Postfix manual - postfix-non-bdb(1)

POSTFIX-NON-BDB(1)                                          POSTFIX-NON-BDB(1)

NAME
       postfix-non-bdb - Postfix non-Berkeley-DB migration

SYNOPSIS
       postfix non-bdb subcommand

DESCRIPTION
       The  "postfix  non-bdb subcommand" feature edits main.cf and master.cf,
       to manage the migration of an existing Postfix configuration that  uses
       Berkeley  DB  type "hash:" or "btree:" tables (which are no longer sup-
       ported on some OS distributions), to supported types such as "cdb:"  or
       "lmdb:".

       The following subcommands are available:

       status Reports the non-Berkeley-DB migration status, without making any
              changes.

       disable
              Edits main.cf and master.cf, to turn off the enable-redirect and
              enable-reindex features.

              This  will break integration with other software such as mailman
              versions from before May 2025 when they  want  to  use  "postmap
              hash:/path/to/file", for example, to update a mailman-maintained
              table.

       enable-redirect (aliasing)
              Edits main.cf and master.cf, to  enable  redirection  (aliasing)
              from Berkeley DB types "hash" and "btree" to the non-Berkeley-DB
              types     specified     with     $default_database_type      and
              $default_cache_db_type.  Custom  redirection  may  be configured
              with non_bdb_custom_mapping.

              This configuration will not automatically create non-Berkeley-DB
              indexed  database  files.  Instead, Postfix programs will log an
              error as they fail to open an indexed database  file,  and  will
              leave  it  to  the  system  administrator  to  run postmap(1) or
              postalias(1) to create that file.

              This will fix integration with other software  such  as  mailman
              versions  from  before  May  2025 when they want to use "postmap
              hash:/path/to/file", for example, to update a mailman-maintained
              table.

              This  subcommand  will  not  make any changes when default_data-
              base_type or default_cache_db_type specify  a  hash:  or  btree:
              type.

       enable-reindex
              Edits  main.cf  and master.cf, to implement enable-redirect, and
              to automatically create a non-Berkeley-DB indexed database  file
              when  a  daemon program wants to access a file that does not yet
              exist. This uses the nbdb_reindexd(8) daemon to  run  postmap(1)
              or postalias(1) as described in "SECURITY" below.

              This  subcommand  immediately  generates non-Berkeley-DB indexed
              files for unprivileged command-line programs  that  cannot  send
              requests  to  the  nbdb_reindexd(8) daemon server. This involves
              "hash:" and "btree:" tables that are used  by  postqueue(1)  and
              sendmail(1)  as  specified  in authorized_flush_users and autho-
              rized_mailq_users, and by sendmail(1) and postdrop(1) as  speci-
              fied in authorized_submit_users and local_login_sender_maps.

              This  subcommand  will  not  make any changes when default_data-
              base_type or default_cache_db_type specify  a  hash:  or  btree:
              type.

              NOTE: enable-reindex should be used only temporarily to generate
              most of the non-Berkeley-DB indexed files  that  Postfix  needs.
              Leaving  this enabled may expose the system to privilege-escala-
              tion  attacks.  There  are  no  security  concerns   for   using
              enable-redirect.

SECURITY
       The  nbdb_reindexd(8)  daemon automatically generates a non-Berkeley-DB
       indexed file only if the database pathname matches the  directory  pre-
       fixes  specified  with non_bdb_migration_allow_root_prefixes (for files
       that must be owned by root), or with  non_bdb_migration_allow_user_pre-
       fixes  (for  files  that  must be owned by a non-root user). Additional
       restrictions on file and directory ownership and permissions are  docu-
       mented in nbdb_reindexd(8).

CONFIGURATION PARAMETERS
       The "postfix non-bdb subcommand" feature updates the following configu-
       ration parameter:

       non_bdb_migration_level (disable)
              The non-Berkeley-DB migration service level.

       Other relevant parameters:

       non_bdb_custom_mapping (empty)
              When non-Berkeley-DB migration is enabled, an  optional  mapping
              from a hash: or btree: type to a non-Berkeley-DB type.

       non_bdb_migration_allow_root_prefixes  (see 'postconf -d non_bdb_migra-
       tion_allow_root_prefixes' output)
              A  list  of  trusted pathname prefixes that must be matched when
              the non-Berkeley-DB migration service  (nbdb_reindexd(8))  needs
              to  run  postmap(1)  or postalias(1) commands with "root" privi-
              lege.

       non_bdb_migration_allow_user_prefixes (see 'postconf -d  non_bdb_migra-
       tion_allow_user_prefixes' output)
              A list of trusted pathname prefixes that must  be  matched  when
              the  non-Berkeley-DB  migration service (nbdb_reindexd(8)) needs
              to run postmap(1) or postalias(1) commands with non-root  privi-
              lege.

SEE ALSO
       nbdb_reindexd(8) reindexing service

README FILES
       NON_BERKELEYDB_README, migration guide

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The "postfix non-bdb" command was introduced with Postfix version 3.11.

AUTHOR(S)
       Wietse Venema
       porcupine.org

                                                            POSTFIX-NON-BDB(1)