diff --git a/postfix/HISTORY b/postfix/HISTORY
index f5d857a0e..99bd24ab2 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23072,3 +23072,26 @@ Apologies for any names omitted.
Cleanup: don't log the 'delay_dotcrlf' workaround for CISCO
PIX bugs before the smtp_pix_workaround_threshold_time has
passed. Reported by Ralf Hildebrandt. File: smtp/smtp_proto.c.
+
+20170727
+
+ Cleanup: the postconf command now uses mechanically-generated
+ lists of DBMS parameter names. This eliminates false positives
+ with mysql databases. Files: postconf/Makefile.in,
+ postconf/extract_cfg.sh, postconf/postconf_dbms.c.
+
+ Cleanup: removed `#if 0/#endif' dead code from dict_ldap.c,
+ to avoid spurious output from the extract_cfg.sh parameter name
+ extraction tool.
+
+20170728
+
+ Documentation: added warnings that "enable_original_recipient
+ = no" prevents Postfix from saving the address verification
+ result under the original probe destination address, if it
+ is changed by aliasing or canonical mapping. Files:
+ proto/ADDRESS_VERIFICATION_README.html, proto/postconf.proto.
+
+ Cleanup: don't store an empty address in the verify cache
+ (this could happen with "enable_original_recipient = no").
+ File: global/verify.c.
diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README
index 1374a8a28..ab2d0625b 100644
--- a/postfix/README_FILES/ADDRESS_VERIFICATION_README
+++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README
@@ -47,11 +47,9 @@ could include the Postfix MTA itself, or some remote MTAs (SMTP interruptus).
Probe messages are like normal mail, except that they are never delivered,
deferred or bounced; probe messages are always discarded.
-
probe Postfix
message -> mail
- queue
- Postfix Postfix ->
+ Postfix Postfix -> queue
Internet -> SMTP <-> verify
server server |
v
@@ -62,7 +60,6 @@ deferred or bounced; probe messages are always discarded.
^
|
v
-
Address
verification
@@ -167,6 +164,11 @@ same address repeatedly.
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the recipient address verification result under
+ # the original address, when the address verification probe
+ # message goes through address aliasing or canonical mapping.
+
The "reject_unknown_recipient_domain" restriction blocks mail for non-existent
domains. Putting this before "reject_unverified_recipient" avoids the overhead
of generating unnecessary probe messages.
@@ -207,6 +209,11 @@ verification for specific domains that often appear in forged email.
# Note 2: Avoid hash files here. Use btree or lmdb instead.
address_verify_map = btree:/var/lib/postfix/verify
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the sender address verification result under the
+ # original address, when the address verification probe message
+ # goes through address aliasing or canonical mapping.
+
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com reject_unverified_sender
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 103de3e75..f0e3a4eed 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -27,7 +27,8 @@ Wish list:
with a compatibility_level safety net.
In the bounce daemon, set util_utf8_enable if returning an
- SMTPUTF8 message.
+ SMTPUTF8 message. This is wrong; if SMTPUTF8 is disabled,
+ then Postfix must not turn it on.
Add a header_body_checks extension callback in smtp_proto.c
that implements the PASS action.
diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html
index c1b431cf5..58cb7e1ec 100644
--- a/postfix/html/ADDRESS_VERIFICATION_README.html
+++ b/postfix/html/ADDRESS_VERIFICATION_README.html
@@ -298,6 +298,11 @@ the same address repeatedly.
...
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed
+
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the recipient address verification result under
+ # the original address, when the address verification probe
+ # message goes through address aliasing or canonical mapping.
@@ -348,6 +353,11 @@ in forged email.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree or lmdb instead.
address_verify_map = btree:/var/lib/postfix/verify
+
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the sender address verification result under the
+ # original address, when the address verification probe message
+ # goes through address aliasing or canonical mapping.
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 24ca39583..3ae17d396 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -3203,22 +3203,39 @@ name changes.
enable_original_recipient
(default: yes)
- Enable support for the X-Original-To message header. This header
-is needed for multi-recipient mailboxes.
+ Enable support to save the original address if a recipient address
+is rewritten to a different address (for example with an alias or with
+canonical mapping).
- When this parameter is set to yes, the cleanup(8) daemon performs
-duplicate elimination on distinct pairs of (original recipient,
-rewritten recipient), and generates non-empty original recipient
-queue file records.
+ The original recipient address is used as follows:
- When this parameter is set to no, the cleanup(8) daemon performs
+
+
+- X-Original-To message header
- When this parameter
+is set to yes, the original recipient address is stored in
+the X-Original-To message header. This header is needed to distinguish
+between different recipients that share the same mailbox.
