proxymap(8)

1PROXYMAP(8)                 System Manager's Manual                PROXYMAP(8)
2
3
4

NAME

6       proxymap - Postfix lookup table proxy server
7

SYNOPSIS

9       proxymap [generic Postfix daemon options]
10

DESCRIPTION

12       The proxymap(8) server provides read-only table lookup service to Post‐
13       fix processes. The purpose of the service is:
14
15       ·      To overcome chroot restrictions. For example,  a  chrooted  SMTP
16              server needs access to the system passwd file in order to reject
17              mail for non-existent local addresses, but it is  not  practical
18              to  maintain  a copy of the passwd file in the chroot jail.  The
19              solution:
20
21              local_recipient_maps =
22                  proxy:unix:passwd.byname $alias_maps
23
24       ·      To consolidate the number of open lookup tables by  sharing  one
25              open  table  among multiple processes. For example, making mysql
26              connections from every Postfix daemon process  results  in  "too
27              many connections" errors. The solution:
28
29              virtual_alias_maps =
30                  proxy:mysql:/etc/postfix/virtual_alias.cf
31
32              The  total  number  of  connections  is limited by the number of
33              proxymap server processes.
34
35       The proxymap(8) server implements the following requests:
36
37       open maptype:mapname flags
38              Open the table with type maptype and name mapname, as controlled
39              by  flags.  The  reply  includes the maptype dependent flags (to
40              distinguish a fixed string table from a regular  expression  ta‐
41              ble).
42
43       lookup maptype:mapname flags key
44              Look  up  the data stored under the requested key.  The reply is
45              the request completion status code (below) and the lookup result
46              value.   The  maptype:mapname and flags are the same as with the
47              open request.
48
49       There is no close command, nor are  tables  implicitly  closed  when  a
50       client  disconnects.  The  purpose  is  to  share tables among multiple
51       client processes.
52

SERVER PROCESS MANAGEMENT

54       proxymap(8) servers run under control by the Postfix master(8)  server.
55       Each  server  can  handle  multiple simultaneous connections.  When all
56       servers are busy while a client connects, the master(8) creates  a  new
57       proxymap(8)  server  process,  provided  that  the process limit is not
58       exceeded.  Each server  terminates  after  serving  at  least  $max_use
59       clients or after $max_idle seconds of idle time.
60

SECURITY

62       The  proxymap(8)  server  opens  only  tables that are approved via the
63       proxy_read_maps configuration parameter, does not talk  to  users,  and
64       can  run at fixed low privilege, chrooted or not.  However, running the
65       proxymap server chrooted severely limits usability, because it can open
66       only chrooted tables.
67
68       The proxymap(8) server is not a trusted daemon process, and must not be
69       used to look up sensitive information such as user or group IDs,  mail‐
70       box file/directory names or external commands.
71
72       In  Postfix  version  2.2  and  later,  the  proxymap client recognizes
73       requests to access a table for security-sensitive purposes,  and  opens
74       the  table directly. This allows the same main.cf setting to be used by
75       sensitive and non-sensitive processes.
76

DIAGNOSTICS

78       Problems and transactions are logged to syslogd(8).
79

BUGS

81       The proxymap(8) server provides service to multiple clients,  and  must
82       therefore not be used for tables that have high-latency lookups.
83

CONFIGURATION PARAMETERS

85       On  busy  mail systems a long time may pass before proxymap(8) relevant
86       changes to main.cf are picked up. Use the command "postfix  reload"  to
87       speed up a change.
88
89       The  text  below provides only a parameter summary. See postconf(5) for
90       more details including examples.
91
92       config_directory (see 'postconf -d' output)
93              The default location of the Postfix main.cf and  master.cf  con‐
94              figuration files.
95
96       daemon_timeout (18000s)
97              How  much  time  a  Postfix  daemon process may take to handle a
98              request before it is terminated by a built-in watchdog timer.
99
100       ipc_timeout (3600s)
101              The time limit for sending  or  receiving  information  over  an
102              internal communication channel.
103
104       max_idle (100s)
105              The  maximum  amount of time that an idle Postfix daemon process
106              waits for an incoming connection before terminating voluntarily.
107
108       max_use (100)
109              The maximal number of incoming connections that a Postfix daemon
110              process will service before terminating voluntarily.
111
112       process_id (read-only)
113              The process ID of a Postfix command or daemon process.
114
115       process_name (read-only)
116              The process name of a Postfix command or daemon process.
117
118       proxy_read_maps (see 'postconf -d' output)
119              The  lookup  tables  that  the  proxymap(8) server is allowed to
120              access.
121

README FILES

127       Use "postconf readme_directory" or "postconf html_directory" to  locate
128       this information.
129       DATABASE_README, Postfix lookup table overview
130

LICENSE

132       The Secure Mailer license must be distributed with this software.
133

HISTORY

135       The proxymap service was introduced with Postfix 2.0.
136

AUTHOR(S)

138       Wietse Venema
139       IBM T.J. Watson Research
140       P.O. Box 704
141       Yorktown Heights, NY 10598, USA
142
143
144
145                                                                   PROXYMAP(8)