mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.8-20100617

Browse Source
This commit is contained in:
Wietse Venema 2010-06-17 00:00:00 -05:00 committed by Viktor Dukhovni
parent c34a4323f4
commit fef3bc167b
51 changed files with 2198 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
postfix/.indent.pro vendored
View File

@ -52,6 +52,7 @@
-TCRYPTO_EX_DATA
-TCTABLE
-TCTABLE_ENTRY
-TDB_COMMON_CTX
-TDELIVERED_HDR_INFO
-TDELIVER_ATTR
-TDELIVER_REQUEST
@ -92,6 +93,7 @@
-TDICT_REGEXP_PRESCAN_CONTEXT
-TDICT_REGEXP_RULE
-TDICT_SDBM
-TDICT_SQLITE
-TDICT_TCP
-TDICT_UNIX
-TDNS_FIXED

19
postfix/HISTORY
View File

@ -15832,3 +15832,22 @@ Apologies for any names omitted.
"tls_append_default_CA = yes". Files: tls/tls_certkey.c,
tls/tls_misc.c, global/mail_params.h. proto/postconf.proto,
mantools/postlink.
20100615
Cleanup: the master no longer logs "process P killed with
signal S" when it shuts down a running service (for example,
the service is removed from master.cf, or the service is
disabled via the main.cf master_service_disable parameter).
File: master/master_spawn.c.
20100617
Feature: read-only sqlite support based on code by Axel
Steiner and documentation by Jesus Garcia Crespo. Files:
conf/postfix-files, mantools/postlink, proto/DATABASE_README.html,
proto/Makefile.in, proto/INSTALL.html, proto/SASL_README.html,
proto/mysql_table, proto/pgsql_table, proto/sqlite_table,
proto/SQLITE_README.html, global/Makefile.in, global/mail_dict.c,
global/dict_sqlite.c, global/dict_sqlite.h, postconf/postconf.c,
postfix/postfix.c.

1
postfix/README_FILES/AAAREADME
View File

@ -50,6 +50,7 @@ LLooookkuupp ttaabblleess ((ddaattaabbaasseess))
* MYSQL_README: MySQL Howto
* PCRE_README: PCRE Howto
* PGSQL_README: PostgreSQL Howto
* SQLITE_README: SQLite Howto
MMaaiilliinngg lliisstt ssuuppppoorrtt

11
postfix/README_FILES/DATABASE_README
View File

@ -73,10 +73,10 @@ files have few surprises, and are easy to debug with the postmap(1) command:
% ppoossttmmaapp --qq iinnffoo@@eexxaammppllee..ccoomm hhaasshh:://eettcc//ppoossttffiixx//vviirrttuuaall
Once you have local files working properly you can follow the instructions in
ldap_table(5), mysql_table(5) or pgsql_table(5) and replace local file lookups
with LDAP or SQL lookups. When you do this, you should use the postmap(1)
command again, to verify that database lookups still produce the exact same
results as local file lookup:
ldap_table(5), mysql_table(5), pgsql_table(5) or sqlite_table(5) and replace
local file lookups with LDAP or SQL lookups. When you do this, you should use
the postmap(1) command again, to verify that database lookups still produce the
exact same results as local file lookup:
% ppoossttmmaapp --qq iinnffoo@@eexxaammppllee..ccoomm llddaapp:://eettcc//ppoossttffiixx//vviirrttuuaall..ccff
@ -240,6 +240,9 @@ To find out what database types your Postfix system supports, use the "ppooss
with the postmap(1) or postalias(1) command. The lookup table name as
used in "sdbm:table" is the database file name without the ".dir" or
".pag" suffix.
ssqqlliittee (read-only)
Perform SQLite database lookups. Configuration details are given in
sqlite_table(5).
ssttaattiicc (read-only)
Always returns its lookup table name as lookup result. For example, the
lookup table "static:foobar" always returns the string "foobar" as

36
postfix/README_FILES/INSTALL
View File

@ -157,23 +157,25 @@ whistles. Support for third-party databases etc. must be configured when
Postfix is compiled. The following documents describe how to build Postfix with
support for extensions:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|PPoossttffiixx eexxtteennssiioonn |DDooccuummeenntt |AAvvaaiillaabbiilliittyy|
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|Berkeley DB database |DB_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|LDAP database |LDAP_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|MySQL database |MYSQL_README|Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|Perl compatible regular expression|PCRE_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|PostgreSQL database |PGSQL_README|Postfix 2.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|SASL authentication |SASL_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|STARTTLS session encryption |TLS_README |Postfix 2.2 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|PPoossttffiixx eexxtteennssiioonn |DDooccuummeenntt |AAvvaaiillaabbiilliittyy|
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|Berkeley DB database |DB_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|LDAP database |LDAP_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|MySQL database |MYSQL_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|Perl compatible regular expression|PCRE_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|PostgreSQL database |PGSQL_README |Postfix 2.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|SASL authentication |SASL_README |Postfix 1.0 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|SQLite database |SQLITE_README|Postfix 2.8 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
|STARTTLS session encryption |TLS_README |Postfix 2.2 |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ |
Note: IP version 6 support is compiled into Postfix on operating systems that
have IPv6 support. See the IPV6_README file for details.

62
postfix/README_FILES/SQLITE_README Normal file
View File

@ -0,0 +1,62 @@
PPoossttffiixx SSQQLLiittee HHoowwttoo
-------------------------------------------------------------------------------
IInnttrroodduuccttiioonn
The Postfix sqlite map type allows you to hook up Postfix to a SQLite database.
This implementation allows for multiple sqlite databases: you can use one for a
virtual(5) table, one for an access(5) table, and one for an aliases(5) table
if you want.
BBuuiillddiinngg PPoossttffiixx wwiitthh SSQQLLiittee ssuuppppoorrtt
The Postfix SQLite client utilizes the sqlite3 library, which can be obtained
from:
http://www.sqlite.org/
In order to build Postfix with sqlite map support, you will need to add -
DHAS_SQLITE and -I for the directory containing the sqlite headers, and the
sqlite3 library to AUXLIBS, for example:
make -f Makefile.init makefiles \
'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
Then, just run 'make'.
UUssiinngg SSQQLLiittee ttaabblleess
Once Postfix is built with sqlite support, you can specify a map type in
main.cf like this:
alias_maps = sqlite:/etc/postfix/sqlite-aliases.cf
The file /etc/postfix/sqlite-aliases.cf specifies lots of information telling
Postfix how to reference the sqlite database. For a complete description, see
the sqlite_table(5) manual page.
EExxaammppllee:: llooccaall aalliiaasseess
#
# sqlite config file for local(8) aliases(5) lookups
#
# Path to database
dbpath = /some/path/to/sqlite_database
# See sqlite_table(5) for details.
query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
AAddddiittiioonnaall nnootteess
The SQLite configuration interface setup allows for multiple sqlite databases:
you can use one for a virtual table, one for an access table, and one for an
aliases table if you want.
CCrreeddiittss
* Implementation by Axel Steiner
* Documentation by Jesus Garcia Crespo

4
postfix/conf/postfix-files
View File

@ -166,6 +166,7 @@ $manpage_directory/man5/header_checks.5:f:root:-:644
$manpage_directory/man5/ldap_table.5:f:root:-:644
$manpage_directory/man5/master.5:f:root:-:644
$manpage_directory/man5/mysql_table.5:f:root:-:644
$manpage_directory/man5/sqlite_table.5:f:root:-:644
$manpage_directory/man5/nisplus_table.5:f:root:-:644
$manpage_directory/man5/pcre_table.5:f:root:-:644
$manpage_directory/man5/pgsql_table.5:f:root:-:644
@ -264,6 +265,7 @@ $readme_directory/MAILDROP_README:f:root:-:644
$readme_directory/MILTER_README:f:root:-:644
$readme_directory/MULTI_INSTANCE_README:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644
$readme_directory/SQLITE_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/OVERVIEW:f:root:-:644
$readme_directory/PACKAGE_README:f:root:-:644
@ -314,6 +316,7 @@ $html_directory/MAILDROP_README.html:f:root:-:644
$html_directory/MILTER_README.html:f:root:-:644
$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
$html_directory/MYSQL_README.html:f:root:-:644
$html_directory/SQLITE_README.html:f:root:-:644
$html_directory/NFS_README.html:f:root:-:644
$html_directory/OVERVIEW.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
@ -361,6 +364,7 @@ $html_directory/mailq.1.html:f:root:-:644
$html_directory/master.5.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
$html_directory/mysql_table.5.html:f:root:-:644
$html_directory/sqlite_table.5.html:f:root:-:644
$html_directory/nisplus_table.5.html:f:root:-:644
$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/oqmgr.8.html:f:root:-:644

8
postfix/html/DATABASE_README.html
View File

@ -120,7 +120,8 @@ and are easy to debug with the <a href="postmap.1.html">postmap(1)</a> command:
</blockquote>
<p> Once you have local files working properly you can follow the
instructions in <a href="ldap_table.5.html">ldap_table(5)</a>, <a href="mysql_table.5.html">mysql_table(5)</a> or <a href="pgsql_table.5.html">pgsql_table(5)</a>
instructions in <a href="ldap_table.5.html">ldap_table(5)</a>, <a href="mysql_table.5.html">mysql_table(5)</a>, <a href="pgsql_table.5.html">pgsql_table(5)</a>
or <a href="sqlite_table.5.html">sqlite_table(5)</a>
and replace local file lookups with LDAP or SQL lookups. When you
do this, you should use the <a href="postmap.1.html">postmap(1)</a> command again, to verify
that database lookups still produce the exact same results as local
@ -358,6 +359,11 @@ created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1
table name as used in "sdbm:table" is the database file name without
the ".dir" or ".pag" suffix. </dd>
<dt> <b>sqlite</b> (read-only) </dt>
<dd> Perform SQLite database lookups. Configuration details are given
in <a href="sqlite_table.5.html">sqlite_table(5)</a>. </dd>
<dt> <b>static</b> (read-only) </dt>
<dd> Always returns its lookup table name as lookup result. For

3
postfix/html/INSTALL.html
View File

@ -261,6 +261,9 @@ Postfix 2.0 </td> </tr>
<tr> <td> SASL authentication </td> <td><a href="SASL_README.html">SASL_README</a></td> <td>
Postfix 1.0 </td> </tr>
<tr> <td> SQLite database</td> <td><a href="SQLITE_README.html">SQLITE_README</a></td> <td> Postfix
2.8 </td> </tr>
<tr> <td> STARTTLS session encryption </td> <td><a href="TLS_README.html">TLS_README</a></td> <td>
Postfix 2.2 </td> </tr>

6
postfix/html/Makefile.in
View File

@ -21,7 +21,7 @@ CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
cidr_table.5.html tcp_table.5.html header_checks.5.html \
ldap_table.5.html mysql_table.5.html pgsql_table.5.html \
master.5.html nisplus_table.5.html generic.5.html bounce.5.html \
postfix-wrapper.5.html
postfix-wrapper.5.html sqlite_table.5.html
OTHER = postfix-manuals.html
AWK = awk '{ print; if (NR == 2) print ".pl 9999\n.ll 65" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
@ -272,6 +272,10 @@ mysql_table.5.html: ../proto/mysql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
sqlite_table.5.html: ../proto/sqlite_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
nisplus_table.5.html: ../proto/nisplus_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@

