PROXYMAP(8) PROXYMAP(8) NAME proxymap - Postfix lookup table proxy server SYNOPSIS proxymap [generic Postfix daemon options] DESCRIPTION The proxymap server provides read-only table lookup ser- vice to Postfix client processes. The purpose of the ser- vice is: o To overcome chroot restrictions. For example, a chrooted SMTP server needs access to the system passwd file in order to reject mail for non-exis- tent local addresses, but it is not practical to maintain a copy of the passwd file in the chroot jail. The solution: local_recipient_maps = proxy:unix:passwd.byname $alias_maps o To consolidate the number of open lookup tables by sharing one open table among multiple processes. For example, making mysql connections from every Postfix daemon process results in "too many connec- tions" errors. The solution: virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias.cf The total number of connections is limited by the number of proxymap server processes. The proxymap server implements the following requests: PROXY_REQ_OPEN maptype:mapname flags Open the table with type maptype and name mapname, as controlled by flags. The reply is the request completion status code (below) and the map type dependent flags. PROXY_REQ_LOOKUP maptype:mapname flags key Look up the data stored under the requested key. The reply is the request completion status code (below) and the lookup result value. The map- type:mapname and flags are the same as with the PROXY_REQ_OPEN request. There is no close command, nor are tables implicitly closed when a client disconnects. One of the purposes of the proxymap server is to share tables among multiple client processes. The request completion status code is one of: PROXY_STAT_OK The specified table was opened, or the requested entry was found. PROXY_STAT_NOKEY The requested table entry was not found. PROXY_STAT_BAD The request was rejected (bad request parameter value). PROXY_STAT_RETRY The lookup request could not be completed. PROXY_STAT_DENY The specified table was not approved for access via the proxymap service. SERVER PROCESS MANAGEMENT The proxymap servers run under control by the Postfix mas- ter server. Each server can handle multiple simultaneous connections. When all servers are busy while a client connects, the master creates a new proxymap server pro- cess, provided that the proxymap server process limit is not exceeded. Each proxymap server terminates after serv- ing at least $max_use clients or after $max_idle seconds of idle time. SECURITY The proxymap server opens only tables that are approved via the proxy_read_maps configuration parameter, does not talk to users, and can run at fixed low privilege, chrooted or not. However, running the proxymap server chrooted severely limits usability, because it can open only chrooted tables. The proxymap server is not a trusted daemon process, and must not be used to look up sensitive information such as user or group IDs, mailbox file/directory names or exter- nal commands. DIAGNOSTICS Problems and transactions are logged to syslogd(8). BUGS The proxymap server provides service to multiple clients, and must therefore not be used for tables that have high- latency lookups. CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this program. Use the postfix reload command after a configuration change. proxy_read_maps A list of zero or more parameter values that may contain references to Postfix lookup tables. Only table references that begin with proxy: are approved for read-only access via the proxymap server. SEE ALSO dict_proxy(3) proxy map client LICENSE The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA PROXYMAP(8)