PROXYMAP(8) PROXYMAP(8)
NAME
proxymap - Postfix lookup table proxy server
SYNOPSIS
proxymap [generic Postfix daemon options]
DESCRIPTION
The proxymap server provides read-only table lookup ser-
vice to Postfix client processes. The purpose of the ser-
vice is:
o To overcome chroot restrictions. For example, a
chrooted SMTP server needs access to the system
passwd file in order to reject mail for non-exis-
tent local addresses, but it is not practical to
maintain a copy of the passwd file in the chroot
jail. The solution:
local_recipient_maps =
proxy:unix:passwd.byname $alias_maps
o To consolidate the number of open lookup tables by
sharing one open table among multiple processes.
For example, making mysql connections from every
Postfix daemon process results in "too many connec-
tions" errors. The solution:
virtual_alias_maps =
proxy:mysql:/etc/postfix/virtual_alias.cf
The total number of connections is limited by the
number of proxymap server processes.
The proxymap server implements the following requests:
PROXY_REQ_OPEN maptype:mapname flags
Open the table with type maptype and name mapname,
as controlled by flags. The reply is the request
completion status code (below) and the map type
dependent flags.
PROXY_REQ_LOOKUP maptype:mapname flags key
Look up the data stored under the requested key.
The reply is the request completion status code
(below) and the lookup result value. The map-
type:mapname and flags are the same as with the
PROXY_REQ_OPEN request.
There is no close command, nor are tables implicitly
closed when a client disconnects. One of the purposes of
the proxymap server is to share tables among multiple
client processes.
The request completion status code is one of:
PROXY_STAT_OK
The specified table was opened, or the requested
entry was found.
PROXY_STAT_NOKEY
The requested table entry was not found.
PROXY_STAT_BAD
The request was rejected (bad request parameter
value).
PROXY_STAT_RETRY
The lookup request could not be completed.
PROXY_STAT_DENY
The specified table was not approved for access via
the proxymap service.
SERVER PROCESS MANAGEMENT
The proxymap servers run under control by the Postfix mas-
ter server. Each server can handle multiple simultaneous
connections. When all servers are busy while a client
connects, the master creates a new proxymap server pro-
cess, provided that the proxymap server process limit is
not exceeded. Each proxymap server terminates after serv-
ing at least $max_use clients or after $max_idle seconds
of idle time.
SECURITY
The proxymap server opens only tables that are approved
via the proxy_read_maps configuration parameter, does not
talk to users, and can run at fixed low privilege,
chrooted or not. However, running the proxymap server
chrooted severely limits usability, because it can open
only chrooted tables.
The proxymap server is not a trusted daemon process, and
must not be used to look up sensitive information such as
user or group IDs, mailbox file/directory names or exter-
nal commands.
DIAGNOSTICS
Problems and transactions are logged to syslogd(8).
BUGS
The proxymap server provides service to multiple clients,
and must therefore not be used for tables that have high-
latency lookups.
CONFIGURATION PARAMETERS
The following main.cf parameters are especially relevant
to this program. Use the postfix reload command after a
configuration change.
proxy_read_maps
A list of zero or more parameter values that may
contain references to Postfix lookup tables. Only
table references that begin with proxy: are
approved for read-only access via the proxymap
server.
SEE ALSO
dict_proxy(3) proxy map client
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
PROXYMAP(8)