memcache_table(category14-security-amp-firewalls.html) - phpMan

MEMCACHE_TABLE(5)             File Formats Manual            MEMCACHE_TABLE(5)
NAME
       memcache_table - Postfix memcache client configuration
SYNOPSIS
       postmap -q "string" memcache:/etc/postfix/filename
       postmap -q - memcache:/etc/postfix/filename <inputfile
DESCRIPTION
       The  Postfix  mail system uses optional tables for address rewriting or
       mail routing. These tables are usually in dbm or db format.
       Alternatively, lookup tables can be specified  as  memcache  instances.
       To  use memcache lookups, define a memcache source as a lookup table in
       main.cf, for example:
           virtual_alias_maps = memcache:/etc/postfix/memcache-aliases.cf
       The file /etc/postfix/memcache-aliases.cf has the same  format  as  the
       Postfix main.cf file, and specifies the parameters described below.
       The  Postfix  memcache  client  supports the lookup, update, delete and
       sequence (first/next) operations. The  sequence  operation  requires  a
       backup database that supports the operation.
MEMCACHE MAIN PARAMETERS
       memcache (default: inet:localhost:11211)
              The  memcache  server  (note: singular) that Postfix will try to
              connect to.  For a TCP server  specify  "inet:"  followed  by  a
              hostname or address, ":", and a port name or number.  Specify an
              IPv6 address inside "[]".   For  a  UNIX-domain  server  specify
              "unix:" followed by the socket pathname. Examples:
                  memcache = inet:memcache.example.com:11211
                  memcache = inet:127.0.0.1:11211
                  memcache = inet:[fc00:8d00:189::3]:11211
                  memcache = unix:/path/to/socket
              NOTE:  to  access  a  UNIX-domain  socket  with  the proxymap(8)
              server, the socket must be accessible by the unprivileged  post-
              fix user.
       backup (default: undefined)
              An optional Postfix database that provides persistent backup for
              the memcache database. The Postfix memcache client  will  update
              the  memcache  database whenever it looks up or changes informa-
              tion in the persistent database. Specify a Postfix  "type:table"
              database. Examples:
                  # Non-shared postscreen cache.
                  backup = btree:/var/lib/postfix/postscreen_cache_map
                  # Shared postscreen cache for processes on the same host.
                  backup = proxy:btree:/var/lib/postfix/postscreen_cache_map
              Access to remote proxymap servers is under development.
              NOTE  1:  When  sharing  a persistent postscreen(8) or verify(8)
              cache,     disable     automatic     cache     cleanup      (set
              *_cache_cleanup_interval  =  0) except with one Postfix instance
              that will be responsible for cache cleanup.
              NOTE 2: When multiple tables share the same  memcache  database,
              each  table  should  use  the  key_format feature (see below) to
              prepend its own unique string to  the  lookup  key.   Otherwise,
              automatic postscreen(8) or verify(8) cache cleanup may not work.
              NOTE  3:  When  the  backup  database  is accessed with "proxy:"
              lookups, the full backup database name (including  the  "proxy:"
              prefix)   must   be   specified   in   the   proxymap   server's
              proxy_read_maps  or  proxy_write_maps  setting   (depending   on
              whether the access is read-only or read-write).
       flags (default: 0)
              Optional  flags  that  should  be  stored  along with a memcache
              update. The flags are ignored when looking up information.
       ttl (default: 3600)
              The expiration time in seconds of memcache updates.
              NOTE 1: When using a memcache table  as  postscreen(8)  or  ver-
              ify(8)   cache   without   persistent  backup,  specify  a  zero
              *_cache_cleanup_interval value with all Postfix  instances  that
              use  the  memcache,  and specify the largest postscreen(8) *_ttl
              value or verify(8) *_expire_time value as the  memcache  table's
              ttl value.
              NOTE  2:  According  to memcache protocol documentation, a value
              greater than 30 days (2592000 seconds) specifies  absolute  UNIX
              time. Smaller values are relative to the time of the update.