96
postfix/html/SQLITE_README.html Normal file
View File

@ -0,0 +1,96 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix SQLite Howto</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SQLite Howto</h1>
<hr>
<h2>Introduction</h2>
<p> The Postfix sqlite map type allows you to hook up Postfix to a
SQLite database. This implementation allows for multiple sqlite
databases: you can use one for a <a href="virtual.5.html">virtual(5)</a> table, one for an
<a href="access.5.html">access(5)</a> table, and one for an <a href="aliases.5.html">aliases(5)</a> table if you want. </p>
<h2>Building Postfix with SQLite support</h2>
<p> The Postfix SQLite client utilizes the sqlite3 library,
which can be obtained from: </p>
<blockquote>
<p> <a href="http://www.sqlite.org/">http://www.sqlite.org/</a> </p>
</blockquote>
<p> In order to build Postfix with sqlite map support, you will need to add
-DHAS_SQLITE and -I for the directory containing the sqlite headers, and
the sqlite3 library to AUXLIBS, for example: </p>
<blockquote>
<pre>
make -f Makefile.init makefiles \
'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
</pre>
</blockquote>
<p> Then, just run 'make'.</p>
<h2>Using SQLite tables</h2>
<p> Once Postfix is built with sqlite support, you can specify a
map type in <a href="postconf.5.html">main.cf</a> like this: </p>
<blockquote>
<pre>
<a href="postconf.5.html#alias_maps">alias_maps</a> = sqlite:/etc/postfix/sqlite-aliases.cf
</pre>
</blockquote>
<p> The file /etc/postfix/sqlite-aliases.cf specifies lots of
information telling Postfix how to reference the sqlite database.
For a complete description, see the <a href="sqlite_table.5.html">sqlite_table(5)</a> manual page. </p>
<h2>Example: local aliases </h2>
<pre>
#
# sqlite config file for <a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> lookups
#
# Path to database
dbpath = /some/path/to/sqlite_database
# See <a href="sqlite_table.5.html">sqlite_table(5)</a> for details.
query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
</pre>
<h2>Additional notes</h2>
<p> The SQLite configuration interface setup allows for multiple
sqlite databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
<h2>Credits</h2>
<ul>
<li>Implementation by Axel Steiner</li>
<li>Documentation by Jesus Garcia Crespo</li>
</ul>
</body>
</html>

2
postfix/html/index.html
View File

@ -136,6 +136,8 @@ Per-client/user/etc. access </a>
<li> <a href="PGSQL_README.html"> PostgreSQL Howto </a>
<li> <a href="SQLITE_README.html"> SQLite Howto </a>
</ul>
<p><strong> Mailing list support </strong></p>

593
postfix/html/ldap_table.5.html
View File

@ -55,38 +55,31 @@ LDAP_TABLE(5) LDAP_TABLE(5)
Support for this form will be removed in a future Postfix
version.
Postfix 2.2 has enhanced query interfaces for MySQL and
PostgreSQL. These include features that were previously
available only in the Postfix LDAP client. This work also
created an opportunity for improvements in the LDAP inter-
face. The primary compatibility issue is that <b>result_fil-</b>
<b>ter</b> (a name that has caused some confusion as to its mean-
ing in the past) has been renamed to <b>result_format</b>. For
backwards compatibility with the pre 2.2 LDAP client,
<b>result_filter</b> can for now be used instead of <b>result_for-</b>
<b>mat</b>, when the latter parameter is not also set. The new
name better reflects the function of the parameter. This
compatibility interface may be removed in a future
For backwards compatibility with the pre 2.2 LDAP clients,
<b>result_filter</b> can for now be used instead of <b>result_for-</b>
<b>mat</b>, when the latter parameter is not also set. The new
name better reflects the function of the parameter. This
compatibility interface may be removed in a future
release.
<b>LIST MEMBERSHIP</b>
When using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>,
When using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>,
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>,
etc., it is important to understand that the table must
etc., it is important to understand that the table must
store each list member as a separate key. The table lookup
verifies the *existence* of the key. See "Postfix lists
versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a dis-
verifies the *existence* of the key. See "Postfix lists
versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a dis-
cussion.
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
an arbitrary value. With LDAP databases it is not uncommon
to return the key itself.
For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
<a href="postconf.5.html#mydestination">tion</a>:
query_filter = domain=*
@ -98,21 +91,21 @@ LDAP_TABLE(5) LDAP_TABLE(5)
result_attribute = domain
<b>GENERAL LDAP PARAMETERS</b>
In the text below, default values are given in parenthe-
In the text below, default values are given in parenthe-
ses. Note: don't use quotes in these variables; at least,
not until the Postfix configuration routines understand
not until the Postfix configuration routines understand
how to deal with quoted strings.
<b>server_host (default: localhost)</b>
The name of the host running the LDAP server, e.g.
The name of the host running the LDAP server, e.g.
server_host = ldap.example.com
Depending on the LDAP client library you're using,
it should be possible to specify multiple servers
here, with the library trying them in order should
the first one fail. It should also be possible to
give each server in the list a different port
Depending on the LDAP client library you're using,
it should be possible to specify multiple servers
here, with the library trying them in order should
the first one fail. It should also be possible to
give each server in the list a different port
(overriding <b>server_port</b> below), by naming them like
server_host = ldap.example.com:1444
@ -123,9 +116,9 @@ LDAP_TABLE(5) LDAP_TABLE(5)
server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
<a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
All LDAP URLs accepted by the OpenLDAP library are
supported, including connections over UNIX domain
sockets, and LDAP SSL (the last one provided that
All LDAP URLs accepted by the OpenLDAP library are
supported, including connections over UNIX domain
sockets, and LDAP SSL (the last one provided that
OpenLDAP was compiled with support for SSL):
server_host = ldapi://%2Fsome%2Fpath
@ -148,91 +141,38 @@ LDAP_TABLE(5) LDAP_TABLE(5)
search_base = dc=your, dc=com
With Postfix 2.2 and later this parameter supports
With Postfix 2.2 and later this parameter supports
the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
<a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
<b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-
case equivalents of the above expansions
behave identically to their lower-case
<b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-
case equivalents of the above expansions
behave identically to their lower-case
counter-parts. With the <b>result_format</b> param-
eter (previously called <b>result_filter</b> see
the COMPATIBILITY section and below), they
expand to the corresponding components of
eter (previously called <b>result_filter</b> see
the COMPATIBILITY section and below), they
expand to the corresponding components of
input key rather than the result value.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, the search is suppressed and
returns no results.
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
query_filter = (&amp;(mail=%s)(paid_up=true))
This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query_filter</b> param-
eter identically to their lower-case
counter-parts. With the <b>result_format</b> param-
eter (previously called <b>result_filter</b> see
the COMPATIBILITY section and below), they
expand to the corresponding components of
input key rather than the result value.
The above %S, %U and %D expansions are
available with Postfix 2.2 and later.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
@ -243,206 +183,222 @@ LDAP_TABLE(5) LDAP_TABLE(5)
fied patterns, the search is suppressed and
returns no results.
The above %1, ..., %9 expansions are avail-
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
query_filter = (&amp;(mail=%s)(paid_up=true))
This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
<a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query_filter</b> param-
eter identically to their lower-case
counter-parts. With the <b>result_format</b> param-
eter (previously called <b>result_filter</b> see
the COMPATIBILITY section and below), they
expand to the corresponding components of
input key rather than the result value.
The above %S, %U and %D expansions are
available with Postfix 2.2 and later.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, the search is suppressed and
returns no results.
The above %1, ..., %9 expansions are avail-
able with Postfix 2.2 and later.
The "domain" parameter described below limits the
input keys to addresses in matching domains. When
the "domain" parameter is non-empty, LDAP queries
for unqualified addresses or addresses in non-
The "domain" parameter described below limits the
input keys to addresses in matching domains. When
the "domain" parameter is non-empty, LDAP queries
for unqualified addresses or addresses in non-
matching domains are suppressed and return no
results.
NOTE: DO NOT put quotes around the <b>query_filter</b>
NOTE: DO NOT put quotes around the <b>query_filter</b>
parameter.
<b>result_format (default: %s</b>)
Called <b>result_filter</b> in Postfix releases prior to
Called <b>result_filter</b> in Postfix releases prior to
2.2. Format template applied to result attributes.
Most commonly used to append (or prepend) text to
the result. This parameter supports the following
Most commonly used to append (or prepend) text to
the result. This parameter supports the following
'%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
skipped.
<b>%u</b> When the result attribute value is an
<b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
replaced by the local part of the address.
replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions
The upper-case and decimal digit expansions
interpolate the parts of the input key
rather than the result. Their behavior is
identical to that described with <b>query_fil-</b>
<b>ter</b>, and in fact because the input key is
rather than the result. Their behavior is
identical to that described with <b>query_fil-</b>
<b>ter</b>, and in fact because the input key is
known in advance, lookups whose key does not
contain all the information specified in the
result template are suppressed and return no
results.
The above %S, %U, %D and %1, ..., %9 expan-
sions are available with Postfix 2.2 and
The above %S, %U, %D and %1, ..., %9 expan-
sions are available with Postfix 2.2 and
later.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and
size_limit parameters explained below allow one to
restrict the number of values in the result, which
is especially useful for maps that should return a
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and
size_limit parameters explained below allow one to
restrict the number of values in the result, which
is especially useful for maps that should return a
single value.
The default value <b>%s</b> specifies that each attribute
The default value <b>%s</b> specifies that each attribute
value should be used as is.
This parameter was called <b>result_filter</b> in Postfix
releases prior to 2.2. If no "result_format" is
specified, the value of "result_filter" will be
This parameter was called <b>result_filter</b> in Postfix
releases prior to 2.2. If no "result_format" is
specified, the value of "result_filter" will be
used instead before resorting to the default value.
This provides compatibility with old configuration
This provides compatibility with old configuration
files.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
the query load on the LDAP server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use LDAP to store the domains
It is best not to use LDAP to store the domains
eligible for LDAP lookups.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases.
This feature is available in Postfix 1.0 and later.
<b>result_attribute (default: maildrop)</b>
The attribute(s) Postfix will read from any direc-
The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved
to an email address.
result_attribute = mailbox, maildrop
Don't rely on the default value ("maildrop"). Set
the result_attribute explicitly in all ldap table
configuration files. This is particularly relevant
when no result_attribute is applicable, e.g. cases
in which leaf_result_attribute and/or termi-
nal_result_attribute are used instead. The default
Don't rely on the default value ("maildrop"). Set
the result_attribute explicitly in all ldap table
configuration files. This is particularly relevant
when no result_attribute is applicable, e.g. cases
in which leaf_result_attribute and/or termi-
nal_result_attribute are used instead. The default
value is harmless if "maildrop" is also listed as a
leaf or terminal result attribute, but it is best
leaf or terminal result attribute, but it is best
to not leave this to chance.
<b>special_result_attribute (default: empty)</b>
The attribute(s) of directory entries that can con-
tain DNs or <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recur-
tain DNs or <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recur-
sive search is performed to retrieve the entry ref-
erenced by the DN, or the entries matched by the
erenced by the DN, or the entries matched by the
URL query.
special_result_attribute = memberdn
DN recursion retrieves the same result_attributes
DN recursion retrieves the same result_attributes
as the main query, including the special attributes
for further recursion.
URL processing retrieves only those attributes that
are included in both the URL definition and as
result attributes (ordinary, special, leaf or ter-
are included in both the URL definition and as
result attributes (ordinary, special, leaf or ter-
minal) in the Postfix table definition. If the URL
lists any of the table's special result attributes,
these are retrieved and used recursively. A URL
that does not specify any attribute selection, is
equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a URL that selects all
attributes, in which case the selected attributes
will be the full set of result attributes in the
these are retrieved and used recursively. A URL
that does not specify any attribute selection, is
equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a URL that selects all
attributes, in which case the selected attributes
will be the full set of result attributes in the
Postfix table.
If an LDAP URL attribute-descriptor or the corre-
sponding Postfix LDAP table result attribute (but
not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-type options
("attr;option"), the attribute requested from the
LDAP server will include the sub-type option. In
all other cases, the URL attribute and the table
attribute must match exactly. Attributes with
options in both the URL and the Postfix table are
If an LDAP URL attribute-descriptor or the corre-
sponding Postfix LDAP table result attribute (but
not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-type options
("attr;option"), the attribute requested from the
LDAP server will include the sub-type option. In
all other cases, the URL attribute and the table
attribute must match exactly. Attributes with
options in both the URL and the Postfix table are
requested only when the options are identical. LDAP
attribute-descriptor options are very rarely used,
attribute-descriptor options are very rarely used,
most LDAP users will not need to concern themselves
with this level of nuanced detail.
<b>terminal_result_attribute (default: empty)</b>
When one or more terminal result attributes are
When one or more terminal result attributes are
found in an LDAP entry, all other result attributes
are ignored and only the terminal result attributes
are returned. This is useful for delegating expan-
sion of group members to a particular host, by
using an optional "maildrop" attribute on selected
are returned. This is useful for delegating expan-
sion of group members to a particular host, by
using an optional "maildrop" attribute on selected
groups to route the group to a specific host, where
the group is expanded, possibly via mailing-list
the group is expanded, possibly via mailing-list
manager or other special processing.
result_attribute =
terminal_result_attribute = maildrop
When using terminal and/or leaf result attributes,
the result_attribute is best set to an empty value
when it is not used, or else explicitly set to the
desired value, even if it is the default value
"maildrop".
This feature is available with Postfix 2.4 or
later.
<b>leaf_result_attribute (default: empty)</b>
When one or more special result attributes are
found in a non-terminal (see above) LDAP entry,
leaf result attributes are excluded from the expan-
sion of that entry. This is useful when expanding
groups and the desired mail address attribute(s) of
the member objects obtained via DN or URI recursion
are also present in the group object. To only
return the attribute values from the leaf objects
and not the containing group, add the attribute to
the leaf_result_attribute list, and not the
result_attribute list, which is always expanded.
Note, the default value of "result_attribute" is
not empty, you may want to set it explicitly empty
when using "leaf_result_attribute" to expand the
group to a list of member DN addresses. If groups
have both member DN references AND attributes that
hold multiple string valued rfc822 addresses, then
the string attributes go in "result_attribute".
The attributes that represent the email addresses
of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute".
result_attribute = memberaddr
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail
When using terminal and/or leaf result attributes,
the result_attribute is best set to an empty value
when it is not used, or else explicitly set to the
@ -452,39 +408,76 @@ LDAP_TABLE(5) LDAP_TABLE(5)
This feature is available with Postfix 2.4 or
later.
<b>leaf_result_attribute (default: empty)</b>
When one or more special result attributes are
found in a non-terminal (see above) LDAP entry,
leaf result attributes are excluded from the expan-
sion of that entry. This is useful when expanding
groups and the desired mail address attribute(s) of
the member objects obtained via DN or URI recursion
are also present in the group object. To only
return the attribute values from the leaf objects
and not the containing group, add the attribute to
the leaf_result_attribute list, and not the
result_attribute list, which is always expanded.
Note, the default value of "result_attribute" is
not empty, you may want to set it explicitly empty
when using "leaf_result_attribute" to expand the
group to a list of member DN addresses. If groups
have both member DN references AND attributes that
hold multiple string valued rfc822 addresses, then
the string attributes go in "result_attribute".
The attributes that represent the email addresses
of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute".
result_attribute = memberaddr
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail
When using terminal and/or leaf result attributes,
the result_attribute is best set to an empty value
when it is not used, or else explicitly set to the
desired value, even if it is the default value
"maildrop".
This feature is available with Postfix 2.4 or
later.
<b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
Whether or not to bind to the LDAP server. Newer
Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
bind = no
If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put
If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call
it) on that system too. This should prevent the
password from traversing the network in the clear.
it) on that system too. This should prevent the
password from traversing the network in the clear.
<b>bind_dn (default: empty)</b>
If you do have to bind, do it with this distin-
If you do have to bind, do it with this distin-
guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b>
The password for the distinguished name above. If
The password for the distinguished name above. If
you have to use this, you probably want to make the
map configuration file readable only by the Postfix
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos-
sible to securely store the bind password. This is
sible to securely store the bind password. This is
because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
local accounts to submit mail via the sendmail com-
mand. Example:
@ -496,43 +489,43 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b>
The above parameters are NO LONGER SUPPORTED by
The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b>
A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a
A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a
non-zero positive number.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b>
A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to
A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to
this limit.
Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit
caps the per search resource utilization on the
LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option
Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit
caps the per search resource utilization on the
LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option
of "ldapsearch".
<b>dereference (default: 0)</b>
When to dereference LDAP aliases. (Note that this
When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted
values are those legal for the OpenLDAP/UM LDAP
values are those legal for the OpenLDAP/UM LDAP
implementations:
0 never
@ -544,28 +537,28 @@ LDAP_TABLE(5) LDAP_TABLE(5)
3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man
pages for more information. And if you're using an
pages for more information. And if you're using an
LDAP package that has other possible values, please
bring it to the attention of the postfix-
bring it to the attention of the postfix-
users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b>
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support).
<b>version (default: 2)</b>
Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b>
What level to set for debugging in the OpenLDAP
What level to set for debugging in the OpenLDAP
libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can
If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command.
LDAP SSL service can be requested by using a LDAP SSL URL
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
server_host = ldaps://ldap.example.com:636
@ -574,82 +567,82 @@ LDAP_TABLE(5) LDAP_TABLE(5)
start_tls = yes
Both forms require LDAP protocol version 3, which has to
Both forms require LDAP protocol version 3, which has to
be set explicitly with:
version = 3
If any of the Postfix programs querying the map is config-
ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of
course, the private keys should only be readable by the
course, the private keys should only be readable by the
user "postfix".
The following parameters are relevant to LDAP SSL and
The following parameters are relevant to LDAP SSL and
STARTTLS:
<b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to
the server. Don't set this with LDAP SSL (the SSL
the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec-
tion is opened).
<b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority
certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files
are looked up by the CA subject name hash value,
which must hence be available. If more than one CA
certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of
certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files
are looked up by the CA subject name hash value,
which must hence be available. If more than one CA
certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of
other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to
create the necessary links.
<b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer-
tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting
tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b>
File containing client's X509 certificate to be
File containing client's X509 certificate to be
used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b>
File containing the private key corresponding to
File containing the private key corresponding to
the above tls_cert.
<b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate
and check its validity when establishing SSL/TLS
connections. The supported values are <b>no</b> and <b>yes</b>.
and check its validity when establishing SSL/TLS
connections. The supported values are <b>no</b> and <b>yes</b>.
With <b>no</b>, the server certificate trust chain is not
checked, but with OpenLDAP prior to 2.1.13, the
With <b>no</b>, the server certificate trust chain is not
checked, but with OpenLDAP prior to 2.1.13, the
name in the server certificate must still match the
LDAP server name. With OpenLDAP 2.0.0 to 2.0.11 the
server name is not necessarily what you specified,
rather it is determined (by reverse lookup) from
the IP address of the LDAP server connection. With
OpenLDAP prior to 2.0.13, subjectAlternativeName
server name is not necessarily what you specified,
rather it is determined (by reverse lookup) from
the IP address of the LDAP server connection. With
OpenLDAP prior to 2.0.13, subjectAlternativeName
extensions in the LDAP server certificate are
ignored: the server name must match the subject
ignored: the server name must match the subject
CommonName. The <b>no</b> setting corresponds to the <b>never</b>
value of <b>TLS_REQCERT</b> in LDAP client configuration
value of <b>TLS_REQCERT</b> in LDAP client configuration
files.
Don't use TLS with OpenLDAP 2.0.x (and especially
Don't use TLS with OpenLDAP 2.0.x (and especially
with x &lt;= 11) if you can avoid it.
With <b>yes</b>, the server certificate must be issued by
a trusted CA, and not be expired. The LDAP server
name must match one of the name(s) found in the
With <b>yes</b>, the server certificate must be issued by
a trusted CA, and not be expired. The LDAP server
name must match one of the name(s) found in the
certificate (see above for OpenLDAP library version
dependent behavior). The <b>yes</b> setting corresponds to
the <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client con-
@ -657,27 +650,27 @@ LDAP_TABLE(5) LDAP_TABLE(5)
The "try" and "never" values of <b>TLS_REQCERT</b> have no
equivalents here. They are not available with
OpenLDAP 2.0, and in any case have questionable
security properties. Either you want TLS verified
OpenLDAP 2.0, and in any case have questionable
security properties. Either you want TLS verified
LDAP connections, or you don't.
The <b>yes</b> value only works correctly with Postfix 2.5
and later, or with OpenLDAP 2.0. Earlier Postfix
releases or later OpenLDAP releases don't work
together with this setting. Support for LDAP over
TLS was added to Postfix based on the OpenLDAP 2.0
and later, or with OpenLDAP 2.0. Earlier Postfix
releases or later OpenLDAP releases don't work
together with this setting. Support for LDAP over
TLS was added to Postfix based on the OpenLDAP 2.0
API.
<b>tls_random_file (No default)</b>
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
@ -688,14 +681,14 @@ LDAP_TABLE(5) LDAP_TABLE(5)
server_host = ldap.example.com
search_base = dc=example, dc=com
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on ldap.exam-
ple.com. It will bind anonymously, search for any direc-
tory entries whose mailacceptinggeneralid attribute is
ple.com. It will bind anonymously, search for any direc-
tory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found,
and build a list of their maildrops, which will be treated
as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
ered.
<b>SEE ALSO</b>
@ -709,13 +702,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others.
LDAP_TABLE(5)

188
postfix/html/mysql_table.5.html
View File

@ -44,16 +44,13 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
Support for this form will be removed in a future Postfix
version.
Postfix 2.2 has enhanced query interfaces for MySQL and
PostgreSQL; these include features previously available
only in the Postfix LDAP client. In the new interface the
SQL query is specified via a single <b>query</b> parameter
(described in more detail below). When the new <b>query</b>
parameter is not specified in the map definition, Postfix
reverts to the old interface, with the SQL query con-
structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
<b>additional_conditions</b> parameters. The old interface will
be gradually phased out. To migrate to the new interface
Normally, the SQL query is specified via a single <b>query</b>
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query con-
structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
<b>additional_conditions</b> parameters. The old interface will
be gradually phased out. To migrate to the new interface
set:
<b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
@ -61,42 +58,42 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
[<i>additional</i><b>_</b><i>conditions</i>]
Insert the value, not the name, of each legacy parameter.
Note that the <b>additional_conditions</b> parameter is optional
Insert the value, not the name, of each legacy parameter.
Note that the <b>additional_conditions</b> parameter is optional
and if not empty, will always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
<a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
is important to understand that the table must store each
list member as a separate key. The table lookup verifies
the *existence* of the key. See "Postfix lists versus
tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
<a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
is important to understand that the table must store each
list member as a separate key. The table lookup verifies
the *existence* of the key. See "Postfix lists versus
tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
an arbitrary value. With SQL databases it is not uncommon
an arbitrary value. With SQL databases it is not uncommon
to return the key itself or a constant value.
<b>MYSQL PARAMETERS</b>
<b>hosts</b> The hosts that Postfix will try to connect to and
<b>hosts</b> The hosts that Postfix will try to connect to and
query from. Specify <i>unix:</i> for UNIX domain sockets,
<i>inet:</i> for TCP connections (default). Example:
hosts = host1.some.domain host2.some.domain
hosts = unix:/file/name
The hosts are tried in random order, with all con-
The hosts are tried in random order, with all con-
nections over UNIX domain sockets being tried
before those over TCP. The connections are auto-
matically closed after being idle for about 1
minute, and are re-opened as necessary. Postfix
versions 2.0 and earlier do not randomize the host
before those over TCP. The connections are auto-
matically closed after being idle for about 1
minute, and are re-opened as necessary. Postfix
versions 2.0 and earlier do not randomize the host
order.
NOTE: if you specify localhost as a hostname (even
NOTE: if you specify localhost as a hostname (even
if you prefix it with <i>inet:</i>), MySQL will connect to
the default UNIX domain socket. In order to
instruct MySQL to connect to localhost over TCP you
@ -104,7 +101,7 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
hosts = 127.0.0.1
<b>user, password</b>
The user name and password to log into the mysql
The user name and password to log into the mysql
server. Example:
user = someone
password = some_password
@ -117,55 +114,55 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
This parameter supports the following '%' expan-
This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the
query is suppressed and returns no results.
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the
query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL
quoted domain part of the address. Other-
quoted domain part of the address. Other-
wise, the query is suppressed and returns no
results.
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query</b> parameter
expansions behave in the <b>query</b> parameter
identically to their lower-case counter-
parts. With the <b>result_format</b> parameter
(see below), they expand the input key
rather than the result value.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, the query is suppressed and
domain components to satisfy all the speci-
fied patterns, the query is suppressed and
returns no results.
The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching
The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching
domains are suppressed and return no results.
This parameter is available with Postfix 2.2. In
prior releases the SQL query was built from the
separate parameters: <b>select_field</b>, <b>table</b>,
<b>where_field</b> and <b>additional_conditions</b>. The mapping
This parameter is available with Postfix 2.2. In
prior releases the SQL query was built from the
separate parameters: <b>select_field</b>, <b>table</b>,
<b>where_field</b> and <b>additional_conditions</b>. The mapping
from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
@ -175,99 +172,99 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
The '%s' in the <b>WHERE</b> clause expands to the escaped
search string. With Postfix 2.2 these legacy
parameters are used if the <b>query</b> parameter is not
parameters are used if the <b>query</b> parameter is not
specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
Format template applied to result attributes. Most
commonly used to append (or prepend) text to the
result. This parameter supports the following '%'
Format template applied to result attributes. Most
commonly used to append (or prepend) text to the
result. This parameter supports the following '%'
expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
skipped.
<b>%u</b> When the result attribute value is an
<b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
replaced by the local part of the address.
replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions
The upper-case and decimal digit expansions
interpolate the parts of the input key
rather than the result. Their behavior is
identical to that described with <b>query</b>, and
in fact because the input key is known in
advance, queries whose key does not contain
all the information specified in the result
template are suppressed and return no
rather than the result. Their behavior is
identical to that described with <b>query</b>, and
in fact because the input key is known in
advance, queries whose key does not contain
all the information specified in the result
template are suppressed and return no
results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame-
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num-
ber of values in the result, which is especially
ber of values in the result, which is especially
useful for maps that must return at most one value.
The default value <b>%s</b> specifies that each result
The default value <b>%s</b> specifies that each result
value should be used as is.
This parameter is available with Postfix 2.2 and
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
the query load on the MySQL server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eli-
gible for SQL lookups.
This parameter is available with Postfix 2.2 and
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases, because the input keys are always unquali-
fied.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
The following parameters can be used to fill in a SELECT
The following parameters can be used to fill in a SELECT
template statement of the form:
SELECT [<b>select_field</b>]
@ -275,7 +272,7 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu-
rity problem.
@ -300,13 +297,14 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
<a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="MYSQL_README.html">MYSQL_README</a>, Postfix MYSQL client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

