spawn - Postfix external command spawner
spawn [generic Postfix daemon options] command_attributes...
The spawn(8) daemon provides the Postfix equivalent of inetd. It
  listens on a port as specified in the Postfix master.cf file and spawns
  an external command whenever a connection is established. The connection can
  be made over local IPC (such as UNIX-domain sockets) or over non-local IPC
  (such as TCP sockets). The command's standard input, output and error streams
  are connected directly to the communication endpoint.
This daemon expects to be run from the master(8) process
    manager.
The external command attributes are given in the master.cf file at the
  end of a service definition. The syntax is as follows:
  - user=username (required)
- user=username:groupname
- The external command is executed with the rights of the specified
      username. The software refuses to execute commands with root
      privileges, or with the privileges of the mail system owner. If
      groupname is specified, the corresponding group ID is used instead
      of the group ID of username.
- argv=command... (required)
- The command to be executed. This must be specified as the last command
      attribute. The command is executed directly, i.e. without interpretation
      of shell meta characters by a shell command interpreter.
In order to enforce standard Postfix process resource controls, the
  spawn(8) daemon runs only one external command at a time. As such, it
  presents a noticeable overhead by wasting precious process resources. The
  spawn(8) daemon is expected to be replaced by a more structural
  solution.
The spawn(8) daemon reports abnormal child exits. Problems are logged to
  syslogd(8) or postlogd(8).
This program needs root privilege in order to execute external commands as the
  specified user. It is therefore security sensitive. However the
  spawn(8) daemon does not talk to the external command and thus is not
  vulnerable to data-driven attacks.
Changes to main.cf are picked up automatically as spawn(8)
  processes run for only a limited amount of time. Use the command
  "postfix reload" to speed up a change.
The text below provides only a parameter summary. See
    postconf(5) for more details including examples.
In the text below, transport is the first field of the
    entry in the master.cf file.
  - transport_time_limit ($command_time_limit)
- A transport-specific override for the command_time_limit parameter value,
      where transport is the master.cf name of the message delivery
      transport.
  - config_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and master.cf configuration
      files.
- daemon_timeout (18000s)
- How much time a Postfix daemon process may take to handle a request before
      it is terminated by a built-in watchdog timer.
- export_environment (see 'postconf -d' output)
- The list of environment variables that a Postfix process will export to
      non-Postfix processes.
- ipc_timeout (3600s)
- The time limit for sending or receiving information over an internal
      communication channel.
- mail_owner (postfix)
- The UNIX system account that owns the Postfix queue and most Postfix
      daemon processes.
- max_idle (100s)
- The maximum amount of time that an idle Postfix daemon process waits for
      an incoming connection before terminating voluntarily.
- max_use (100)
- The maximal number of incoming connections that a Postfix daemon process
      will service before terminating voluntarily.
- process_id (read-only)
- The process ID of a Postfix command or daemon process.
- process_name (read-only)
- The process name of a Postfix command or daemon process.
- queue_directory (see 'postconf -d' output)
- The location of the Postfix top-level queue directory.
- syslog_facility (mail)
- The syslog facility of Postfix logging.
- syslog_name (see 'postconf -d' output)
- A prefix that is prepended to the process name in syslog records, so that,
      for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.3 and later:
  - service_name (read-only)
- The master.cf service name of a Postfix daemon process.
postconf(5), configuration parameters
master(8), process manager
postlogd(8), Postfix logging
syslogd(8), system logging
The Secure Mailer license must be distributed with this software.
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA