PROXYMAP(8) PROXYMAP(8)
NAME
proxymap - Postfix lookup table proxy server
SYNOPSIS
proxymap [generic Postfix daemon options]
DESCRIPTION
The proxymap server provides read-only table lookup service to Postfix
client processes. The purpose of the service is:
o To overcome chroot restrictions. For example, a chrooted SMTP
server needs access to the system passwd file in order to reject
mail for non-existent local addresses, but it is not practical
to maintain a copy of the passwd file in the chroot jail. The
solution:
local_recipient_maps =
proxy:unix:passwd.byname $alias_maps
o To consolidate the number of open lookup tables by sharing one
open table among multiple processes. For example, making mysql
connections from every Postfix daemon process results in "too
many connections" errors. The solution:
virtual_alias_maps =
proxy:mysql:/etc/postfix/virtual_alias.cf
The total number of connections is limited by the number of
proxymap server processes.
The proxymap server implements the following requests:
PROXY_REQ_OPEN maptype:mapname flags
Open the table with type maptype and name mapname, as controlled
by flags. The reply is the request completion status code
(below) and the map type dependent flags.
PROXY_REQ_LOOKUP maptype:mapname flags key
Look up the data stored under the requested key. The reply is
the request completion status code (below) and the lookup result
value. The maptype:mapname and flags are the same as with the
PROXY_REQ_OPEN request.
There is no close command, nor are tables implicitly closed when a
client disconnects. One of the purposes of the proxymap server is to
share tables among multiple client processes.
The request completion status code is one of:
PROXY_STAT_OK
The specified table was opened, or the requested entry was
found.
PROXY_STAT_NOKEY
The requested table entry was not found.
PROXY_STAT_BAD
The request was rejected (bad request parameter value).
PROXY_STAT_RETRY
The lookup request could not be completed.
PROXY_STAT_DENY
The specified table was not approved for access via the proxymap
service.
SERVER PROCESS MANAGEMENT
The proxymap servers run under control by the Postfix master server.
Each server can handle multiple simultaneous connections. When all
servers are busy while a client connects, the master creates a new
proxymap server process, provided that the proxymap server process
limit is not exceeded. Each proxymap server terminates after serving
at least $max_use clients or after $max_idle seconds of idle time.
SECURITY
The proxymap server opens only tables that are approved via the
proxy_read_maps configuration parameter, does not talk to users, and
can run at fixed low privilege, chrooted or not. However, running the
proxymap server chrooted severely limits usability, because it can open
only chrooted tables.
The proxymap server is not a trusted daemon process, and must not be
used to look up sensitive information such as user or group IDs, mail-
box file/directory names or external commands.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
BUGS
The proxymap server provides service to multiple clients, and must
therefore not be used for tables that have high-latency lookups.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant to this pro-
gram. Use the postfix reload command after a configuration change.
proxy_read_maps
A list of zero or more parameter values that may contain refer-
ences to Postfix lookup tables. Only table references that begin
with proxy: are approved for read-only access via the proxymap
server.
SEE ALSO
dict_proxy(3) proxy map client
LICENSE
The Secure Mailer license must be distributed with this software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
PROXYMAP(8)