212
postfix/html/pgsql_table.5.html
View File

@ -45,23 +45,18 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
readable. Support for this form will be removed in a
future Postfix version.
Postfix 2.2 has enhanced query interfaces for MySQL and
PostgreSQL, these include features previously available
only in the Postfix LDAP client. In the new interface the
SQL query is specified via a single <b>query</b> parameter
(described in more detail below). In Postfix 2.1 the
parameter precedence was, from highest to lowest,
<b>select_function</b>, <b>query</b> and finally <b>select_field</b>, ...
With Postfix 2.2 the <b>query</b> parameter has highest prece-
dence, and is used in preference to the still supported,
but slated to be phased out, <b>select_function</b>,
<b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>
parameters. To migrate to the new interface set:
Normally, the SQL query is specified via a single <b>query</b>
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query con-
structed from the <b>select_function</b>, <b>select_field</b>, <b>table</b>,
<b>where_field</b> and <b>additional_conditions</b> parameters. The old
interface will be gradually phased out. To migrate to the
new interface set:
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
or in the absence of <b>select_function</b>, the lower prece-
or in the absence of <b>select_function</b>, the lower prece-
dence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
@ -69,48 +64,48 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
WHERE <i>where</i><b>_</b><i>field</i> = '%s'
<i>additional</i><b>_</b><i>conditions</i>
Use the value, not the name, of each legacy parameter.
Note that the <b>additional_conditions</b> parameter is optional
Use the value, not the name, of each legacy parameter.
Note that the <b>additional_conditions</b> parameter is optional
and if not empty, will always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
<a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
is important to understand that the table must store each
list member as a separate key. The table lookup verifies
the *existence* of the key. See "Postfix lists versus
tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
<a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
is important to understand that the table must store each
list member as a separate key. The table lookup verifies
the *existence* of the key. See "Postfix lists versus
tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
an arbitrary value. With SQL databases it is not uncommon
an arbitrary value. With SQL databases it is not uncommon
to return the key itself or a constant value.
<b>PGSQL PARAMETERS</b>
<b>hosts</b> The hosts that Postfix will try to connect to and
<b>hosts</b> The hosts that Postfix will try to connect to and
query from. Specify <i>unix:</i> for UNIX-domain sockets,
<i>inet:</i> for TCP connections (default). Example:
hosts = host1.some.domain host2.some.domain
hosts = unix:/file/name
The hosts are tried in random order, with all con-
The hosts are tried in random order, with all con-
nections over UNIX domain sockets being tried
before those over TCP. The connections are auto-
matically closed after being idle for about 1
before those over TCP. The connections are auto-
matically closed after being idle for about 1
minute, and are re-opened as necessary.
NOTE: the <i>unix:</i> and <i>inet:</i> prefixes are accepted for
backwards compatibility reasons, but are actually
backwards compatibility reasons, but are actually
ignored. The PostgreSQL client library will always
try to connect to an UNIX socket if the name starts
with a slash, and will try a TCP connection other-
with a slash, and will try a TCP connection other-
wise.
<b>user, password</b>
The user name and password to log into the pgsql
The user name and password to log into the pgsql
server. Example:
user = someone
password = some_password
@ -123,170 +118,170 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
This parameter supports the following '%' expan-
This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later)
<b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the
query is suppressed and returns no results.
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the
query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL
quoted domain part of the address. Other-
quoted domain part of the address. Other-
wise, the query is suppressed and returns no
results.
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query</b> parameter
expansions behave in the <b>query</b> parameter
identically to their lower-case counter-
parts. With the <b>result_format</b> parameter
(see below), they expand the input key
rather than the result value.
The above %S, %U and %D expansions are
The above %S, %U and %D expansions are
available with Postfix 2.2 and later
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, the query is suppressed and
domain components to satisfy all the speci-
fied patterns, the query is suppressed and
returns no results.
The above %1, ... %9 expansions are avail-
The above %1, ... %9 expansions are avail-
able with Postfix 2.2 and later
The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching
The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching
domains are suppressed and return no results.
The precedence of this parameter has changed with
Postfix 2.2, in prior releases the precedence was,
from highest to lowest, <b>select_function</b>, <b>query</b>,
The precedence of this parameter has changed with
Postfix 2.2, in prior releases the precedence was,
from highest to lowest, <b>select_function</b>, <b>query</b>,
<b>select_field</b>, ...
With Postfix 2.2 the <b>query</b> parameter has highest
With Postfix 2.2 the <b>query</b> parameter has highest
precedence, see COMPATIBILITY above.
NOTE: DO NOT put quotes around the <b>query</b> parameter.
<b>result_format (default: %s</b>)
Format template applied to result attributes. Most
commonly used to append (or prepend) text to the
result. This parameter supports the following '%'
Format template applied to result attributes. Most
commonly used to append (or prepend) text to the
result. This parameter supports the following '%'
expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
skipped.
<b>%u</b> When the result attribute value is an
<b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
replaced by the local part of the address.
replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions
The upper-case and decimal digit expansions
interpolate the parts of the input key
rather than the result. Their behavior is
identical to that described with <b>query</b>, and
in fact because the input key is known in
advance, queries whose key does not contain
all the information specified in the result
template are suppressed and return no
rather than the result. Their behavior is
identical to that described with <b>query</b>, and
in fact because the input key is known in
advance, queries whose key does not contain
all the information specified in the result
template are suppressed and return no
results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame-
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num-
ber of values in the result, which is especially
ber of values in the result, which is especially
useful for maps that must return at most one value.
The default value <b>%s</b> specifies that each result
The default value <b>%s</b> specifies that each result
value should be used as is.
This parameter is available with Postfix 2.2 and
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
the query load on the PostgreSQL server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eli-
gible for SQL lookups.
This parameter is available with Postfix 2.2 and
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases, because the input keys are always unquali-
fied.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACES</b>
This section describes query interfaces that are depre-
cated as of Postfix 2.2. Please migrate to the new <b>query</b>
interface as the old interfaces are slated to be phased
This section describes query interfaces that are depre-
cated as of Postfix 2.2. Please migrate to the new <b>query</b>
interface as the old interfaces are slated to be phased
out.
<b>select_function</b>
This parameter specifies a database function name.
This parameter specifies a database function name.
Example:
select_function = my_lookup_user_alias
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
This parameter overrides the legacy table-related
fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame-
ter. Starting with Postfix 2.2, the <b>query</b> parameter
has highest precedence, and the <b>select_function</b>
has highest precedence, and the <b>select_function</b>
parameter is deprecated.
The following parameters (with lower precedence than the
<b>select_function</b> interface described above) can be used to
The following parameters (with lower precedence than the
<b>select_function</b> interface described above) can be used to
build the SQL select statement as follows:
SELECT [<b>select_field</b>]
@ -294,14 +289,14 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced with each lookup by the
lookup key and is escaped so if it contains single quotes
or other odd characters, it will not cause a parse error,
The specifier %s is replaced with each lookup by the
lookup key and is escaped so if it contains single quotes
or other odd characters, it will not cause a parse error,
or worse, a security problem.
Starting with Postfix 2.2, this interface is obsoleted by
the more general <b>query</b> interface described above. If
higher precedence the <b>query</b> or <b>select_function</b> parameters
Starting with Postfix 2.2, this interface is obsoleted by
the more general <b>query</b> interface described above. If
higher precedence the <b>query</b> or <b>select_function</b> parameters
described above are defined, the parameters described here
are ignored.
@ -325,13 +320,14 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
<a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

58
postfix/html/postconf.1.html
View File

@ -175,36 +175,40 @@ POSTCONF(1) POSTCONF(1)
is available on systems with support for
SDBM databases.
<b>sqlite</b> (read-only)
Perform lookups from SQLite database files.
This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
<b>static</b> (read-only)
A table that always returns its name as
lookup result. For example, <b>static:foobar</b>
always returns the string <b>foobar</b> as lookup
A table that always returns its name as
lookup result. For example, <b>static:foobar</b>
always returns the string <b>foobar</b> as lookup
result.
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not included with the stable
Postfix release.
<b>unix</b> (read-only)
A limited way to query the UNIX authentica-
A limited way to query the UNIX authentica-
tion database. The following tables are
implemented:
<b>unix:passwd.byname</b>
The table is the UNIX password data-
base. The key is a login name. The
result is a password file entry in
The table is the UNIX password data-
base. The key is a login name. The
result is a password file entry in
<b>passwd</b>(5) format.
<b>unix:group.byname</b>
The table is the UNIX group database.
The key is a group name. The result
is a group file entry in <b>group</b>(5)
The key is a group name. The result
is a group file entry in <b>group</b>(5)
format.
Other table types may exist depending on how Post-
Other table types may exist depending on how Post-
fix was built.
<b>-n</b> Print parameter settings that are not left at their
@ -213,29 +217,29 @@ POSTCONF(1) POSTCONF(1)
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
Display the templates for delivery status notifica-
tion (DSN) messages. To override the built-in tem-
plates, specify a template file at the end of the
tion (DSN) messages. To override the built-in tem-
plates, specify a template file at the end of the
command line, or specify a template file in <a href="postconf.5.html">main.cf</a>
with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter. To force
selection of the built-in templates, specify an
with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter. To force
selection of the built-in templates, specify an
empty template file name (in shell language: "").
This feature is available with Postfix 2.3 and
This feature is available with Postfix 2.3 and
later.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file. The file is
<b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file. The file is
copied to a temporary file then renamed into place.
The parameters specified on the command line are
The parameters specified on the command line are
commented-out, so that they revert to their default
values. Specify a list of parameter names, not
name=value pairs. There is no <b>postconf</b> command to
values. Specify a list of parameter names, not
name=value pairs. There is no <b>postconf</b> command to
perform the reverse operation.
This feature is available with Postfix 2.6 and
This feature is available with Postfix 2.6 and
later.
<b>DIAGNOSTICS</b>
@ -246,18 +250,18 @@ POSTCONF(1) POSTCONF(1)
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
to this program.
The text below provides only a parameter summary. See
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
Pathname of a configuration file with bounce mes-
Pathname of a configuration file with bounce mes-
sage templates.
<b>FILES</b>
@ -271,7 +275,7 @@ POSTCONF(1) POSTCONF(1)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

8
postfix/html/postconf.5.html
View File

@ -14119,10 +14119,10 @@ The default is "no"; this prevents Postfix from trusting third-party
certificates and giving them relay permission with
<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
<p> This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for backwards
compatibility, to avoid breaking certificate verification with sites
that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
2.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for
backwards compatibility, to avoid breaking certificate verification
with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
</DD>

2
postfix/html/postfix-manuals.html
View File

@ -165,6 +165,8 @@ the following convention: </p>
<li> <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
<li> slite_table(5), Postfix SQLite database driver
<li> <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
</ul>