+
+- Recipient deduplication
- When this parameter is set
+to yes, the cleanup(8) daemon performs duplicate elimination
+on distinct pairs of (original recipient, rewritten recipient), and
+generates non-empty original recipient queue file records. When
+this parameter is set to no, the cleanup(8) daemon performs
duplicate elimination on the rewritten recipient address only, and
-generates empty original recipient queue file records.
+generates empty original recipient queue file records.
- This feature is available in Postfix 2.1 and later. With Postfix
-version 2.0, support for the X-Original-To message header is always turned
-on. Postfix versions before 2.0 have no support for the X-Original-To
-message header.
+- Address verification
- When this parameter is set to
+yes, an addres verification result is stored under both the
+original and the final recipient address. When this parameter is
+set to no, an address verification result is stored only
+under the final recipient address.
+
+
+
+ This feature is available in Postfix 2.1 and later. Postfix
+version 2.0 behaves as if this parameter is always set to yes.
+Postfix versions before 2.0 have no support for the original recipient
+address.
@@ -15258,8 +15275,9 @@ numerical response code when an address probe failed due to a
temporary problem (default: 450).
The
unverified_recipient_tempfail_action parameter specifies the action
after address probe failure due to a temporary problem (default:
-defer_if_permit).
This feature is available in Postfix 2.1
-and later.
+defer_if_permit).
This feature breaks for aliased addresses
+when enable_original_recipient is set to "no".
This feature
+is available in Postfix 2.1 and later.
@@ -16002,8 +16020,9 @@ change into 550 when you are confident that it is safe to do so).
code when an address probe failed due to a temporary problem
(default: 450).
The unverified_sender_tempfail_action parameter
specifies the action after address probe failure due to a temporary
-problem (default: defer_if_permit).
This feature is available
-in Postfix 2.1 and later.
+problem (default: defer_if_permit).
This feature breaks for
+aliased addresses when enable_original_recipient is set to "no".
+
This feature is avaiable in Postfix 2.1 and later.
diff --git a/postfix/makedefs b/postfix/makedefs
index fde0548b6..4e2952b45 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -1,5 +1,8 @@
#!/bin/sh
+# To view the formatted manual page of this file, type:
+# POSTFIXSOURCE/mantools/srctoman - makedefs | nroff -man
+
#++
# NAME
# makedefs 1
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index c2a4e7018..38d336c29 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2007,22 +2007,39 @@ name changes.
.PP
This feature is available in Postfix 2.9 and later.
.SH enable_original_recipient (default: yes)
-Enable support for the X\-Original\-To message header. This header
-is needed for multi\-recipient mailboxes.
+Enable support to save the original address if a recipient address
+is rewritten to a different address (for example with an alias or with
+canonical mapping).
.PP
-When this parameter is set to yes, the \fBcleanup\fR(8) daemon performs
-duplicate elimination on distinct pairs of (original recipient,
-rewritten recipient), and generates non\-empty original recipient
-queue file records.
-.PP
-When this parameter is set to no, the \fBcleanup\fR(8) daemon performs
+The original recipient address is used as follows:
+.IP "X\-Original\-To message header"
+When this parameter
+is set to \fByes\fR, the original recipient address is stored in
+the X\-Original\-To message header. This header is needed to distinguish
+between different recipients that share the same mailbox.
+.br
+.IP "Recipient deduplication"
+When this parameter is set
+to \fByes\fR, the \fBcleanup\fR(8) daemon performs duplicate elimination
+on distinct pairs of (original recipient, rewritten recipient), and
+generates non\-empty original recipient queue file records. When
+this parameter is set to \fBno\fR, the \fBcleanup\fR(8) daemon performs
duplicate elimination on the rewritten recipient address only, and
generates empty original recipient queue file records.
+.br
+.IP "Address verification"
+When this parameter is set to
+\fByes\fR, an addres verification result is stored under both the
+original and the final recipient address. When this parameter is
+set to \fBno\fR, an address verification result is stored only
+under the final recipient address.
+.br
+.br
.PP
-This feature is available in Postfix 2.1 and later. With Postfix
-version 2.0, support for the X\-Original\-To message header is always turned
-on. Postfix versions before 2.0 have no support for the X\-Original\-To
-message header.
+This feature is available in Postfix 2.1 and later. Postfix
+version 2.0 behaves as if this parameter is always set to \fByes\fR.
+Postfix versions before 2.0 have no support for the original recipient
+address.
.SH error_notice_recipient (default: postmaster)
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
@@ -10254,8 +10271,11 @@ unverified_recipient_tempfail_action parameter specifies the action
after address probe failure due to a temporary problem (default:
defer_if_permit).
