{ "content": [ { "type": "text", "text": "# PROXYMAP (man)\n\n## NAME\n\nproxymap - Postfix lookup table proxy server\n\n## SYNOPSIS\n\nproxymap [generic Postfix daemon options]\n\n## DESCRIPTION\n\nThe proxymap(8) server provides read-only or read-write table lookup service to Postfix pro‐\ncesses. These services are implemented with distinct service names: proxymap and proxywrite,\nrespectively. The purpose of these services is:\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **SERVER PROCESS MANAGEMENT**\n- **SECURITY**\n- **DIAGNOSTICS**\n- **BUGS**\n- **CONFIGURATION PARAMETERS**\n- **SEE ALSO**\n- **README FILES**\n- **LICENSE**\n- **HISTORY**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "PROXYMAP", "section": "", "mode": "man", "summary": "proxymap - Postfix lookup table proxy server", "synopsis": "proxymap [generic Postfix daemon options]", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [ { "name": "postconf", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/postconf/5/json" }, { "name": "master", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/master/5/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 65, "subsections": [] }, { "name": "SERVER PROCESS MANAGEMENT", "lines": 6, "subsections": [] }, { "name": "SECURITY", "lines": 20, "subsections": [] }, { "name": "DIAGNOSTICS", "lines": 2, "subsections": [] }, { "name": "BUGS", "lines": 10, "subsections": [] }, { "name": "CONFIGURATION PARAMETERS", "lines": 54, "subsections": [] }, { "name": "SEE ALSO", "lines": 3, "subsections": [] }, { "name": "README FILES", "lines": 3, "subsections": [] }, { "name": "LICENSE", "lines": 2, "subsections": [] }, { "name": "HISTORY", "lines": 16, "subsections": [] } ], "sections": { "NAME": { "content": "proxymap - Postfix lookup table proxy server\n", "subsections": [] }, "SYNOPSIS": { "content": "proxymap [generic Postfix daemon options]\n", "subsections": [] }, "DESCRIPTION": { "content": "The proxymap(8) server provides read-only or read-write table lookup service to Postfix pro‐\ncesses. These services are implemented with distinct service names: proxymap and proxywrite,\nrespectively. The purpose of these services is:\n\n• To overcome chroot restrictions. For example, a chrooted SMTP server needs access to\nthe system passwd file in order to reject mail for non-existent local addresses, but\nit is not practical to maintain a copy of the passwd file in the chroot jail. The so‐\nlution:\n\nlocalrecipientmaps =\nproxy:unix:passwd.byname $aliasmaps\n\n• To consolidate the number of open lookup tables by sharing one open table among multi‐\nple processes. For example, making mysql connections from every Postfix daemon process\nresults in \"too many connections\" errors. The solution:\n\nvirtualaliasmaps =\nproxy:mysql:/etc/postfix/virtualalias.cf\n\nThe total number of connections is limited by the number of proxymap server processes.\n\n• To provide single-updater functionality for lookup tables that do not reliably support\nmultiple writers (i.e. all file-based tables).\n\nThe proxymap(8) server implements the following requests:\n\nopen maptype:mapname flags\nOpen the table with type maptype and name mapname, as controlled by flags. The reply\nincludes the maptype dependent flags (to distinguish a fixed string table from a regu‐\nlar expression table).\n\nlookup maptype:mapname flags key\nLook up the data stored under the requested key. The reply is the request completion\nstatus code and the lookup result value. The maptype:mapname and flags are the same\nas with the open request.\n\nupdate maptype:mapname flags key value\nUpdate the data stored under the requested key. The reply is the request completion\nstatus code. The maptype:mapname and flags are the same as with the open request.\n\nTo implement single-updater maps, specify a process limit of 1 in the master.cf file\nentry for the proxywrite service.\n\nThis request is supported in Postfix 2.5 and later.\n\ndelete maptype:mapname flags key\nDelete the data stored under the requested key. The reply is the request completion\nstatus code. The maptype:mapname and flags are the same as with the open request.\n\nThis request is supported in Postfix 2.5 and later.\n\nsequence maptype:mapname flags function\nIterate over the specified database. The function is one of DICTSEQFUNFIRST or\nDICTSEQFUNNEXT. The reply is the request completion status code and a lookup key\nand result value, if found.\n\nThis request is supported in Postfix 2.9 and later.\n\nThe request completion status is one of OK, RETRY, NOKEY (lookup failed because the key was\nnot found), BAD (malformed request) or DENY (the table is not approved for proxy read or up‐\ndate access).\n\nThere is no close command, nor are tables implicitly closed when a client disconnects. The\npurpose is to share tables among multiple client processes.