1
postfix/html/postfix.1.html
View File

@ -301,6 +301,7 @@ POSTFIX(1) POSTFIX(1)
<a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
<a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
<a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
slite_table(5), Postfix SQLite database driver
<a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
Daemon processes:

286
postfix/html/sqlite_table.5.html Normal file
View File

@ -0,0 +1,286 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - sqlite_table(5) </title>
</head> <body> <pre>
SQLITE_TABLE(5) SQLITE_TABLE(5)
<b>NAME</b>
sqlite_table - Postfix SQLite configuration
<b>SYNOPSIS</b>
<b>postmap -q "</b><i>string</i><b>" sqlite:/etc/postfix/filename</b>
<b>postmap -q - sqlite:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in <b>dbm</b>
or <b>db</b> format.
Alternatively, lookup tables can be specified as SQLite
databases. In order to use SQLite lookups, define a
SQLite source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = sqlite:/etc/sqlite-aliases.cf
The file /etc/postfix/sqlite-aliases.cf has the same for-
mat as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the
parameters described below.
<b>BACKWARDS COMPATIBILITY</b>
For compatibility with other Postfix lookup tables, SQLite
parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do
that, specify as SQLite source a name that doesn't begin
with a slash or a dot. The SQLite parameters will then be
accessible as the name you've given the source in its def-
inition, an underscore, and the name of the parameter.
For example, if the map is specified as "sqlite:<i>sqlite-</i>
<i>name</i>", the parameter "query" below would be defined in
<a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
Normally, the SQL query is specified via a single <b>query</b>
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query con-
structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
<b>additional_conditions</b> parameters. The old interface will
be gradually phased out. To migrate to the new interface
set:
<b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
FROM [<i>table</i>]
WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
[<i>additional</i><b>_</b><i>conditions</i>]
Insert the value, not the name, of each legacy parameter.
Note that the <b>additional_conditions</b> parameter is optional
and if not empty, will always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
<a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
is important to understand that the table must store each
list member as a separate key. The table lookup verifies
the *existence* of the key. See "Postfix lists versus
tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
Do NOT create tables that return the full list of domains
in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
an arbitrary value. With SQL databases it is not uncommon
to return the key itself or a constant value.
<b>SQLITE PARAMETERS</b>
<b>dbpath</b> The SQLite database file location. Example:
dbpath = customer_database
<b>query</b> The SQL query template used to search the database,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the
query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL
quoted domain part of the address. Other-
wise, the query is suppressed and returns no
results.
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query</b> parameter
identically to their lower-case counter-
parts. With the <b>result_format</b> parameter
(see below), they expand the input key
rather than the result value.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, the query is suppressed and
returns no results.
The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching
domains are suppressed and return no results.
This parameter is available with Postfix 2.2. In
prior releases the SQL query was built from the
separate parameters: <b>select_field</b>, <b>table</b>,
<b>where_field</b> and <b>additional_conditions</b>. The mapping
from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The '%s' in the <b>WHERE</b> clause expands to the escaped
search string. With Postfix 2.2 these legacy
parameters are used if the <b>query</b> parameter is not
specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
Format template applied to result attributes. Most
commonly used to append (or prepend) text to the
result. This parameter supports the following '%'
expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is
skipped.
<b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions
interpolate the parts of the input key
rather than the result. Their behavior is
identical to that described with <b>query</b>, and
in fact because the input key is known in
advance, queries whose key does not contain
all the information specified in the result
template are suppressed and return no
results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num-
ber of values in the result, which is especially
useful for maps that must return at most one value.
The default value <b>%s</b> specifies that each result
value should be used as is.
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
the query load on the SQLite server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eli-
gible for SQL lookups.
This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases, because the input keys are always unquali-
fied.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
The following parameters can be used to fill in a SELECT
template statement of the form:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu-
rity problem.
<b>select_field</b>
The SQL "select" parameter. Example:
<b>select_field</b> = forw_addr
<b>table</b> The SQL "select .. from" table name. Example:
<b>table</b> = mxaliases
<b>where_field</b>
The SQL "select .. where" parameter. Example:
<b>where_field</b> = alias
<b>additional_conditions</b>
Additional conditions to the SQL query. Example:
<b>additional_conditions</b> = AND status = 'paid'
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
<a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="SQLITE_README.html">SQLITE_README</a>, Postfix SQLITE driver
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
SQLite support was introduced with Postfix version 2.8.
<b>AUTHOR(S)</b>
Original implementation by:
Axel Steiner
SQLITE_TABLE(5)
</pre> </body> </html>

6
postfix/man/Makefile.in
View File

@ -18,7 +18,8 @@ CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \
man5/body_checks.5 man5/ldap_table.5 man5/mysql_table.5 \
man5/pgsql_table.5 man5/master.5 man5/nisplus_table.5 \
man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5
man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5 \
man5/sqlite_table.5
TOOLS = man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
man1/qmqp-source.1 man1/qshape.1
@ -273,6 +274,9 @@ man5/master.5: ../proto/master
man5/mysql_table.5: ../proto/mysql_table
../mantools/srctoman - $? >$@
man5/sqlite_table.5: ../proto/sqlite_table
../mantools/srctoman - $? >$@
man5/nisplus_table.5: ../proto/nisplus_table
../mantools/srctoman - $? >$@

3
postfix/man/man1/postconf.1
View File

@ -152,6 +152,9 @@ described in \fBregexp_table\fR(5).
.IP \fBsdbm\fR
An indexed file type based on hashing.
This is available on systems with support for SDBM databases.
.IP "\fBsqlite\fR (read-only)"
Perform lookups from SQLite database files. This is described
in \fBsqlite_table\fR(5).
.IP "\fBstatic\fR (read-only)"
A table that always returns its name as lookup result. For example,
\fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup

1
postfix/man/man1/postfix.1
View File

@ -259,6 +259,7 @@ nisplus_table(5), Postfix NIS+ client
pcre_table(5), Associate PCRE pattern with value
pgsql_table(5), Postfix PostgreSQL client
regexp_table(5), Associate POSIX regexp pattern with value
slite_table(5), Postfix SQLite database driver
tcp_table(5), Postfix client-server table lookup
Daemon processes:

10
postfix/man/man5/ldap_table.5
View File

@ -56,14 +56,8 @@ Note: with this form, the passwords for the LDAP sources are
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
These include features that were previously available only in the
Postfix LDAP client. This work also created an opportunity for
improvements in the LDAP interface. The primary compatibility
issue is that \fBresult_filter\fR (a name that has caused some
confusion as to its meaning in the past) has been renamed to
\fBresult_format\fR. For backwards compatibility with the pre
2.2 LDAP client, \fBresult_filter\fR can for now be used instead
For backwards compatibility with the pre
2.2 LDAP clients, \fBresult_filter\fR can for now be used instead
of \fBresult_format\fR, when the latter parameter is not also set.
The new name better reflects the function of the parameter. This
compatibility interface may be removed in a future release.

19
postfix/man/man5/mysql_table.5
View File

@ -46,16 +46,14 @@ Note: with this form, the passwords for the MySQL sources are
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
these include features previously available only in the Postfix
LDAP client. In the new interface the SQL query is specified via
a single \fBquery\fR parameter (described in more detail below).
When the new \fBquery\fR parameter is not specified in the map
definition, Postfix reverts to the old interface, with the SQL
query constructed from the \fBselect_field\fR, \fBtable\fR,
\fBwhere_field\fR and \fBadditional_conditions\fR parameters.
The old interface will be gradually phased out. To migrate to
the new interface set:
Normally, the SQL query is specified via a single \fBquery\fR
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query constructed
from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
and \fBadditional_conditions\fR parameters. The old interface
will be gradually phased out. To migrate to the new interface
set:
.nf
\fBquery\fR = SELECT [\fIselect_field\fR]
@ -310,6 +308,7 @@ postmap(1), Postfix lookup table maintenance
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
pgsql_table(5), PostgreSQL lookup tables
sqlite_table(5), SQLite lookup tables
.SH "README FILES"
.na
.nf

21
postfix/man/man5/pgsql_table.5
View File

@ -48,18 +48,14 @@ are written in main.cf, which is normally world-readable.
Support for this form will be removed in a future Postfix
version.
Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
these include features previously available only in the Postfix
LDAP client. In the new interface the SQL query is specified via
a single \fBquery\fR parameter (described in more detail below).
In Postfix 2.1 the parameter precedence was, from highest to lowest,
\fBselect_function\fR, \fBquery\fR and finally \fBselect_field\fR, ...
With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
and is used in preference to the still supported, but slated to be
phased out, \fBselect_function\fR, \fBselect_field\fR, \fBtable\fR,
\fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
migrate to the new interface set:
Normally, the SQL query is specified via a single \fBquery\fR
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query
constructed from the \fBselect_function\fR, \fBselect_field\fR,
\fBtable\fR, \fBwhere_field\fR and \fBadditional_conditions\fR
parameters. The old interface will be gradually phased
out. To migrate to the new interface set:
.nf
\fBquery\fR = SELECT \fIselect_function\fR('%s')
@ -334,6 +330,7 @@ postmap(1), Postfix lookup table manager
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
mysql_table(5), MySQL lookup tables
sqlite_table(5), SQLite lookup tables
.SH "README FILES"
.na
.nf

8
postfix/man/man5/postconf.5
View File

@ -8948,10 +8948,10 @@ The default is "no"; this prevents Postfix from trusting third-party
certificates and giving them relay permission with
permit_tls_all_clientcerts.
.PP
This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
later versions. Specify "tls_append_default_CA = yes" for backwards
compatibility, to avoid breaking certificate verification with sites
that don't use permit_tls_all_clientcerts.
This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
backwards compatibility, to avoid breaking certificate verification
with sites that don't use permit_tls_all_clientcerts.
.SH tls_daemon_random_bytes (default: 32)
The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its