.br
-This feature is available in Postfix 2.1
-and later.
+This feature breaks for aliased addresses
+when enable_original_recipient is set to "no".
+.br
+This feature
+is available in Postfix 2.1 and later.
.br
.br
.PP
@@ -10834,8 +10854,10 @@ The unverified_sender_tempfail_action parameter
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit).
.br
-This feature is available
-in Postfix 2.1 and later.
+This feature breaks for
+aliased addresses when enable_original_recipient is set to "no".
+.br
+This feature is avaiable in Postfix 2.1 and later.
.br
.br
.PP
diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html
index 613eeb6fd..e5f4cea11 100644
--- a/postfix/proto/ADDRESS_VERIFICATION_README.html
+++ b/postfix/proto/ADDRESS_VERIFICATION_README.html
@@ -298,6 +298,11 @@ the same address repeatedly.
...
# Postfix 2.6 and later privacy feature.
# unverified_recipient_reject_reason = Address lookup failed
+
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the recipient address verification result under
+ # the original address, when the address verification probe
+ # message goes through address aliasing or canonical mapping.
@@ -348,6 +353,11 @@ in forged email.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree or lmdb instead.
address_verify_map = btree:/var/lib/postfix/verify
+
+ # Do not set enable_original_recipient=no. This prevents Postfix
+ # from saving the sender address verification result under the
+ # original address, when the address verification probe message
+ # goes through address aliasing or canonical mapping.
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index f8595a4e0..c2ca13b9b 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1402,22 +1402,39 @@ for showq(8) queue displays.
%PARAM enable_original_recipient yes
- Enable support for the X-Original-To message header. This header
-is needed for multi-recipient mailboxes.
+ Enable support to save the original address if a recipient address
+is rewritten to a different address (for example with an alias or with
+canonical mapping).
- When this parameter is set to yes, the cleanup(8) daemon performs
-duplicate elimination on distinct pairs of (original recipient,
-rewritten recipient), and generates non-empty original recipient
-queue file records.
+ The original recipient address is used as follows:
- When this parameter is set to no, the cleanup(8) daemon performs
+
+
+- X-Original-To message header
- When this parameter
+is set to yes, the original recipient address is stored in
+the X-Original-To message header. This header is needed to distinguish
+between different recipients that share the same mailbox.
+
+- Recipient deduplication
- When this parameter is set
+to yes, the cleanup(8) daemon performs duplicate elimination
+on distinct pairs of (original recipient, rewritten recipient), and
+generates non-empty original recipient queue file records. When
+this parameter is set to no, the cleanup(8) daemon performs
duplicate elimination on the rewritten recipient address only, and
-generates empty original recipient queue file records.
+generates empty original recipient queue file records.
- This feature is available in Postfix 2.1 and later. With Postfix
-version 2.0, support for the X-Original-To message header is always turned
-on. Postfix versions before 2.0 have no support for the X-Original-To
-message header.
+- Address verification
- When this parameter is set to
+yes, an addres verification result is stored under both the
+original and the final recipient address. When this parameter is
+set to no, an address verification result is stored only
+under the final recipient address.
+
+
+
+ This feature is available in Postfix 2.1 and later. Postfix
+version 2.0 behaves as if this parameter is always set to yes.
+Postfix versions before 2.0 have no support for the original recipient
+address.
%PARAM export_environment see "postconf -d" output
@@ -6121,8 +6138,9 @@ numerical response code when an address probe failed due to a
temporary problem (default: 450).
The
unverified_recipient_tempfail_action parameter specifies the action
after address probe failure due to a temporary problem (default:
-defer_if_permit).
This feature is available in Postfix 2.1
-and later.
+defer_if_permit).
This feature breaks for aliased addresses
+when enable_original_recipient is set to "no".
This feature
+is available in Postfix 2.1 and later.
@@ -6590,8 +6608,9 @@ change into 550 when you are confident that it is safe to do so).
code when an address probe failed due to a temporary problem
(default: 450).
The unverified_sender_tempfail_action parameter
specifies the action after address probe failure due to a temporary
-problem (default: defer_if_permit).
This feature is available
-in Postfix 2.1 and later.
+problem (default: defer_if_permit).
This feature breaks for
+aliased addresses when enable_original_recipient is set to "no".
+
This feature is avaiable in Postfix 2.1 and later.
diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c
index 3eda3bf95..9ee00bfcc 100644
--- a/postfix/src/global/dict_ldap.c
+++ b/postfix/src/global/dict_ldap.c
@@ -1352,10 +1352,10 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name)
* Optionally fold the key.
*/
if (dict->flags & DICT_FLAG_FOLD_FIX) {
- if (dict->fold_buf == 0)
- dict->fold_buf = vstring_alloc(10);
- vstring_strcpy(dict->fold_buf, name);
- name = lowercase(vstring_str(dict->fold_buf));
+ if (dict->fold_buf == 0)
+ dict->fold_buf = vstring_alloc(10);
+ vstring_strcpy(dict->fold_buf, name);
+ name = lowercase(vstring_str(dict->fold_buf));
}
/*
@@ -1770,17 +1770,9 @@ DICT *dict_ldap_open(const char *ldapsource, int open_flags, int dict_flags)
* set.
*/
dict_ldap->timeout = cfg_get_int(dict_ldap->parser, "timeout", 10, 0, 0);
-
-#if 0 /* No benefit from changing
- * this to match the
- * MySQL/PGSQL syntax */
- if ((dict_ldap->query =
- cfg_get_str(dict_ldap->parser, "query", 0, 0, 0)) == 0)
-#endif
- dict_ldap->query =
- cfg_get_str(dict_ldap->parser, "query_filter",
- "(mailacceptinggeneralid=%s)", 0, 0);
-
+ dict_ldap->query =
+ cfg_get_str(dict_ldap->parser, "query_filter",
+ "(mailacceptinggeneralid=%s)", 0, 0);
if ((dict_ldap->result_format =
cfg_get_str(dict_ldap->parser, "result_format", 0, 0, 0)) == 0)
dict_ldap->result_format =
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b21a5beab..178bcc344 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20170722"
+#define MAIL_RELEASE_DATE "20170728"
#define MAIL_VERSION_NUMBER "3.3"
#ifdef SNAPSHOT
diff --git a/postfix/src/global/verify.c b/postfix/src/global/verify.c
index 8b20ac710..67ba31b82 100644
--- a/postfix/src/global/verify.c
+++ b/postfix/src/global/verify.c
@@ -100,12 +100,12 @@ int verify_append(const char *queue_id, MSG_STATS *stats,
* XXX vrfy_stat is competely redundant because of dsn.
*/
if (var_verify_neg_cache || vrfy_stat == DEL_RCPT_STAT_OK) {
- req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat,
+ req_stat = verify_clnt_update(recipient->address, vrfy_stat,
my_dsn.reason);
/* Two verify updates for one verify request! */
- if (req_stat == VRFY_STAT_OK
+ if (req_stat == VRFY_STAT_OK && recipient->orig_addr[0]
&& strcasecmp_utf8(recipient->address, recipient->orig_addr) != 0)
- req_stat = verify_clnt_update(recipient->address, vrfy_stat,
+ req_stat = verify_clnt_update(recipient->orig_addr, vrfy_stat,
my_dsn.reason);
} else {
my_dsn.action = "undeliverable-but-not-cached";
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index 4a7d7ead1..1a039e542 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -15,7 +15,9 @@ TESTPROG=
MAKES = bool_table.h bool_vars.h int_table.h int_vars.h str_table.h \
str_vars.h time_table.h time_vars.h raw_table.h raw_vars.h \
nint_table.h nint_vars.h nbool_table.h nbool_vars.h long_table.h \
- long_vars.h str_fn_table.h str_fn_vars.h
+ long_vars.h str_fn_table.h str_fn_vars.h
+DB_MAKES= pcf_ldap_suffixes.h pcf_memcache_suffixes.h pcf_mysql_suffixes.h \
+ pcf_pgsql_suffixes.h pcf_sqlite_suffixes.h
TEST_TMP= main.cf master.cf test*.tmp
DUMMIES = makes_dummy # for "make -j"
PROG = postconf
@@ -67,6 +69,22 @@ makes_dummy: $(INC_DIR)/mail_params.h ../global/mail_params.c extract.awk Makefi
$(AWK) -f extract.awk ../*/*.c | $(SHELL)