\n", "subsections": [] }, "SERVER PROCESS MANAGEMENT": { "content": "proxymap(8) servers run under control by the Postfix master(8) server. Each server can han‐\ndle multiple simultaneous connections. When all servers are busy while a client connects,\nthe master(8) creates a new proxymap(8) server process, provided that the process limit is\nnot exceeded. Each server terminates after serving at least $maxuse clients or after\n$maxidle seconds of idle time.\n", "subsections": [] }, "SECURITY": { "content": "The proxymap(8) server opens only tables that are approved via the proxyreadmaps or\nproxywritemaps configuration parameters, does not talk to users, and can run at fixed low\nprivilege, chrooted or not. However, running the proxymap server chrooted severely limits\nusability, because it can open only chrooted tables.\n\nThe proxymap(8) server is not a trusted daemon process, and must not be used to look up sen‐\nsitive information such as UNIX user or group IDs, mailbox file/directory names or external\ncommands.\n\nIn Postfix version 2.2 and later, the proxymap client recognizes requests to access a table\nfor security-sensitive purposes, and opens the table directly. This allows the same main.cf\nsetting to be used by sensitive and non-sensitive processes.\n\nPostfix-writable data files should be stored under a dedicated directory that is writable\nonly by the Postfix mail system, such as the Postfix-owned datadirectory.\n\nIn particular, Postfix-writable files should never exist in root-owned directories. That\nwould open up a particular type of security hole where ownership of a file or directory does\nnot match the provider of its content.\n", "subsections": [] }, "DIAGNOSTICS": { "content": "Problems and transactions are logged to syslogd(8) or postlogd(8).\n", "subsections": [] }, "BUGS": { "content": "The proxymap(8) server provides service to multiple clients, and must therefore not be used\nfor tables that have high-latency lookups.\n\nThe proxymap(8) read-write service does not explicitly close lookup tables (even if it did,\nthis could not be relied on, because the process may be terminated between table updates).\nThe read-write service should therefore not be used with tables that leave persistent storage\nin an inconsistent state between updates (for example, CDB). Tables that support \"sync on up‐\ndate\" should be safe (for example, Berkeley DB) as should tables that are implemented by a\nreal DBMS.\n", "subsections": [] }, "CONFIGURATION PARAMETERS": { "content": "On busy mail systems a long time may pass before proxymap(8) relevant changes to main.cf are\npicked up. Use the command \"postfix reload\" to speed up a change.\n\nThe text below provides only a parameter summary. See postconf(5) for more details including\nexamples.\n\nconfigdirectory (see 'postconf -d' output)\nThe default location of the Postfix main.cf and master.cf configuration files.\n\ndatadirectory (see 'postconf -d' output)\nThe directory with Postfix-writable data files (for example: caches, pseudo-random\nnumbers).\n\ndaemontimeout (18000s)\nHow much time a Postfix daemon process may take to handle a request before it is ter‐\nminated by a built-in watchdog timer.\n\nipctimeout (3600s)\nThe time limit for sending or receiving information over an internal communication\nchannel.\n\nmaxidle (100s)\nThe maximum amount of time that an idle Postfix daemon process waits for an incoming\nconnection before terminating voluntarily.\n\nmaxuse (100)\nThe maximal number of incoming connections that a Postfix daemon process will service\nbefore terminating voluntarily.\n\nprocessid (read-only)\nThe process ID of a Postfix command or daemon process.\n\nprocessname (read-only)\nThe process name of a Postfix command or daemon process.\n\nproxyreadmaps (see 'postconf -d' output)\nThe lookup tables that the proxymap(8) server is allowed to access for the read-only\nservice.\n\nAvailable in Postfix 2.5 and later:\n\ndatadirectory (see 'postconf -d' output)\nThe directory with Postfix-writable data files (for example: caches, pseudo-random\nnumbers).\n\nproxywritemaps (see 'postconf -d' output)\nThe lookup tables that the proxymap(8) server is allowed to access for the read-write\nservice.\n\nAvailable in Postfix 3.3 and later:\n\nservicename (read-only)\nThe master.cf service name of a Postfix daemon process.\n", "subsections": [] }, "SEE ALSO": { "content": "postconf(5), configuration parameters\nmaster(5), generic daemon options\n", "subsections": [] }, "README FILES": { "content": "Use \"postconf readmedirectory\" or \"postconf htmldirectory\" to locate this information.\nDATABASEREADME, Postfix lookup table overview\n", "subsections": [] }, "LICENSE": { "content": "The Secure Mailer license must be distributed with this software.\n", "subsections": [] }, "HISTORY": { "content": "The proxymap service was introduced with Postfix 2.0.\n\nAUTHOR(S)\nWietse Venema\nIBM T.J. Watson Research\nP.O. Box 704\nYorktown Heights, NY 10598, USA\n\nWietse Venema\nGoogle, Inc.\n111 8th Avenue\nNew York, NY 10011, USA\n\n\n\nPROXYMAP(8postfix)", "subsections": [] } } } }