unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Page:
Section:
Apropos / Subsearch:
optional field

PROXYMAP(8)                 System Manager's Manual                PROXYMAP(8)



NAME
       proxymap - Postfix lookup table proxy server

SYNOPSIS
       proxymap [generic Postfix daemon options]

DESCRIPTION
       The  proxymap server provides read-only table lookup service to Postfix
       client processes. The purpose of the service is:

       o      To overcome chroot restrictions. For example,  a  chrooted  SMTP
              server needs access to the system passwd file in order to reject
              mail for non-existent local addresses, but it is  not  practical
              to  maintain  a copy of the passwd file in the chroot jail.  The
              solution:

              local_recipient_maps =
                  proxy:unix:passwd.byname $alias_maps

       o      To consolidate the number of open lookup tables by  sharing  one
              open  table  among multiple processes. For example, making mysql
              connections from every Postfix daemon process  results  in  "too
              many connections" errors. The solution:

              virtual_alias_maps =
                  proxy:mysql:/etc/postfix/virtual_alias.cf

              The  total  number  of  connections  is limited by the number of
              proxymap server processes.

       The proxymap server implements the following requests:

       PROXY_REQ_OPEN maptype:mapname flags
              Open the table with type maptype and name mapname, as controlled
              by  flags.   The  reply  is  the  request completion status code
              (below) and the map type dependent flags.

       PROXY_REQ_LOOKUP maptype:mapname flags key
              Look up the data stored under the requested key.  The  reply  is
              the request completion status code (below) and the lookup result
              value.  The maptype:mapname and flags are the same as  with  the
              PROXY_REQ_OPEN request.

       There  is  no  close  command,  nor are tables implicitly closed when a
       client disconnects. One of the purposes of the proxymap  server  is  to
       share tables among multiple client processes.

       The request completion status code is one of:

       PROXY_STAT_OK
              The  specified  table  was  opened,  or  the requested entry was
              found.

       PROXY_STAT_NOKEY
              The requested table entry was not found.

       PROXY_STAT_BAD
              The request was rejected (bad request parameter value).

       PROXY_STAT_RETRY
              The lookup request could not be completed.

       PROXY_STAT_DENY
              The specified table was not approved for access via the proxymap
              service.

SERVER PROCESS MANAGEMENT
       The  proxymap  servers  run under control by the Postfix master server.
       Each server can handle multiple  simultaneous  connections.   When  all
       servers  are  busy  while  a  client connects, the master creates a new
       proxymap server process, provided  that  the  proxymap  server  process
       limit  is  not exceeded.  Each proxymap server terminates after serving
       at least $max_use clients or after $max_idle seconds of idle time.

SECURITY
       The proxymap server  opens  only  tables  that  are  approved  via  the
       proxy_read_maps  configuration  parameter,  does not talk to users, and
       can run at fixed low privilege, chrooted or not.  However, running  the
       proxymap server chrooted severely limits usability, because it can open
       only chrooted tables.

       The proxymap server is not a trusted daemon process, and  must  not  be
       used  to look up sensitive information such as user or group IDs, mail-
       box file/directory names or external commands.

DIAGNOSTICS
       Problems and transactions are logged to syslogd(8).

BUGS
       The proxymap server provides service  to  multiple  clients,  and  must
       therefore not be used for tables that have high-latency lookups.

CONFIGURATION PARAMETERS
       The  following  main.cf parameters are especially relevant to this pro-
       gram. Use the postfix reload command after a configuration change.

       proxy_read_maps
              A list of zero or more parameter values that may contain  refer-
              ences to Postfix lookup tables. Only table references that begin
              with proxy: are approved for read-only access via  the  proxymap
              server.

SEE ALSO
       dict_proxy(3) proxy map client

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA



                                                                   PROXYMAP(8)