304
postfix/man/man5/sqlite_table.5 Normal file
View File

@ -0,0 +1,304 @@
.TH SQLITE_TABLE 5
.ad
.fi
.SH NAME
sqlite_table
\-
Postfix SQLite configuration
.SH "SYNOPSIS"
.na
.nf
\fBpostmap -q "\fIstring\fB" sqlite:/etc/postfix/filename\fR
\fBpostmap -q - sqlite:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in
\fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified as SQLite databases.
In order to use SQLite lookups, define a SQLite source as a lookup
table in main.cf, for example:
.nf
alias_maps = sqlite:/etc/sqlite-aliases.cf
.fi
The file /etc/postfix/sqlite-aliases.cf has the same format as
the Postfix main.cf file, and can specify the parameters
described below.
.SH "BACKWARDS COMPATIBILITY"
.na
.nf
.ad
.fi
For compatibility with other Postfix lookup tables, SQLite
parameters can also be defined in main.cf. In order to do that,
specify as SQLite source a name that doesn't begin with a slash
or a dot. The SQLite parameters will then be accessible as the
name you've given the source in its definition, an underscore,
and the name of the parameter. For example, if the map is
specified as "sqlite:\fIsqlitename\fR", the parameter "query"
below would be defined in main.cf as "\fIsqlitename\fR_query".
Normally, the SQL query is specified via a single \fBquery\fR
parameter (described in more detail below). When this
parameter is not specified in the map definition, Postfix
reverts to an older interface, with the SQL query constructed
from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
and \fBadditional_conditions\fR parameters. The old interface
will be gradually phased out. To migrate to the new interface
set:
.nf
\fBquery\fR = SELECT [\fIselect_field\fR]
FROM [\fItable\fR]
WHERE [\fIwhere_field\fR] = '%s'
[\fIadditional_conditions\fR]
.fi
Insert the value, not the name, of each legacy parameter. Note
that the \fBadditional_conditions\fR parameter is optional
and if not empty, will always start with \fBAND\fR.
.SH "LIST MEMBERSHIP"
.na
.nf
.ad
.fi
When using SQL to store lists such as $mynetworks,
$mydestination, $relay_domains, $local_recipient_maps,
etc., it is important to understand that the table must
store each list member as a separate key. The table lookup
verifies the *existence* of the key. See "Postfix lists
versus tables" in the DATABASE_README document for a
discussion.
Do NOT create tables that return the full list of domains
in $mydestination or $relay_domains etc., or IP addresses
in $mynetworks.
DO create tables with each matching item as a key and with
an arbitrary value. With SQL databases it is not uncommon to
return the key itself or a constant value.
.SH "SQLITE PARAMETERS"
.na
.nf
.ad
.fi
.IP "\fBdbpath\fR"
The SQLite database file location. Example:
.nf
dbpath = customer_database
.fi
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
e.g.
.nf
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
.fi
This parameter supports the following '%' expansions:
.RS
.IP "\fB\fB%%\fR\fR"
This is replaced by a literal '%' character.
.IP "\fB\fB%s\fR\fR"
This is replaced by the input key.
SQL quoting is used to make sure that the input key does not
add unexpected metacharacters.
.IP "\fB\fB%u\fR\fR"
When the input key is an address of the form user@domain, \fB%u\fR
is replaced by the SQL quoted local part of the address.
Otherwise, \fB%u\fR is replaced by the entire search string.
If the localpart is empty, the query is suppressed and returns
no results.
.IP "\fB\fB%d\fR\fR"
When the input key is an address of the form user@domain, \fB%d\fR
is replaced by the SQL quoted domain part of the address.
Otherwise, the query is suppressed and returns no results.
.IP "\fB\fB%[SUD]\fR\fR"
The upper-case equivalents of the above expansions behave in the
\fBquery\fR parameter identically to their lower-case counter-parts.
With the \fBresult_format\fR parameter (see below), they expand the
input key rather than the result value.
.IP "\fB\fB%[1-9]\fR\fR"
The patterns %1, %2, ... %9 are replaced by the corresponding
most significant component of the input key's domain. If the
input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
unqualified or does not have enough domain components to satisfy
all the specified patterns, the query is suppressed and returns
no results.
.RE
.IP
The \fBdomain\fR parameter described below limits the input
keys to addresses in matching domains. When the \fBdomain\fR
parameter is non-empty, SQL queries for unqualified addresses
or addresses in non-matching domains are suppressed
and return no results.
This parameter is available with Postfix 2.2. In prior releases
the SQL query was built from the separate parameters:
\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
\fBadditional_conditions\fR. The mapping from the old parameters
to the equivalent query is:
.nf
SELECT [\fBselect_field\fR]
FROM [\fBtable\fR]
WHERE [\fBwhere_field\fR] = '%s'
[\fBadditional_conditions\fR]
.fi
The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
parameter is not specified.
NOTE: DO NOT put quotes around the query parameter.
.IP "\fBresult_format (default: \fB%s\fR)\fR"
Format template applied to result attributes. Most commonly used
to append (or prepend) text to the result. This parameter supports
the following '%' expansions:
.RS
.IP "\fB\fB%%\fR\fR"
This is replaced by a literal '%' character.
.IP "\fB\fB%s\fR\fR"
This is replaced by the value of the result attribute. When
result is empty it is skipped.
.IP "\fB%u\fR
When the result attribute value is an address of the form
user@domain, \fB%u\fR is replaced by the local part of the
address. When the result has an empty localpart it is skipped.
.IP "\fB\fB%d\fR\fR"
When a result attribute value is an address of the form
user@domain, \fB%d\fR is replaced by the domain part of
the attribute value. When the result is unqualified it
is skipped.
.IP "\fB\fB%[SUD1-9]\fR\fB"
The upper-case and decimal digit expansions interpolate
the parts of the input key rather than the result. Their
behavior is identical to that described with \fBquery\fR,
and in fact because the input key is known in advance, queries
whose key does not contain all the information specified in
the result template are suppressed and return no results.
.RE
.IP
For example, using "result_format = smtp:[%s]" allows one
to use a mailHost attribute as the basis of a transport(5)
table. After applying the result format, multiple values
are concatenated as comma separated strings. The expansion_limit
and parameter explained below allows one to restrict the number
of values in the result, which is especially useful for maps that
must return at most one value.
The default value \fB%s\fR specifies that each result value should
be used as is.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
.IP "\fBdomain (default: no domain list)\fR"
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified search
keys with a *non-empty* localpart and a matching domain
are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly
reduce the query load on the SQLite server.
.nf
domain = postfix.org, hash:/etc/postfix/searchdomains
.fi
It is best not to use SQL to store the domains eligible
for SQL lookups.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT define this parameter for local(8) aliases,
because the input keys are always unqualified.
.IP "\fBexpansion_limit (default: 0)\fR"
A limit on the total number of result elements returned
(as a comma separated list) by a lookup against the map.
A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.SH "OBSOLETE QUERY INTERFACE"
.na
.nf
.ad
.fi
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general \fBquery\fR
interface described above. If the \fBquery\fR parameter
is defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy interface
may be removed in a future release.
The following parameters can be used to fill in a
SELECT template statement of the form:
.nf
SELECT [\fBselect_field\fR]
FROM [\fBtable\fR]
WHERE [\fBwhere_field\fR] = '%s'
[\fBadditional_conditions\fR]
.fi
The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd characters,
it will not cause a parse error, or worse, a security problem.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf
\fBselect_field\fR = forw_addr
.fi
.IP "\fBtable\fR"
The SQL "select .. from" table name. Example:
.nf
\fBtable\fR = mxaliases
.fi
.IP "\fBwhere_field\fR
The SQL "select .. where" parameter. Example:
.nf
\fBwhere_field\fR = alias
.fi
.IP "\fBadditional_conditions\fR
Additional conditions to the SQL query. Example:
.nf
\fBadditional_conditions\fR = AND status = 'paid'
.fi
.SH "SEE ALSO"
.na
.nf
postmap(1), Postfix lookup table maintenance
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
mysql_table(5), MySQL lookup tables
pgsql_table(5), PostgreSQL lookup tables
.SH "README FILES"
.na
.nf
.ad
.fi
Use "\fBpostconf readme_directory\fR" or
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
DATABASE_README, Postfix lookup table overview
SQLITE_README, Postfix SQLITE driver
.SH "LICENSE"
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
.SH "HISTORY"
.na
.nf
SQLite support was introduced with Postfix version 2.8.
.SH "AUTHOR(S)"
.na
.nf
Original implementation by:
Axel Steiner

1
postfix/mantools/postlink
View File

@ -772,6 +772,7 @@ while (<>) {
s/[<bB>]*reg[-<\/bB>]*\n*[ <bB>]*exp[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="regexp_table.5.html">$&<\/a>/g;
s/[<bB>]*relocated[<\/bB>]*\(5\)/<a href="relocated.5.html">$&<\/a>/g;
s/[<bB>]*scache[<\/bB>]*\(8\)/<a href="scache.8.html">$&<\/a>/g;
s/[<bB>]*sqlite[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="sqlite_table.5.html">$&<\/a>/g;
s/[<bB>]*trans[-<\/bB>]*\n*[ <bB>]*port[<\/bB>]*\(5\)/<a href="transport.5.html">$&<\/a>/g;
s/[<bB>]*verify[<\/bB>]*\(8\)/<a href="verify.8.html">$&<\/a>/g;
s/[<bB>]*vir[-<\/bB>]*\n*[ <bB>]*tual[<\/bB>]*\(5\)/<a href="virtual.5.html">$&<\/a>/g;

8
postfix/proto/DATABASE_README.html
View File

@ -120,7 +120,8 @@ and are easy to debug with the postmap(1) command: </p>
</blockquote>
<p> Once you have local files working properly you can follow the
instructions in ldap_table(5), mysql_table(5) or pgsql_table(5)
instructions in ldap_table(5), mysql_table(5), pgsql_table(5)
or sqlite_table(5)
and replace local file lookups with LDAP or SQL lookups. When you
do this, you should use the postmap(1) command again, to verify
that database lookups still produce the exact same results as local
@ -358,6 +359,11 @@ created with the postmap(1) or postalias(1) command. The lookup
table name as used in "sdbm:table" is the database file name without
the ".dir" or ".pag" suffix. </dd>
<dt> <b>sqlite</b> (read-only) </dt>
<dd> Perform SQLite database lookups. Configuration details are given
in sqlite_table(5). </dd>
<dt> <b>static</b> (read-only) </dt>
<dd> Always returns its lookup table name as lookup result. For

3
postfix/proto/INSTALL.html
View File

@ -261,6 +261,9 @@ Postfix 2.0 </td> </tr>
<tr> <td> SASL authentication </td> <td>SASL_README</td> <td>
Postfix 1.0 </td> </tr>
<tr> <td> SQLite database</td> <td>SQLITE_README</td> <td> Postfix
2.8 </td> </tr>
<tr> <td> STARTTLS session encryption </td> <td>TLS_README</td> <td>
Postfix 2.2 </td> </tr>

8
postfix/proto/Makefile.in
View File

@ -35,6 +35,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \
../html/SMTPD_POLICY_README.html \
../html/SMTPD_PROXY_README.html \
../html/SOHO_README.html \
../html/SQLITE_README.html \
../html/STANDARD_CONFIGURATION_README.html \
../html/STRESS_README.html \
../html/TLS_README.html ../html/TLS_LEGACY_README.html \
@ -73,6 +74,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \
../README_FILES/SMTPD_ACCESS_README \
../README_FILES/SMTPD_POLICY_README ../README_FILES/SMTPD_PROXY_README \
../README_FILES/SOHO_README \
../README_FILES/SQLITE_README \
../README_FILES/STANDARD_CONFIGURATION_README \
../README_FILES/STRESS_README \
../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \
@ -246,6 +248,9 @@ clobber:
../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(POSTLINK) >$@
../html/SQLITE_README.html: SQLITE_README.html
$(POSTLINK) $? >$@
../html/STANDARD_CONFIGURATION_README.html: STANDARD_CONFIGURATION_README.html
$(POSTLINK) $? >$@
@ -396,6 +401,9 @@ clobber:
../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(HT2READ) >$@
../README_FILES/SQLITE_README: SQLITE_README.html
$(HT2READ) $? >$@
../README_FILES/STANDARD_CONFIGURATION_README: STANDARD_CONFIGURATION_README.html
$(HT2READ) $? >$@

96
postfix/proto/SQLITE_README.html Normal file
View File

@ -0,0 +1,96 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix SQLite Howto</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SQLite Howto</h1>
<hr>
<h2>Introduction</h2>
<p> The Postfix sqlite map type allows you to hook up Postfix to a
SQLite database. This implementation allows for multiple sqlite
databases: you can use one for a virtual(5) table, one for an
access(5) table, and one for an aliases(5) table if you want. </p>
<h2>Building Postfix with SQLite support</h2>
<p> The Postfix SQLite client utilizes the sqlite3 library,
which can be obtained from: </p>
<blockquote>
<p> http://www.sqlite.org/ </p>
</blockquote>
<p> In order to build Postfix with sqlite map support, you will need to add
-DHAS_SQLITE and -I for the directory containing the sqlite headers, and
the sqlite3 library to AUXLIBS, for example: </p>
<blockquote>
<pre>
make -f Makefile.init makefiles \
'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
</pre>
</blockquote>
<p> Then, just run 'make'.</p>
<h2>Using SQLite tables</h2>
<p> Once Postfix is built with sqlite support, you can specify a
map type in main.cf like this: </p>
<blockquote>
<pre>
alias_maps = sqlite:/etc/postfix/sqlite-aliases.cf
</pre>
</blockquote>
<p> The file /etc/postfix/sqlite-aliases.cf specifies lots of
information telling Postfix how to reference the sqlite database.
For a complete description, see the sqlite_table(5) manual page. </p>
<h2>Example: local aliases </h2>
<pre>
#
# sqlite config file for local(8) aliases(5) lookups
#
# Path to database
dbpath = /some/path/to/sqlite_database
# See sqlite_table(5) for details.
query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
</pre>
<h2>Additional notes</h2>
<p> The SQLite configuration interface setup allows for multiple
sqlite databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
<h2>Credits</h2>
<ul>
<li>Implementation by Axel Steiner</li>
<li>Documentation by Jesus Garcia Crespo</li>
</ul>
</body>
</html>

10
postfix/proto/ldap_table
View File

@ -48,14 +48,8 @@
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
# These include features that were previously available only in the
# Postfix LDAP client. This work also created an opportunity for
# improvements in the LDAP interface. The primary compatibility
# issue is that \fBresult_filter\fR (a name that has caused some
# confusion as to its meaning in the past) has been renamed to
# \fBresult_format\fR. For backwards compatibility with the pre
# 2.2 LDAP client, \fBresult_filter\fR can for now be used instead
# For backwards compatibility with the pre
# 2.2 LDAP clients, \fBresult_filter\fR can for now be used instead
# of \fBresult_format\fR, when the latter parameter is not also set.
# The new name better reflects the function of the parameter. This
# compatibility interface may be removed in a future release.

