168 lines
5.1 KiB
Groff
168 lines
5.1 KiB
Groff
.\" $NetBSD: proxymap.8,v 1.1.1.6 2005/08/18 21:04:21 rpaulo Exp $
|
|
.\"
|
|
.TH PROXYMAP 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
proxymap
|
|
\-
|
|
Postfix lookup table proxy server
|
|
.SH "SYNOPSIS"
|
|
.na
|
|
.nf
|
|
\fBproxymap\fR [generic Postfix daemon options]
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The \fBproxymap\fR(8) server provides read-only table
|
|
lookup service to Postfix processes. The purpose
|
|
of the service is:
|
|
.IP \(bu
|
|
To overcome chroot restrictions. For example, a chrooted SMTP
|
|
server needs access to the system passwd file in order to
|
|
reject mail for non-existent local addresses, but it is not
|
|
practical to maintain a copy of the passwd file in the chroot
|
|
jail. The solution:
|
|
.sp
|
|
local_recipient_maps =
|
|
.ti +4
|
|
proxy:unix:passwd.byname $alias_maps
|
|
.IP \(bu
|
|
To consolidate the number of open lookup tables by sharing
|
|
one open table among multiple processes. For example, making
|
|
mysql connections from every Postfix daemon process results
|
|
in "too many connections" errors. The solution:
|
|
.sp
|
|
virtual_alias_maps =
|
|
.ti +4
|
|
proxy:mysql:/etc/postfix/virtual_alias.cf
|
|
.sp
|
|
The total number of connections is limited by the number of
|
|
proxymap server processes.
|
|
.PP
|
|
The \fBproxymap\fR(8) server implements the following requests:
|
|
.IP "\fBopen\fR \fImaptype:mapname flags\fR"
|
|
Open the table with type \fImaptype\fR and name \fImapname\fR,
|
|
as controlled by \fIflags\fR. The reply includes the \fImaptype\fR
|
|
dependent flags (to distinguish a fixed string table from a regular
|
|
expression table).
|
|
.IP "\fBlookup\fR \fImaptype:mapname flags key\fR"
|
|
Look up the data stored under the requested key.
|
|
The reply is the request completion status code (below) and
|
|
the lookup result value.
|
|
The \fImaptype:mapname\fR and \fIflags\fR are the same
|
|
as with the \fBopen\fR request.
|
|
.PP
|
|
There is no \fBclose\fR command, nor are tables implicitly closed
|
|
when a client disconnects. The purpose is to share tables among
|
|
multiple client processes.
|
|
.SH "SERVER PROCESS MANAGEMENT"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
\fBproxymap\fR(8) servers run under control by the Postfix
|
|
\fBmaster\fR(8)
|
|
server. Each server can handle multiple simultaneous connections.
|
|
When all servers are busy while a client connects, the \fBmaster\fR(8)
|
|
creates a new \fBproxymap\fR(8) server process, provided that the
|
|
process limit is not exceeded.
|
|
Each server terminates after serving at least \fB$max_use\fR clients
|
|
or after \fB$max_idle\fR seconds of idle time.
|
|
.SH "SECURITY"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBproxymap\fR(8) server opens only tables that are approved via the
|
|
\fBproxy_read_maps\fR configuration parameter, does not talk to
|
|
users, and can run at fixed low privilege, chrooted or not.
|
|
However, running the proxymap server chrooted severely limits
|
|
usability, because it can open only chrooted tables.
|
|
|
|
The \fBproxymap\fR(8) server is not a trusted daemon process, and must
|
|
not be used to look up sensitive information such as user or
|
|
group IDs, mailbox file/directory names or external commands.
|
|
|
|
In Postfix version 2.2 and later, the proxymap client recognizes
|
|
requests to access a table for security-sensitive purposes,
|
|
and opens the table directly. This allows the same main.cf
|
|
setting to be used by sensitive and non-sensitive processes.
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to \fBsyslogd\fR(8).
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
The \fBproxymap\fR(8) server provides service to multiple clients,
|
|
and must therefore not be used for tables that have high-latency
|
|
lookups.
|
|
.SH "CONFIGURATION PARAMETERS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
On busy mail systems a long time may pass before
|
|
\fBproxymap\fR(8) relevant
|
|
changes to \fBmain.cf\fR are picked up. Use the command
|
|
"\fBpostfix reload\fR" to speed up a change.
|
|
|
|
The text below provides only a parameter summary. See
|
|
\fBpostconf\fR(5) for more details including examples.
|
|
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
|
|
The default location of the Postfix main.cf and master.cf
|
|
configuration files.
|
|
.IP "\fBdaemon_timeout (18000s)\fR"
|
|
How much time a Postfix daemon process may take to handle a
|
|
request before it is terminated by a built-in watchdog timer.
|
|
.IP "\fBipc_timeout (3600s)\fR"
|
|
The time limit for sending or receiving information over an internal
|
|
communication channel.
|
|
.IP "\fBmax_idle (100s)\fR"
|
|
The maximum amount of time that an idle Postfix daemon process
|
|
waits for the next service request before exiting.
|
|
.IP "\fBmax_use (100)\fR"
|
|
The maximal number of connection requests before a Postfix daemon
|
|
process terminates.
|
|
.IP "\fBprocess_id (read-only)\fR"
|
|
The process ID of a Postfix command or daemon process.
|
|
.IP "\fBprocess_name (read-only)\fR"
|
|
The process name of a Postfix command or daemon process.
|
|
.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
|
|
The lookup tables that the \fBproxymap\fR(8) server is allowed to access.
|
|
.SH "SEE ALSO"
|
|
.na
|
|
.nf
|
|
postconf(5), configuration parameters
|
|
master(5), generic daemon options
|
|
.SH "README FILES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Use "\fBpostconf readme_directory\fR" or
|
|
"\fBpostconf html_directory\fR" to locate this information.
|
|
.na
|
|
.nf
|
|
DATABASE_README, Postfix lookup table overview
|
|
.SH "LICENSE"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH "HISTORY"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The proxymap service was introduced with Postfix 2.0.
|
|
.SH "AUTHOR(S)"
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|