POSTFIX-NON-BDB(1)          General Commands Manual         POSTFIX-NON-BDB(1)


NAME
       postfix-non-bdb - Postfix non-Berkeley-DB migration

SYNOPSIS
       postfix non-bdb subcommand

DESCRIPTION
       The "postfix non-bdb subcommand" feature edits main.cf and master.cf,
       to manage the migration of an existing Postfix configuration that uses
       Berkeley DB type "hash:" or "btree:" tables (which are no longer
       supported on some OS distributions), to supported types such as "cdb:"
       or "lmdb:".

       The following subcommands are available:

       status Reports the non-Berkeley-DB migration status, without making any
              changes.

       disable
              Edits main.cf and master.cf, to turn off the enable-redirect and
              enable-reindex features.

              This will break integration with other software such as mailman
              versions from before May 2025 when they want to use "postmap
              hash:/path/to/file", for example, to update a mailman-maintained
              table.

       enable-redirect (aliasing)
              Edits main.cf and master.cf, to enable redirection (aliasing)
              from Berkeley DB types "hash" and "btree" to the non-Berkeley-DB
              types specified with $default_database_type and
              $default_cache_db_type. Custom redirection may be configured
              with non_bdb_custom_mapping.

              This configuration will not automatically create non-Berkeley-DB
              indexed database files. Instead, Postfix programs will log an
              error as they fail to open an indexed database file, and will
              leave it to the system administrator to run postmap(1) or
              postalias(1) to create that file.

              This will fix integration with other software such as mailman
              versions from before May 2025 when they want to use "postmap
              hash:/path/to/file", for example, to update a mailman-maintained
              table.

              This subcommand will not make any changes when
              default_database_type or default_cache_db_type specify a hash:
              or btree: type.

       enable-reindex
              Edits main.cf and master.cf, to implement enable-redirect, and
              to automatically create a non-Berkeley-DB indexed database file
              when a daemon program wants to access a file that does not yet
              exist. This uses the nbdb_reindexd(8) daemon to run postmap(1)
              or postalias(1) as described in "SECURITY" below.

              This subcommand immediately generates non-Berkeley-DB indexed
              files for unprivileged command-line programs that cannot send
              requests to the nbdb_reindexd(8) daemon server. This involves
              "hash:" and "btree:" tables that are used by postqueue(1) and
              sendmail(1) as specified in authorized_flush_users and
              authorized_mailq_users, and by sendmail(1) and postdrop(1) as
              specified in authorized_submit_users and
              local_login_sender_maps.

              This subcommand will not make any changes when
              default_database_type or default_cache_db_type specify a hash:
              or btree: type.

              NOTE: enable-reindex should be used only temporarily to generate
              most of the non-Berkeley-DB indexed files that Postfix needs.
              Leaving this enabled may expose the system to
              privilege-escalation attacks. There are no security concerns for
              using enable-redirect.

SECURITY
       The nbdb_reindexd(8) daemon automatically generates a non-Berkeley-DB
       indexed file only if the database pathname matches the directory
       prefixes specified with non_bdb_migration_allow_root_prefixes (for
       files that must be owned by root), or with
       non_bdb_migration_allow_user_prefixes (for files that must be owned by
       a non-root user). Additional restrictions on file and directory
       ownership and permissions are documented in nbdb_reindexd(8).

CONFIGURATION PARAMETERS
       The "postfix non-bdb subcommand" feature updates the following
       configuration parameter:

       non_bdb_migration_level (disable)
              The non-Berkeley-DB migration service level.

       Other relevant parameters:

       non_bdb_custom_mapping (empty)
              When non-Berkeley-DB migration is enabled, an optional mapping
              from a hash: or btree: type to a non-Berkeley-DB type.

       non_bdb_migration_allow_root_prefixes (see 'postconf -d
       non_bdb_migration_allow_root_prefixes' output)
              A list of trusted pathname prefixes that must be matched when
              the non-Berkeley-DB migration service (nbdb_reindexd(8)) needs
              to run postmap(1) or postalias(1) commands with "root"
              privilege.

       non_bdb_migration_allow_user_prefixes (see 'postconf -d
       non_bdb_migration_allow_user_prefixes' output)
              A list of trusted pathname prefixes that must be matched when
              the non-Berkeley-DB migration service (nbdb_reindexd(8)) needs
              to run postmap(1) or postalias(1) commands with non-root
              privilege.

SEE ALSO
       nbdb_reindexd(8) reindexing service

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate
       this information.
       NON_BERKELEYDB_README, migration guide

LICENSE
       The Secure Mailer license must be distributed with this software.

HISTORY
       The "postfix non-bdb" command was introduced with Postfix version 3.11.

AUTHOR(S)
       Wietse Venema
       porcupine.org

                                                            POSTFIX-NON-BDB(1)