|
The request completion status is one of OK, RETRY, NOKEY (lookup failed
|
|
because the key was not found), BAD (malformed request) or DENY (the
|
|
table is not approved for proxy read or update access).
|
|
|
|
There is no <b>close</b> command, nor are tables implicitly closed when a
|
|
client disconnects. The purpose is to share tables among multiple
|
|
client processes.
|
|
|
|
<b><a name="server_process_management">SERVER PROCESS MANAGEMENT</a></b>
|
|
<a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
|
|
Each server can handle multiple simultaneous connections. When all
|
|
servers are busy while a client connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new
|
|
<a href="proxymap.8.html"><b>proxymap</b>(8)</a> server process, provided that the process limit is not
|
|
exceeded. Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
|
|
clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.
|
|
|
|
<b><a name="security">SECURITY</a></b>
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved via the
|
|
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does not
|
|
talk to users, and can run at fixed low privilege, chrooted or not.
|
|
However, running the proxymap server chrooted severely limits usabil-
|
|
ity, because it can open only chrooted tables.
|
|
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be
|
|
used to look up sensitive information such as UNIX user or group IDs,
|
|
mailbox file/directory names or external commands.
|
|
|
|
In Postfix version 2.2 and later, the proxymap client recognizes
|
|
requests to access a table for security-sensitive purposes, and opens
|
|
the table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by
|
|
sensitive and non-sensitive processes.
|
|
|
|
Postfix-writable data files should be stored under a dedicated direc-
|
|
tory that is writable only by the Postfix mail system, such as the
|
|
Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
|
|
|
|
In particular, Postfix-writable files should never exist in root-owned
|
|
directories. That would open up a particular type of security hole
|
|
where ownership of a file or directory does not match the provider of
|
|
its content.
|
|
|
|
<b><a name="diagnostics">DIAGNOSTICS</a></b>
|
|
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
|
|
|
|
<b><a name="bugs">BUGS</a></b>
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple clients, and must
|
|
therefore not be used for tables that have high-latency lookups.
|
|
|
|
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly close lookup
|
|
tables (even if it did, this could not be relied on, because the
|
|
process may be terminated between table updates). The read-write ser-
|
|
vice should therefore not be used with tables that leave persistent
|
|
storage in an inconsistent state between updates (for example, CDB).
|
|
Tables that support "sync on update" should be safe (for example,
|
|
Berkeley DB) as should tables that are implemented by a real DBMS.
|
|
|
|
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
|
|
On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>proxymap</b>(8)</a> relevant
|
|
changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the command "<b>postfix reload</b>" to
|
|
speed up a change.
|
|
|
|
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
|
|
more details including examples.
|
|
|
|
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
|
|
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
|
|
figuration files.
|
|
|
|
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
|
|
The directory with Postfix-writable data files (for example:
|
|
caches, pseudo-random numbers).
|
|
|
|
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
|
|
How much time a Postfix daemon process may take to handle a
|
|
request before it is terminated by a built-in watchdog timer.
|
|
|
|
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
|
|
The time limit for sending or receiving information over an
|
|
internal communication channel.
|
|
|
|
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
|
|
The maximum amount of time that an idle Postfix daemon process
|
|
waits for an incoming connection before terminating voluntarily.
|
|
|
|
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
|
|
The maximal number of incoming connections that a Postfix daemon
|
|
process will service before terminating voluntarily.
|
|
|
|
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
|
|
The process ID of a Postfix command or daemon process.
|
|
|
|
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
|
|
The process name of a Postfix command or daemon process.
|
|
|
|
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
|
|
The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
|
|
access for the read-only service.
|
|
|
|
Available in Postfix 2.5 and later:
|
|
|
|
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
|
|
The directory with Postfix-writable data files (for example:
|
|
caches, pseudo-random numbers).
|
|
|
|
<b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b>
|
|
The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
|
|
access for the read-write service.
|
|
|
|
Available in Postfix 3.3 and later:
|
|
|
|
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
|
|
The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
|
|
|
|
<b><a name="see_also">SEE ALSO</a></b>
|
|
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
|
|
<a href="master.5.html">master(5)</a>, generic daemon options
|
|
|
|
<b><a name="readme_files">README FILES</a></b>
|
|
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
|
|
|
|
<b><a name="license">LICENSE</a></b>
|
|
The Secure Mailer license must be distributed with this software.
|
|
|
|
<b><a name="history">HISTORY</a></b>
|
|
The proxymap service was introduced with Postfix 2.0.
|
|
|
|
<b>AUTHOR(S)</b>
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
Wietse Venema
|
|
Google, Inc.
|
|
111 8th Avenue
|
|
New York, NY 10011, USA
|
|
|
|
PROXYMAP(8)
|
|
</pre> </body> </html>
|