touch makes_dummy
+$(DB_MAKES): extract_cfg.sh Makefile.in
+
+pcf_ldap_suffixes.h: ../global/dict_ldap.c
+ sh extract_cfg.sh -d ../global/dict_ldap.c > $@
+
+pcf_memcache_suffixes.h: ../global/dict_memcache.c
+ sh extract_cfg.sh -d ../global/dict_memcache.c > $@
+
+pcf_mysql_suffixes.h: ../global/dict_mysql.c
+ sh extract_cfg.sh -d -s ../global/dict_mysql.c > $@
+
+pcf_pgsql_suffixes.h: ../global/dict_pgsql.c
+ sh extract_cfg.sh -d -s ../global/dict_pgsql.c > $@
+
+pcf_sqlite_suffixes.h: ../global/dict_sqlite.c
+ sh extract_cfg.sh -d -s ../global/dict_sqlite.c > $@
# Define two parameters with smtpd_restriction_classes. One will be ignored.
@@ -899,7 +917,7 @@ lint:
clean:
rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \
- $(TEST_TMP)
+ $(TEST_TMP) $(DB_MAKES)
rm -rf printfck
tidy: clean
@@ -1009,8 +1027,13 @@ postconf_dbms.o: ../../include/sys_defs.h
postconf_dbms.o: ../../include/vbuf.h
postconf_dbms.o: ../../include/vstream.h
postconf_dbms.o: ../../include/vstring.h
-postconf_dbms.o: postconf.h
+postconf_dbms.o: pcf_ldap_suffixes.h
+postconf_dbms.o: pcf_memcache_suffixes.h
+postconf_dbms.o: pcf_mysql_suffixes.h
+postconf_dbms.o: pcf_pgsql_suffixes.h
postconf_dbms.o: postconf_dbms.c
+postconf_dbms.o: postconf.h
+postconf_dbms.o: pcf_sqlite_suffixes.h
postconf_edit.o: ../../include/argv.h
postconf_edit.o: ../../include/check_arg.h
postconf_edit.o: ../../include/dict.h
@@ -1029,8 +1052,8 @@ postconf_edit.o: ../../include/vbuf.h
postconf_edit.o: ../../include/vstream.h
postconf_edit.o: ../../include/vstring.h
postconf_edit.o: ../../include/vstring_vstream.h
-postconf_edit.o: postconf.h
postconf_edit.o: postconf_edit.c
+postconf_edit.o: postconf.h
postconf_lookup.o: ../../include/argv.h
postconf_lookup.o: ../../include/check_arg.h
postconf_lookup.o: ../../include/dict.h
diff --git a/postfix/src/postconf/extract_cfg.sh b/postfix/src/postconf/extract_cfg.sh
new file mode 100644
index 000000000..d2faf98ab
--- /dev/null
+++ b/postfix/src/postconf/extract_cfg.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# To view the formatted manual page of this file, type:
+# POSTFIXSOURCE/mantools/srctoman - extract_cfg.sh | nroff -man
+
+#++
+# NAME
+# extract_cfg 1
+# SUMMARY
+# extract database parameter names from cfg_get_xxx() calls
+# SYNOPSIS
+# \fBextract_cfg [-d|-s] [\fIfile...\fB]\fR
+# DESCRIPTION
+# The \fBextract_cfg\fR command extracts the parameter names
+# from cfg_get_{str,int,bool}() calls in dict_xxx.c files. The
+# output is one parameter name per line, formatted as a C string
+# followed by comma.
+#
+# Options:
+# .IP \fB-d\fR
+# Add the "domain" parameter to the output. This is used by
+# the LDAP, memcache, and *SQL* tables.
+# .IP \fB-s\fR
+# Add the legacy SQL query parameters: "select_field", "table",
+# "where_field", and "additional_conditions".
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# HISTORY
+# .ad
+# .fi
+# This command was introduced with Postfix 3.3.
+# AUTHOR(S)
+# Wietse Venema
+# Google, Inc.
+# 111 8th Avenue
+# New York, NY 10011, USA
+#--
+
+# Flags to add db_common parameter names.
+add_legacy_sql_query_params=
+add_domain_param=
+
+# Parse JCL.
+
+while :
+do
+ case "$1" in
+ -d) add_domain_param=1;;
+ -s) add_legacy_sql_query_params=1;;
+ -*) echo Bad option: $1 1>&2; exit 1;;
+ *) break;;
+ esac
+ shift
+done
+
+# We use m4 macros to extract arguments from cfg_get_xxx() calls that
+# may span multiple lines. We sandwich information of interest between
+# control-A characters. Multiple cfg_get_xxx() calls on the same line
+# should be OK, as long as the calls don't nest.
+
+(
+cat <<'EOF'
+define(`cfg_get_str',`�$2�
+')dnl
+define(`cfg_get_int',`�$2�
+')dnl
+define(`cfg_get_bool',`�$2�
+')dnl
+EOF
+# Convert selected C macro definitions into m4 macro definitions.
+sed 's/^#define[ ]*\([DICT_MC_NAME_A-Za-z0-9_]*\)[ ]*\("[^"]*"\)/define(`\1'"'"',`\2'"'"')/' "$@"
+) | m4 | awk -F� '/�/ { print $2 }' | (
+test -n "$add_domain_param" && {
+cat <