Seth Woolley's Man Viewer

proxymap(8) - proxymap - Postfix lookup table proxy server - man 8 proxymap

([section] manual, -k keyword, -K [section] search, -f whatis)
man plain no title

PROXYMAP(8)                                                        PROXYMAP(8)

       proxymap - Postfix lookup table proxy server

       proxymap [generic Postfix daemon options]

       The proxymap(8) server provides read-only table lookup service to Post-
       fix processes. The purpose of the service is:

             To overcome chroot(1,2) restrictions. For example,  a  chrooted  SMTP
              server needs access(2,5) to the system passwd(1,5) file(1,n) in(1,8) order to reject
              mail(1,8) for non-existent local addresses, but it is  not  practical
              to  maintain  a copy of the passwd(1,5) file(1,n) in(1,8) the chroot(1,2) jail.  The

              local_recipient_maps =
                  proxy:unix:passwd.byname $alias_maps

             To consolidate the number of open(2,3,n) lookup tables by  sharing  one
              open(2,3,n)  table  among multiple processes. For example, making mysql
              connections from every Postfix daemon process  results  in(1,8)  "too
              many connections" errors. The solution:

              virtual_alias_maps =

              The  total  number  of  connections  is limited by the number of
              proxymap server processes.

       The proxymap(8) server implements the following requests:

       open(2,3,n) maptype:mapname flags
              Open the table with type maptype and name mapname, as controlled
              by  flags.  The  reply  includes the maptype dependent flags (to
              distinguish a fixed string(3,n) table from a regular  expression  ta-

       lookup maptype:mapname flags key
              Look  up  the data stored under the requested key.  The reply is
              the request completion status code (below) and the lookup result
              value.   The  maptype:mapname and flags are the same as with the
              open(2,3,n) request.

       There is no close(2,7,n) command, nor are  tables  implicitly  closed  when  a
       client  disconnects.  The  purpose  is  to  share tables among multiple
       client processes.

       proxymap(8) servers run under control by the Postfix master(5,8)(8)  server.
       Each  server  can  handle  multiple simultaneous connections.  When all
       servers are busy while a client connects, the master(5,8)(8) creates  a  new
       proxymap(8)  server  process,  provided  that  the process limit is not
       exceeded.  Each server  terminates  after  serving  at  least  $max_use
       clients or after $max_idle seconds of idle time.

       The  proxymap(8)  server  opens  only  tables that are approved via the
       proxy_read_maps configuration parameter, does not talk  to  users(1,5),  and
       can  run at fixed low privilege, chrooted or not.  However, running the
       proxymap server chrooted severely limits usability, because it can open(2,3,n)
       only chrooted tables.

       The proxymap(8) server is not a trusted daemon process, and must not be
       used to look(1,8,3 Search::Dict) up sensitive information such as user or group IDs,  mail-
       box file(1,n)/directory names or external commands.

       In  Postfix  version(1,3,5)  2.2  and  later,  the  proxymap client recognizes
       requests to access(2,5) a table for security-sensitive purposes,  and  opens
       the  table directly. This allows the same setting to be used by
       sensitive and non-sensitive processes.

       Problems and transactions are logged to syslogd(8).

       The proxymap(8) server provides service to multiple clients,  and  must
       therefore not be used for tables that have high-latency lookups.

       On  busy  mail(1,8) systems a long time(1,2,n) may pass before proxymap(8) relevant
       changes to are picked up. Use the command "postfix  reload"  to
       speed up a change.

       The  text  below provides only a parameter summary. See postconf(1,5)(5) for
       more details including examples.

       config_directory (see 'postconf(1,5) -d' output)
              The default location of the Postfix and  con-
              figuration files.

       daemon_timeout (18000s)
              How  much  time(1,2,n)  a  Postfix  daemon process may take to handle a
              request before it is terminated by a built-in watchdog(5,8) timer.

       ipc_timeout (3600s)
              The time(1,2,n) limit for sending  or  receiving  information  over  an
              internal communication channel.

       max_idle (100s)
              The  maximum  amount of time(1,2,n) that an idle Postfix daemon process
              waits for the next service request before exiting.

       max_use (100)
              The maximal number of connection requests before a Postfix  dae-
              mon process terminates.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       proxy_read_maps (see 'postconf(1,5) -d' output)
              The  lookup  tables  that  the  proxymap(8) server is allowed to

       postconf(1,5)(5), configuration parameters
       master(5,8)(5), generic daemon options

       Use "postconf(1,5) readme_directory" or "postconf(1,5) html_directory" to  locate
       this information.
       DATABASE_README, Postfix lookup table overview

       The Secure Mailer license must be distributed with this software.

       The proxymap service was introduced with Postfix 2.0.

       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA


References for this manual (incoming links)