Provided by: postfix_2.2.10-1_i386 bug


       proxymap - Postfix lookup table proxy server


       proxymap [generic Postfix daemon options]


       The  proxymap(8)  server  provides  read-only  table  lookup service to
       Postfix processes. The purpose of the service is:

       ·      To overcome chroot restrictions. For example,  a  chrooted  SMTP
              server needs access to the system passwd file in order to reject
              mail for non-existent local addresses, but it is  not  practical
              to  maintain  a copy of the passwd file in the chroot jail.  The

              local_recipient_maps =
                  proxy:unix:passwd.byname $alias_maps

       ·      To consolidate the number of open lookup tables by  sharing  one
              open  table  among multiple processes. For example, making mysql
              connections from every Postfix daemon process  results  in  "too
              many connections" errors. The solution:

              virtual_alias_maps =

              The  total  number  of  connections  is limited by the number of
              proxymap server processes.

       The proxymap(8) server implements the following requests:

       open maptype:mapname flags
              Open the table with type maptype and name mapname, as controlled
              by  flags.  The  reply  includes the maptype dependent flags (to
              distinguish a fixed  string  table  from  a  regular  expression

       lookup maptype:mapname flags key
              Look  up  the data stored under the requested key.  The reply is
              the request completion status code (below) and the lookup result
              value.   The  maptype:mapname and flags are the same as with the
              open request.

       There is no close command, nor are  tables  implicitly  closed  when  a
       client  disconnects.  The  purpose  is  to  share tables among multiple
       client processes.


       proxymap(8) servers run under control by the Postfix master(8)  server.
       Each  server  can  handle  multiple simultaneous connections.  When all
       servers are busy while a client connects, the master(8) creates  a  new
       proxymap(8)  server  process,  provided  that  the process limit is not
       exceeded.  Each server  terminates  after  serving  at  least  $max_use
       clients or after $max_idle seconds of idle time.


       The  proxymap(8)  server  opens  only  tables that are approved via the
       proxy_read_maps configuration parameter, does not talk  to  users,  and
       can  run at fixed low privilege, chrooted or not.  However, running the
       proxymap server chrooted severely limits usability, because it can open
       only chrooted tables.

       The proxymap(8) server is not a trusted daemon process, and must not be
       used to look up sensitive  information  such  as  user  or  group  IDs,
       mailbox file/directory names or external commands.

       In  Postfix  version  2.2  and  later,  the  proxymap client recognizes
       requests to access a table for security-sensitive purposes,  and  opens
       the  table directly. This allows the same setting to be used by
       sensitive and non-sensitive processes.


       Problems and transactions are logged to syslogd(8).


       The proxymap(8) server provides service to multiple clients,  and  must
       therefore not be used for tables that have high-latency lookups.


       On  busy  mail systems a long time may pass before proxymap(8) relevant
       changes to are picked up. Use the command "postfix  reload"  to
       speed up a change.

       The  text  below provides only a parameter summary. See postconf(5) for
       more details including examples.

       config_directory (seepostconf -doutput)
              The default  location  of  the  Postfix  and
              configuration files.

       daemon_timeout (18000s)
              How  much  time  a  Postfix  daemon process may take to handle a
              request before it is terminated by a built-in watchdog timer.

       ipc_timeout (3600s)
              The time limit for sending  or  receiving  information  over  an
              internal communication channel.

       max_idle (100s)
              The  maximum  amount of time that an idle Postfix daemon process
              waits for the next service request before exiting.

       max_use (100)
              The maximal number  of  connection  requests  before  a  Postfix
              daemon process terminates.

       process_id (read-only)
              The process ID of a Postfix command or daemon process.

       process_name (read-only)
              The process name of a Postfix command or daemon process.

       proxy_read_maps (seepostconf -doutput)
              The  lookup  tables  that  the  proxymap(8) server is allowed to


       postconf(5), configuration parameters
       master(5), generic daemon options


       Use "postconf readme_directory" or "postconf html_directory" to  locate
       this information.
       DATABASE_README, Postfix lookup table overview


       The Secure Mailer license must be distributed with this software.


       The proxymap service was introduced with Postfix 2.0.


       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA