proxymap | Début | Suivant | Sommaire | Préc.page.lue | Accueil |
NAME | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
SYNOPSIS | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
proxymap [generic Postfix daemon options]
DESCRIPTION | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias.cf
The total number of connections is limited by the number of proxymap server processes.
The proxymap(8) server implements the following requests:
To implement single-updater maps, specify a process limit of 1 in the master.cf file entry for the proxywrite service.
This request is supported in Postfix 2.5 and later.
This request is supported in Postfix 2.5 and later.
The request completion status is one of OK, RETRY, NOKEY (lookup failed because the key was not found), BAD (malformed request) or DENY (the table is not approved for proxy read or update access).
There is no close command, nor are tables implicitly closed when a client disconnects. The purpose is to share tables among multiple client processes.
SERVER PROCESS MANAGEMENT | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
proxymap(8) servers run under control by the Postfix master(8) server. Each server can handle multiple simultaneous connections. When all servers are busy while a client connects, the master(8) creates a new proxymap(8) server process, provided that the process limit is not exceeded. Each server terminates after serving at least $max_use clients or after $max_idle seconds of idle time.
SECURITY | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
The proxymap(8) server opens only tables that are approved via the proxy_read_maps or proxy_write_maps configuration parameters, does not talk to users, and can run at fixed low privilege, chrooted or not. However, running the proxymap server chrooted severely limits usability, because it can open only chrooted tables.
The proxymap(8) server is not a trusted daemon process, and must not be used to look up sensitive information such as user or group IDs, mailbox file/directory names or external commands.
In Postfix version 2.2 and later, the proxymap client recognizes requests to access a table for security-sensitive purposes, and opens the table directly. This allows the same main.cf setting to be used by sensitive and non-sensitive processes.
Postfix-writable data files should be stored under a dedicated directory that is writable only by the Postfix mail system, such as the Postfix-owned data_directory.
In particular, Postfix-writable files should never exist in root-owned directories. That would open up a particular type of security hole where ownership of a file or directory does not match the provider of its content.
DIAGNOSTICS | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
BUGS | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
The proxymap(8) read-write service does not explicitly close lookup tables (even if it did, this could not be relied on, because the process may be terminated between table updates). The read-write service should therefore not be used with tables that leave persistent storage in an inconsistent state between updates (for example, CDB). Tables that support "sync on update" should be safe (for example, Berkeley DB) as should tables that are implemented by a real DBMS.
CONFIGURATION PARAMETERS | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
On busy mail systems a long time may pass before proxymap(8) relevant changes to main.cf are picked up. Use the command "postfix reload" to speed up a change.
The text below provides only a parameter summary. See postconf(5) for more details including examples.
Available in Postfix 2.5 and later:
SEE ALSO | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
postconf(5), configuration parameters master(5), generic daemon options
README FILES | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
Use "postconf readme_directory" or "postconf html_directory" to locate this information.
DATABASE_README, Postfix lookup table overview
LICENSE | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
The Secure Mailer license must be distributed with this software.
HISTORY | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
The proxymap service was introduced with Postfix 2.0.
AUTHOR(S) | Début | Précédent | Suivant | Sommaire | Préc.page.lue | Accueil |
Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA
Sommaire | Début | Suivant | Sommaire | Préc.page.lue | Accueil |
Table des mots clés | Début | Suivant | Sommaire | Préc.page.lue | Accueil |
config_directory (see 'postconf -d' output) | CONFIGURATION PARAMETERS |
daemon_timeout (18000s) | CONFIGURATION PARAMETERS |
data_directory (see 'postconf -d' output) | CONFIGURATION PARAMETERS |
delete maptype:mapname flags key | DESCRIPTION |
ipc_timeout (3600s) | CONFIGURATION PARAMETERS |
lookup maptype:mapname flags key | DESCRIPTION |
max_idle (100s) | CONFIGURATION PARAMETERS |
max_use (100) | CONFIGURATION PARAMETERS |
open maptype:mapname flags | DESCRIPTION |
process_id (read-only) | CONFIGURATION PARAMETERS |
process_name (read-only) | CONFIGURATION PARAMETERS |
proxy_read_maps (see 'postconf -d' output) | CONFIGURATION PARAMETERS |
proxy_write_maps (see 'postconf -d' output) | CONFIGURATION PARAMETERS |
update maptype:mapname flags key value | DESCRIPTION |