This file is indexed.

/usr/share/doc/postfix/html/proxymap.8.html is in postfix-doc 3.3.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - proxymap(8) </title>
</head> <body> <pre>
PROXYMAP(8)                                                        PROXYMAP(8)

<b>NAME</b>
       proxymap - Postfix lookup table proxy server

<b>SYNOPSIS</b>
       <b>proxymap</b> [generic Postfix daemon options]

<b>DESCRIPTION</b>
       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  provides read-only or read-write table lookup
       service to Postfix processes. These services are implemented with  dis-
       tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose
       of these services is:

       <b>o</b>      To overcome chroot restrictions. For example,  a  chrooted  SMTP
              server needs access to the system passwd file in order to reject
              mail for non-existent local addresses, but it is  not  practical
              to  maintain  a copy of the passwd file in the chroot jail.  The
              solution:

              <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
                  <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>

       <b>o</b>      To consolidate the number of open lookup tables by  sharing  one
              open  table  among multiple processes. For example, making mysql
              connections from every Postfix daemon process  results  in  "too
              many connections" errors. The solution:

              <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
                  <a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf

              The  total  number  of  connections  is limited by the number of
              proxymap server processes.

       <b>o</b>      To provide single-updater functionality for lookup  tables  that
              do  not  reliably  support multiple writers (i.e. all file-based
              tables).

       The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:

       <b>open</b> <i>maptype:mapname flags</i>
              Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled
              by  <i>flags</i>.  The  reply  includes the <i>maptype</i> dependent flags (to
              distinguish a fixed string table from a regular  expression  ta-
              ble).

       <b>lookup</b> <i>maptype:mapname flags key</i>
              Look  up  the data stored under the requested key.  The reply is
              the request completion status code and the lookup result  value.
              The  <i>maptype:mapname</i>  and  <i>flags</i>  are  the same as with the <b>open</b>
              request.

       <b>update</b> <i>maptype:mapname flags key value</i>
              Update the data stored under the requested key.   The  reply  is
              the  request  completion  status  code.  The <i>maptype:mapname</i> and
              <i>flags</i> are the same as with the <b>open</b> request.

              To implement single-updater maps, specify a process limit  of  1
              in the <a href="master.5.html">master.cf</a> file entry for the <b>proxywrite</b> service.

              This request is supported in Postfix 2.5 and later.

       <b>delete</b> <i>maptype:mapname flags key</i>
              Delete  the  data  stored under the requested key.  The reply is
              the request completion status  code.   The  <i>maptype:mapname</i>  and
              <i>flags</i> are the same as with the <b>open</b> request.

              This request is supported in Postfix 2.5 and later.

       <b>sequence</b> <i>maptype:mapname flags function</i>
              Iterate  over  the  specified  database.  The <i>function</i> is one of
              DICT_SEQ_FUN_FIRST  or  DICT_SEQ_FUN_NEXT.   The  reply  is  the
              request  completion  status  code  and  a  lookup key and result
              value, if found.

              This request is supported in Postfix 2.9 and later.

       The request completion status is one of OK, RETRY, NOKEY (lookup failed
       because  the  key  was not found), BAD (malformed request) or DENY (the
       table is not approved for proxy read or update access).

       There is no <b>close</b> command, nor are  tables  implicitly  closed  when  a
       client  disconnects.  The  purpose  is  to  share tables among multiple
       client processes.

<b>SERVER PROCESS MANAGEMENT</b>
       <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a>  server.
       Each  server  can  handle  multiple simultaneous connections.  When all
       servers are busy while a client connects, the <a href="master.8.html"><b>master</b>(8)</a> creates  a  new
       <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  process,  provided  that  the process limit is not
       exceeded.  Each server  terminates  after  serving  at  least  <b>$<a href="postconf.5.html#max_use">max_use</a></b>
       clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.

<b>SECURITY</b>
       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  opens  only  tables that are approved via the
       <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does  not
       talk  to  users,  and  can run at fixed low privilege, chrooted or not.
       However, running the proxymap server chrooted severely  limits  usabil-
       ity, because it can open only chrooted tables.

       The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be
       used to look up sensitive information such as UNIX user or  group  IDs,
       mailbox file/directory names or external commands.

       In  Postfix  version  2.2  and  later,  the  proxymap client recognizes
       requests to access a table for security-sensitive purposes,  and  opens
       the  table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by
       sensitive and non-sensitive processes.

       Postfix-writable data files should be stored under a  dedicated  direc-
       tory  that  is  writable  only  by the Postfix mail system, such as the
       Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.

       In particular, Postfix-writable files should never exist in  root-owned
       directories.  That  would  open  up  a particular type of security hole
       where ownership of a file or directory does not match the  provider  of
       its content.

<b>DIAGNOSTICS</b>
       Problems and transactions are logged to <b>syslogd</b>(8).

<b>BUGS</b>
       The  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server provides service to multiple clients, and must
       therefore not be used for tables that have high-latency lookups.

       The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does  not  explicitly  close  lookup
       tables  (even  if  it  did,  this  could  not be relied on, because the
       process may be terminated between table updates).  The read-write  ser-
       vice  should  therefore  not  be used with tables that leave persistent
       storage in an inconsistent state between updates  (for  example,  CDB).
       Tables  that  support  "sync  on  update"  should be safe (for example,
       Berkeley DB) as should tables that are implemented by a real DBMS.

<b>CONFIGURATION PARAMETERS</b>
       On busy mail systems a long time may pass before  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  relevant
       changes  to  <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the command "<b>postfix reload</b>" to
       speed up a change.

       The text below provides only a parameter summary. See  <a href="postconf.5.html"><b>postconf</b>(5)</a>  for
       more details including examples.

       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
              figuration files.

       <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
              The directory with Postfix-writable  data  files  (for  example:
              caches, pseudo-random numbers).

       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
              How  much  time  a  Postfix  daemon process may take to handle a
              request before it is terminated by a built-in watchdog timer.

       <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
              The time limit for sending  or  receiving  information  over  an
              internal communication channel.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
              The  maximum  amount of time that an idle Postfix daemon process
              waits for an incoming connection before terminating voluntarily.

       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
              The maximal number of incoming connections that a Postfix daemon
              process will service before terminating voluntarily.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
              The process ID of a Postfix command or daemon process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
              The process name of a Postfix command or daemon process.

       <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
              The lookup tables that the  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  is  allowed  to
              access for the read-only service.

       Available in Postfix 2.5 and later:

       <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
              The  directory  with  Postfix-writable  data files (for example:
              caches, pseudo-random numbers).

       <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b>
              The lookup tables that the  <a href="proxymap.8.html"><b>proxymap</b>(8)</a>  server  is  allowed  to
              access for the read-write service.

       Available in Postfix 3.3 and later:

       <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
              The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.

<b>SEE ALSO</b>
       <a href="postconf.5.html">postconf(5)</a>, configuration parameters
       <a href="master.5.html">master(5)</a>, generic daemon options

<b>README FILES</b>
       <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview

<b>LICENSE</b>
       The Secure Mailer license must be distributed with this software.

<b>HISTORY</b>
       The proxymap service was introduced with Postfix 2.0.

<b>AUTHOR(S)</b>
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

                                                                   PROXYMAP(8)
</pre> </body> </html>