MEMCACHE KEY PARAMETERS
       key_format (default: %s)
              Format  of  the lookup and update keys that the Postfix memcache
              client sends to the memcache server.  By default, these are  the
              same  as  the  lookup  and  update keys that the memcache client
              receives from Postfix applications.
              NOTE 1: The key_format feature is not used for  backup  database
              requests.
              NOTE  2:  When multiple tables share the same memcache database,
              each table should prepend its own unique string  to  the  lookup
              key.   Otherwise,  automatic  postscreen(8)  or  verify(8) cache
              cleanup may not work.
              Examples:
                  key_format = aliases:%s
                  key_format = verify:%s
                  key_format = postscreen:%s
              The key_format parameter supports the following '%' expansions:
              %%     This is replaced by a literal '%' character.
              %s     This is replaced by the memcache client input key.
              %u     When the input key is an address of the form user@domain,
                     %u  is  replaced  by  the  SQL  quoted  local part of the
                     address.  Otherwise, %u is replaced by the entire  search
                     string.   If the localpart is empty, a lookup is silently
                     suppressed and returns no results (an update  is  skipped
                     with a warning).
              %d     When the input key is an address of the form user@domain,
                     %d is replaced by the domain part of the address.  Other-
                     wise,  a  lookup  is  silently  suppressed and returns no
                     results (an update is skipped with a warning).
              %[SUD] The upper-case equivalents of the above expansions behave
                     in   the   key_format   parameter  identically  to  their
                     lower-case counter-parts.
              %[1-9] The patterns %1, %2, ... %9 are replaced  by  the  corre-
                     sponding  most  significant  component of the input key's
                     domain. If the input key is  user AT mail.com,  then
                     %1 is com, %2 is example and %3 is mail. If the input key
                     is unqualified or does not have enough domain  components
                     to  satisfy  all  the  specified  patterns,  a  lookup is
                     silently suppressed and returns no results (an update  is
                     skipped with a warning).
       domain (default: no domain list)
              This  feature  can  significantly  reduce  database server load.
              Specify a list of domain names, paths to files, or  "type:table"
              databases.   When  specified,  only  fully qualified search keys
              with a *non-empty* localpart and a matching domain are  eligible
              for  lookup  or update: bare 'user' lookups, bare domain lookups
              and "@domain" lookups are silently skipped (updates are  skipped
              with a warning).  Example:
                  domain = example.com, hash:/etc/postfix/searchdomains
MEMCACHE ERROR CONTROLS
       data_size_limit (default: 10240)
              The maximal memcache reply data length in bytes.
       line_size_limit (default: 1024)
              The maximal memcache reply line length in bytes.
       max_try (default: 2)
              The  number of times to try a memcache command before giving up.
              The memcache client does not retry a command when  the  memcache
              server accepts no connection.
       retry_pause (default: 1)
              The time in seconds before retrying a failed memcache command.
       timeout (default: 2)
              The  time limit for sending a memcache command and for receiving
              a memcache reply.
BUGS
       The Postfix memcache  client  cannot  be  used  for  security-sensitive
       tables such as alias_maps (these may contain "|command and "/file/name"
       destinations), or virtual_uid_maps, virtual_gid_maps and  virtual_mail-
       box_maps  (these specify UNIX process privileges or "/file/name" desti-
       nations).  In a typical deployment a memcache database is  writable  by
       any  process  that  can talk to the memcache server; in contrast, secu-
       rity-sensitive tables must never be writable by the unprivileged  Post-
       fix user.
       The Postfix memcache client requires additional configuration when used
       as postscreen(8) or verify(8) cache.  For details see  the  backup  and
       ttl  parameter  discussions  in  the  MEMCACHE  MAIN PARAMETERS section
       above.
SEE ALSO
       postmap(1), Postfix lookup table manager
       postconf(5), configuration parameters
README FILES
       Use "postconf readme_directory" or "postconf html_directory" to  locate
       this information.
       DATABASE_README, Postfix lookup table overview
       MEMCACHE_README, Postfix memcache client guide
LICENSE
       The Secure Mailer license must be distributed with this software.
HISTORY
       Memcache support was introduced with Postfix version 2.9.
AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA
       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA
                                                             MEMCACHE_TABLE(5)