19
postfix/proto/mysql_table
View File

@ -38,16 +38,14 @@
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
# these include features previously available only in the Postfix
# LDAP client. In the new interface the SQL query is specified via
# a single \fBquery\fR parameter (described in more detail below).
# When the new \fBquery\fR parameter is not specified in the map
# definition, Postfix reverts to the old interface, with the SQL
# query constructed from the \fBselect_field\fR, \fBtable\fR,
# \fBwhere_field\fR and \fBadditional_conditions\fR parameters.
# The old interface will be gradually phased out. To migrate to
# the new interface set:
# Normally, the SQL query is specified via a single \fBquery\fR
# parameter (described in more detail below). When this
# parameter is not specified in the map definition, Postfix
# reverts to an older interface, with the SQL query constructed
# from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
# and \fBadditional_conditions\fR parameters. The old interface
# will be gradually phased out. To migrate to the new interface
# set:
#
# .nf
# \fBquery\fR = SELECT [\fIselect_field\fR]
@ -294,6 +292,7 @@
# postconf(5), configuration parameters
# ldap_table(5), LDAP lookup tables
# pgsql_table(5), PostgreSQL lookup tables
# sqlite_table(5), SQLite lookup tables
# README FILES
# .ad
# .fi

21
postfix/proto/pgsql_table
View File

@ -40,18 +40,14 @@
# Support for this form will be removed in a future Postfix
# version.
#
# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
# these include features previously available only in the Postfix
# LDAP client. In the new interface the SQL query is specified via
# a single \fBquery\fR parameter (described in more detail below).
# In Postfix 2.1 the parameter precedence was, from highest to lowest,
# \fBselect_function\fR, \fBquery\fR and finally \fBselect_field\fR, ...
#
# With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
# and is used in preference to the still supported, but slated to be
# phased out, \fBselect_function\fR, \fBselect_field\fR, \fBtable\fR,
# \fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
# migrate to the new interface set:
# Normally, the SQL query is specified via a single \fBquery\fR
# parameter (described in more detail below). When this
# parameter is not specified in the map definition, Postfix
# reverts to an older interface, with the SQL query
# constructed from the \fBselect_function\fR, \fBselect_field\fR,
# \fBtable\fR, \fBwhere_field\fR and \fBadditional_conditions\fR
# parameters. The old interface will be gradually phased
# out. To migrate to the new interface set:
#
# .nf
# \fBquery\fR = SELECT \fIselect_function\fR('%s')
@ -318,6 +314,7 @@
# postconf(5), configuration parameters
# ldap_table(5), LDAP lookup tables
# mysql_table(5), MySQL lookup tables
# sqlite_table(5), SQLite lookup tables
# README FILES
# .ad
# .fi

8
postfix/proto/postconf.proto
View File

@ -9404,10 +9404,10 @@ The default is "no"; this prevents Postfix from trusting third-party
certificates and giving them relay permission with
permit_tls_all_clientcerts. </p>
<p> This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
later versions. Specify "tls_append_default_CA = yes" for backwards
compatibility, to avoid breaking certificate verification with sites
that don't use permit_tls_all_clientcerts. </p>
<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
backwards compatibility, to avoid breaking certificate verification
with sites that don't use permit_tls_all_clientcerts. </p>
%PARAM tls_random_exchange_name see "postconf -d" output

281
postfix/proto/sqlite_table Normal file
View File

@ -0,0 +1,281 @@
#++
# NAME
# sqlite_table 5
# SUMMARY
# Postfix SQLite configuration
# SYNOPSIS
# \fBpostmap -q "\fIstring\fB" sqlite:/etc/postfix/filename\fR
#
# \fBpostmap -q - sqlite:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
# The Postfix mail system uses optional tables for address
# rewriting or mail routing. These tables are usually in
# \fBdbm\fR or \fBdb\fR format.
#
# Alternatively, lookup tables can be specified as SQLite databases.
# In order to use SQLite lookups, define a SQLite source as a lookup
# table in main.cf, for example:
# .nf
# alias_maps = sqlite:/etc/sqlite-aliases.cf
# .fi
#
# The file /etc/postfix/sqlite-aliases.cf has the same format as
# the Postfix main.cf file, and can specify the parameters
# described below.
# BACKWARDS COMPATIBILITY
# .ad
# .fi
# For compatibility with other Postfix lookup tables, SQLite
# parameters can also be defined in main.cf. In order to do that,
# specify as SQLite source a name that doesn't begin with a slash
# or a dot. The SQLite parameters will then be accessible as the
# name you've given the source in its definition, an underscore,
# and the name of the parameter. For example, if the map is
# specified as "sqlite:\fIsqlitename\fR", the parameter "query"
# below would be defined in main.cf as "\fIsqlitename\fR_query".
#
# Normally, the SQL query is specified via a single \fBquery\fR
# parameter (described in more detail below). When this
# parameter is not specified in the map definition, Postfix
# reverts to an older interface, with the SQL query constructed
# from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
# and \fBadditional_conditions\fR parameters. The old interface
# will be gradually phased out. To migrate to the new interface
# set:
#
# .nf
# \fBquery\fR = SELECT [\fIselect_field\fR]
# FROM [\fItable\fR]
# WHERE [\fIwhere_field\fR] = '%s'
# [\fIadditional_conditions\fR]
# .fi
#
# Insert the value, not the name, of each legacy parameter. Note
# that the \fBadditional_conditions\fR parameter is optional
# and if not empty, will always start with \fBAND\fR.
# LIST MEMBERSHIP
# .ad
# .fi
# When using SQL to store lists such as $mynetworks,
# $mydestination, $relay_domains, $local_recipient_maps,
# etc., it is important to understand that the table must
# store each list member as a separate key. The table lookup
# verifies the *existence* of the key. See "Postfix lists
# versus tables" in the DATABASE_README document for a
# discussion.
#
# Do NOT create tables that return the full list of domains
# in $mydestination or $relay_domains etc., or IP addresses
# in $mynetworks.
#
# DO create tables with each matching item as a key and with
# an arbitrary value. With SQL databases it is not uncommon to
# return the key itself or a constant value.
# SQLITE PARAMETERS
# .ad
# .fi
# .IP "\fBdbpath\fR"
# The SQLite database file location. Example:
# .nf
# dbpath = customer_database
# .fi
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve,
# e.g.
# .nf
# query = SELECT replacement FROM aliases WHERE mailbox = '%s'
# .fi
#
# This parameter supports the following '%' expansions:
# .RS
# .IP "\fB\fB%%\fR\fR"
# This is replaced by a literal '%' character.
# .IP "\fB\fB%s\fR\fR"
# This is replaced by the input key.
# SQL quoting is used to make sure that the input key does not
# add unexpected metacharacters.
# .IP "\fB\fB%u\fR\fR"
# When the input key is an address of the form user@domain, \fB%u\fR
# is replaced by the SQL quoted local part of the address.
# Otherwise, \fB%u\fR is replaced by the entire search string.
# If the localpart is empty, the query is suppressed and returns
# no results.
# .IP "\fB\fB%d\fR\fR"
# When the input key is an address of the form user@domain, \fB%d\fR
# is replaced by the SQL quoted domain part of the address.
# Otherwise, the query is suppressed and returns no results.
# .IP "\fB\fB%[SUD]\fR\fR"
# The upper-case equivalents of the above expansions behave in the
# \fBquery\fR parameter identically to their lower-case counter-parts.
# With the \fBresult_format\fR parameter (see below), they expand the
# input key rather than the result value.
# .IP "\fB\fB%[1-9]\fR\fR"
# The patterns %1, %2, ... %9 are replaced by the corresponding
# most significant component of the input key's domain. If the
# input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
# %2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
# unqualified or does not have enough domain components to satisfy
# all the specified patterns, the query is suppressed and returns
# no results.
# .RE
# .IP
# The \fBdomain\fR parameter described below limits the input
# keys to addresses in matching domains. When the \fBdomain\fR
# parameter is non-empty, SQL queries for unqualified addresses
# or addresses in non-matching domains are suppressed
# and return no results.
#
# This parameter is available with Postfix 2.2. In prior releases
# the SQL query was built from the separate parameters:
# \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
# \fBadditional_conditions\fR. The mapping from the old parameters
# to the equivalent query is:
#
# .nf
# SELECT [\fBselect_field\fR]
# FROM [\fBtable\fR]
# WHERE [\fBwhere_field\fR] = '%s'
# [\fBadditional_conditions\fR]
# .fi
#
# The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
# With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
# parameter is not specified.
#
# NOTE: DO NOT put quotes around the query parameter.
# .IP "\fBresult_format (default: \fB%s\fR)\fR"
# Format template applied to result attributes. Most commonly used
# to append (or prepend) text to the result. This parameter supports
# the following '%' expansions:
# .RS
# .IP "\fB\fB%%\fR\fR"
# This is replaced by a literal '%' character.
# .IP "\fB\fB%s\fR\fR"
# This is replaced by the value of the result attribute. When
# result is empty it is skipped.
# .IP "\fB%u\fR
# When the result attribute value is an address of the form
# user@domain, \fB%u\fR is replaced by the local part of the
# address. When the result has an empty localpart it is skipped.
# .IP "\fB\fB%d\fR\fR"
# When a result attribute value is an address of the form
# user@domain, \fB%d\fR is replaced by the domain part of
# the attribute value. When the result is unqualified it
# is skipped.
# .IP "\fB\fB%[SUD1-9]\fR\fB"
# The upper-case and decimal digit expansions interpolate
# the parts of the input key rather than the result. Their
# behavior is identical to that described with \fBquery\fR,
# and in fact because the input key is known in advance, queries
# whose key does not contain all the information specified in
# the result template are suppressed and return no results.
# .RE
# .IP
# For example, using "result_format = smtp:[%s]" allows one
# to use a mailHost attribute as the basis of a transport(5)
# table. After applying the result format, multiple values
# are concatenated as comma separated strings. The expansion_limit
# and parameter explained below allows one to restrict the number
# of values in the result, which is especially useful for maps that
# must return at most one value.
#
# The default value \fB%s\fR specifies that each result value should
# be used as is.
#
# This parameter is available with Postfix 2.2 and later.
#
# NOTE: DO NOT put quotes around the result format!
# .IP "\fBdomain (default: no domain list)\fR"
# This is a list of domain names, paths to files, or
# dictionaries. When specified, only fully qualified search
# keys with a *non-empty* localpart and a matching domain
# are eligible for lookup: 'user' lookups, bare domain lookups
# and "@domain" lookups are not performed. This can significantly
# reduce the query load on the SQLite server.
# .nf
# domain = postfix.org, hash:/etc/postfix/searchdomains
# .fi
#
# It is best not to use SQL to store the domains eligible
# for SQL lookups.
#
# This parameter is available with Postfix 2.2 and later.
#
# NOTE: DO NOT define this parameter for local(8) aliases,
# because the input keys are always unqualified.
# .IP "\fBexpansion_limit (default: 0)\fR"
# A limit on the total number of result elements returned
# (as a comma separated list) by a lookup against the map.
# A setting of zero disables the limit. Lookups fail with a
# temporary error if the limit is exceeded. Setting the
# limit to 1 ensures that lookups do not return multiple
# values.
# OBSOLETE QUERY INTERFACE
# .ad
# .fi
# This section describes an interface that is deprecated as
# of Postfix 2.2. It is replaced by the more general \fBquery\fR
# interface described above. If the \fBquery\fR parameter
# is defined, the legacy parameters described here ignored.
# Please migrate to the new interface as the legacy interface
# may be removed in a future release.
#
# The following parameters can be used to fill in a
# SELECT template statement of the form:
#
# .nf
# SELECT [\fBselect_field\fR]
# FROM [\fBtable\fR]
# WHERE [\fBwhere_field\fR] = '%s'
# [\fBadditional_conditions\fR]
# .fi
#
# The specifier %s is replaced by the search string, and is
# escaped so if it contains single quotes or other odd characters,
# it will not cause a parse error, or worse, a security problem.
# .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example:
# .nf
# \fBselect_field\fR = forw_addr
# .fi
# .IP "\fBtable\fR"
# The SQL "select .. from" table name. Example:
# .nf
# \fBtable\fR = mxaliases
# .fi
# .IP "\fBwhere_field\fR
# The SQL "select .. where" parameter. Example:
# .nf
# \fBwhere_field\fR = alias
# .fi
# .IP "\fBadditional_conditions\fR
# Additional conditions to the SQL query. Example:
# .nf
# \fBadditional_conditions\fR = AND status = 'paid'
# .fi
# SEE ALSO
# postmap(1), Postfix lookup table maintenance
# postconf(5), configuration parameters
# ldap_table(5), LDAP lookup tables
# mysql_table(5), MySQL lookup tables
# pgsql_table(5), PostgreSQL lookup tables
# README FILES
# .ad
# .fi
# Use "\fBpostconf readme_directory\fR" or
# "\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
# DATABASE_README, Postfix lookup table overview
# SQLITE_README, Postfix SQLITE driver
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# HISTORY
# SQLite support was introduced with Postfix version 2.8.
# AUTHOR(S)
# Original implementation by:
# Axel Steiner
#--

