minix/netbsd
1
0
Fork 0
mirror of https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git synced 2025-09-07 22:29:21 -04:00
Code Issues Packages Projects Releases Wiki Activity
netbsd/external/ibm-public/postfix/dist/html/tlsmgr.8.html
Lionel Sambuc 58d5f9a2a4 2012/10/17 12:00:00 UTC
2013-04-06 16:48:33 +02:00

196 lines
9.8 KiB
HTML
Raw Blame History

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - tlsmgr(8) </title>
</head> <body> <pre>
TLSMGR(8) TLSMGR(8)
<b>NAME</b>
tlsmgr - Postfix TLS session cache and PRNG manager
<b>SYNOPSIS</b>
<b>tlsmgr</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> manages the Postfix TLS session caches. It
stores and retrieves cache entries on request by <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes, and periodically removes entries
that have expired.
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> also manages the PRNG (pseudo random number
generator) pool. It answers queries by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and
<a href="smtp.8.html"><b>smtp</b>(8)</a> processes to seed their internal PRNG pools.
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>'s PRNG pool is initially seeded from an
external source (EGD, /dev/urandom, or regular file). It
is updated at configurable pseudo-random intervals with
data from the external source. It is updated periodically
with data from TLS session cache entries and with the time
of day, and is updated with the time of day whenever a
process requests <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service.
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> saves the PRNG state to an exchange file
periodically and when the process terminates, and reads
the exchange file when initializing its PRNG.
<b>SECURITY</b>
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is not security-sensitive. The code that
maintains the external and internal PRNG pools does not
"trust" the data that it manipulates, and the code that
maintains the TLS session cache does not touch the con-
tents of the cached entries, except for seeding its inter-
nal PRNG pool.
The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> can be run chrooted and with reduced privi-
leges. At process startup it connects to the entropy
source and exchange file, and creates or truncates the
optional TLS session cache files.
With Postfix version 2.5 and later, the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> no
longer uses root privileges when opening cache files.
These files should now be stored under the Postfix-owned
<b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt to open a
cache file under a non-Postfix directory is redirected to
the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to the syslog daemon.
<b>BUGS</b>
There is no automatic means to limit the number of entries
in the TLS session caches and/or the size of the TLS cache
files.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically,
because <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is a persistent processes. Use the com-
mand "<b>postfix reload</b>" after a configuration change.
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b>TLS SESSION CACHE</b>
<b><a href="postconf.5.html#lmtp_tls_loglevel">lmtp_tls_loglevel</a> (0)</b>
The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>
configuration parameter.
<b><a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> (empty)</b>
The LMTP-specific version of the smtp_tls_ses-
sion_cache_database configuration parameter.
<b><a href="postconf.5.html#lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> (3600s)</b>
The LMTP-specific version of the smtp_tls_ses-
sion_cache_timeout configuration parameter.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
The expiration time of Postfix SMTP client TLS ses-
sion cache information.
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP server logging of
TLS activity.
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
SMTP server TLS session cache.
<b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
The expiration time of Postfix SMTP server TLS ses-
sion cache information.
<b>PSEUDO RANDOM NUMBER GENERATOR</b>
<b><a href="postconf.5.html#tls_random_source">tls_random_source</a> (see 'postconf -d' output)</b>
The external entropy source for the in-memory
<a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> pseudo random number generator (PRNG)
pool.
<b><a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> (32)</b>
The number of bytes that <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> reads from
$<a href="postconf.5.html#tls_random_source">tls_random_source</a> when (re)seeding the in-memory
pseudo random number generator (PRNG) pool.
<b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (see 'postconf -d' output)</b>
Name of the pseudo random number generator (PRNG)
state file that is maintained by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>.
<b><a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> (3600s)</b>
The time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to save the
state of the pseudo random number generator (PRNG)
to the file specified with $<a href="postconf.5.html#tls_random_exchange_name">tls_ran</a>-
<a href="postconf.5.html#tls_random_exchange_name">dom_exchange_name</a>.
<b><a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> (3600s)</b>
The maximal time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to
re-seed the in-memory pseudo random number genera-
tor (PRNG) pool from external sources.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix-writable data files (for
example: caches, pseudo-random numbers).
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
<a href="smtp.8.html">smtp(8)</a>, Postfix SMTP client
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<b>README FILES</b>
<a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Lutz Jaenicke
BTU Cottbus
Allgemeine Elektrotechnik
Universitaetsplatz 3-4
D-03044 Cottbus, Germany
Adapted by:
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
TLSMGR(8)
</pre> </body> </html>
Reference in New Issue View Git Blame Copy Permalink