14
postfix/src/global/Makefile.in
View File

@ -4,7 +4,7 @@ SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
clnt_stream.c conv_time.c db_common.c debug_peer.c debug_process.c \
defer.c deliver_completed.c deliver_flock.c deliver_pass.c \
deliver_request.c dict_ldap.c dict_mysql.c dict_pgsql.c \
dict_proxy.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
dict_proxy.c dict_sqlite.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
dsb_scan.c dsn.c dsn_buf.c dsn_mask.c dsn_print.c dsn_util.c \
ehlo_mask.c ext_prop.c file_id.c flush_clnt.c header_opts.c \
header_token.c input_transp.c int_filt.c is_header.c log_adhoc.c \
@ -35,7 +35,7 @@ OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
dict_proxy.o dict_sqlite.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
header_token.o input_transp.o int_filt.o is_header.o log_adhoc.o \
@ -65,7 +65,7 @@ HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \
dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h \
dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h dict_sqlite.h domain_list.h \
dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \
dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \
file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \
@ -832,6 +832,13 @@ dict_mysql.o: db_common.h
dict_mysql.o: dict_mysql.c
dict_mysql.o: dict_mysql.h
dict_mysql.o: string_list.h
dict_sqlite.o: ../../include/dict.h
dict_sqlite.o: ../../include/msg.h
dict_sqlite.o: ../../include/sys_defs.h
dict_sqlite.o: cfg_parser.h
dict_sqlite.o: db_common.h
dict_sqlite.o: dict_sqlite.c
dict_sqlite.o: dict_sqlite.h
dict_pgsql.o: ../../include/argv.h
dict_pgsql.o: ../../include/dict.h
dict_pgsql.o: ../../include/events.h
@ -1239,6 +1246,7 @@ mail_dict.o: dict_ldap.h
mail_dict.o: dict_mysql.h
mail_dict.o: dict_pgsql.h
mail_dict.o: dict_proxy.h
mail_dict.o: dict_sqlite.h
mail_dict.o: mail_dict.c
mail_dict.o: mail_dict.h
mail_error.o: ../../include/name_mask.h

4
postfix/src/global/db_common.c
View File

@ -161,13 +161,13 @@ typedef struct {
STRING_LIST *domain;
int flags;
int nparts;
} DB_COMMON_CTX;
} DB_COMMON_CTX;
/* db_common_parse - validate query or result template */
int db_common_parse(DICT *dict, void **ctxPtr, const char *format, int query)
{
DB_COMMON_CTX *ctx = (DB_COMMON_CTX *) * ctxPtr;
DB_COMMON_CTX *ctx = (DB_COMMON_CTX *) *ctxPtr;
const char *cp;
int dynamic = 0;

32
postfix/src/global/dict_mysql.c
View File

@ -31,7 +31,7 @@
/* main.cf configuration parameters for this search.
/*
/* In the first case, the configuration parameters below are
/* specified in the file as \fIname\fR=\fBvalue\fR pairs.
/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
/*
/* In the second case, the configuration parameters are
/* prefixed with the value of \fIname\fR and an underscore,
@ -47,29 +47,25 @@
/* See dict_open(3).
/* .PP
/* Configuration parameters:
/*
/* The parameters encodes a number of pieces of information:
/* username, password, databasename, table, select_field,
/* where_field, and hosts:
/* .IP \fIuser\fR
/* .IP user
/* Username for connecting to the database.
/* .IP \fIpassword\fR
/* .IP password
/* Password for the above.
/* .IP \fIdbname\fR
/* .IP dbname
/* Name of the database.
/* .IP \fIdomain\fR
/* .IP domain
/* List of domains the queries should be restricted to. If
/* specified, only FQDN addresses whose domain parts matching this
/* list will be queried against the SQL database. Lookups for
/* partial addresses are also supressed. This can significantly
/* reduce the query load on the server.
/* .IP \fIquery\fR
/* .IP query
/* Query template, before the query is actually issued, variable
/* substitutions are performed. See mysql_table(5) for details. If
/* No query is specified, the legacy variables \fItable\fR,
/* \fIselect_field\fR, \fIwhere_field\fR and \fIadditional_conditions\fR
/* are used to construct the query template.
/* .IP \fIresult_format\fR
/* .IP result_format
/* The format used to expand results from queries. Substitutions
/* are performed as described in mysql_table(5). Defaults to returning
/* the lookup result unchanged.
@ -78,22 +74,22 @@
/* exceed the limit fail with dict_errno=DICT_ERR_RETRY. Note that each
/* non-empty (and non-NULL) column of a multi-column result row counts as
/* one result.
/* .IP \fItable\fR
/* .IP table
/* When \fIquery\fR is not set, name of the table used to construct the
/* query string. This provides compatibility with older releases.
/* .IP \fIselect_field\fR
/* .IP select_field
/* When \fIquery\fR is not set, name of the result field used to
/* construct the query string. This provides compatibility with older
/* releases.
/* .IP \fIwhere_field\fR
/* .IP where_field
/* When \fIquery\fR is not set, name of the where clause field used to
/* construct the query string. This provides compatibility with older
/* releases.
/* .IP \fIadditional_conditions\fR
/* .IP additional_conditions
/* When \fIquery\fR is not set, additional where clause conditions used
/* to construct the query string. This provides compatibility with older
/* releases.
/* .IP \fIhosts\fR
/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of
@ -117,10 +113,10 @@
/* \fIwhere_field\fR = \fBalias\fR
/* .br
/* \fIhosts\fR = \fBhost1.some.domain\fR \fBhost2.some.domain\fR
/* .IP \fIadditional_conditions\fR
/* .IP additional_conditions
/* Backward compatibility when \fIquery\fR is not set, additional
/* conditions to the WHERE clause.
/* .IP \fIhosts\fR
/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of

30
postfix/src/global/dict_pgsql.c
View File

@ -32,7 +32,7 @@
/* obtain main.cf configuration parameters for this search.
/*
/* In the first case, the configuration parameters below are
/* specified in the file as \fIname\fR=\fBvalue\fR pairs.
/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
/*
/* In the second case, the configuration parameters are
/* prefixed with the value of \fIname\fR and an underscore,
@ -48,29 +48,25 @@
/*
/* .PP
/* Configuration parameters:
/*
/* The parameters encode a number of pieces of information:
/* username, password, databasename, table, select_field,
/* where_field, and hosts:
/* .IP \fIuser\fR
/* .IP user
/* Username for connecting to the database.
/* .IP \fIpassword\fR
/* .IP password
/* Password for the above.
/* .IP \fIdbname\fR
/* .IP dbname
/* Name of the database.
/* .IP \fIquery\fR
/* .IP query
/* Query template. If not defined a default query template is constructed
/* from the legacy \fIselect_function\fR or failing that the \fItable\fR,
/* \fIselect_field\fR, \fIwhere_field\fR, and \fIadditional_conditions\fR
/* parameters. Before the query is issues, variable substitutions are
/* performed. See pgsql_table(5).
/* .IP \fIdomain\fR
/* .IP domain
/* List of domains the queries should be restricted to. If
/* specified, only FQDN addresses whose domain parts matching this
/* list will be queried against the SQL database. Lookups for
/* partial addresses are also supressed. This can significantly
/* reduce the query load on the server.
/* .IP \fIresult_format\fR
/* .IP result_format
/* The format used to expand results from queries. Substitutions
/* are performed as described in pgsql_table(5). Defaults to returning
/* the lookup result unchanged.
@ -79,24 +75,24 @@
/* exceed the limit fail with dict_errno=DICT_ERR_RETRY. Note that each
/* non-empty (and non-NULL) column of a multi-column result row counts as
/* one result.
/* .IP \fIselect_function\fR
/* .IP select_function
/* When \fIquery\fR is not defined, the function to be used instead of
/* the default query based on the legacy \fItable\fR, \fIselect_field\fR,
/* \fIwhere_field\fR, and \fIadditional_conditions\fR parameters.
/* .IP \fItable\fR
/* .IP table
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* FROM table used to construct the default query template, see pgsql_table(5).
/* .IP \fIselect_field\fR
/* .IP select_field
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* SELECT field used to construct the default query template, see pgsql_table(5).
/* .IP \fIwhere_field\fR
/* .IP where_field
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* WHERE field used to construct the default query template, see pgsql_table(5).
/* .IP \fIadditional_conditions\fR
/* .IP additional_conditions
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* additional text to add to the WHERE field in the default query template (this
/* usually begins with "and") see pgsql_table(5).
/* .IP \fIhosts\fR
/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of

303
postfix/src/global/dict_sqlite.c Normal file
View File

@ -0,0 +1,303 @@
/*++
/* NAME
/* dict_sqlite 3
/* SUMMARY
/* dictionary manager interface to SQLite3 databases
/* SYNOPSIS
/* #include <dict_sqlite.h>
/*
/* DICT *dict_sqlite_open(name, open_flags, dict_flags)
/* const char *name;
/* int open_flags;
/* int dict_flags;
/* DESCRIPTION
/* dict_sqlite_open() creates a dictionary of type 'sqlite'.
/* This dictionary is an interface for the postfix key->value
/* mappings to SQLite. The result is a pointer to the installed
/* dictionary, or a null pointer in case of problems.
/* .PP
/* Arguments:
/* .IP name
/* Either the path to the SQLite configuration file (if it
/* starts with '/' or '.'), or the prefix which will be used
/* to obtain main.cf configuration parameters for this search.
/*
/* In the first case, the configuration parameters below are
/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
/*
/* In the second case, the configuration parameters are prefixed
/* with the value of \fIname\fR and an underscore, and they
/* are specified in main.cf. For example, if this value is
/* \fIsqlitecon\fR, the parameters would look like
/* \fIsqlitecon_dbpath\fR, \fIsqlitecon_query\fR, and so on.
/* .IP open_flags
/* Must be O_RDONLY.
/* .IP dict_flags
/* See dict_open(3).
/* .PP
/* Configuration parameters:
/* .IP dbpath
/* Path to SQLite database
/* .IP query
/* Query template, before the query is actually issued, variable
/* substitutions are performed. See sqlite_table(5) for details.
/* .IP result_format
/* The format used to expand results from queries. Substitutions
/* are performed as described in sqlite_table(5). Defaults to
/* returning the lookup result unchanged.
/* .IP expansion_limit
/* Limit (if any) on the total number of lookup result values.
/* Lookups which exceed the limit fail with dict_errno=DICT_ERR_RETRY.
/* Note that each non-empty (and non-NULL) column of a
/* multi-column result row counts as one result.
/* .IP "select_field, where_field, additional_conditions"
/* Legacy query interface.
/* SEE ALSO
/* dict(3) generic dictionary manager
/* AUTHOR(S)
/* Axel Steiner
/* ast@treibsand.com
/*--*/
/* System library. */
#include <sys_defs.h>
#include <string.h>
#ifdef HAS_SQLITE
#include <sqlite3.h>
#if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005004)
#error "Your SQLite version is too old"
#endif
/* Utility library. */
#include <msg.h>
#include <dict.h>
#include <vstring.h>
#include <stringops.h>
#include <mymalloc.h>
/* Global library. */
#include <cfg_parser.h>
#include <db_common.h>
/* Application-specific. */
#include <dict_sqlite.h>
typedef struct {
DICT dict; /* generic member */
CFG_PARSER *parser; /* common parameter parser */
sqlite3 *db; /* sqlite handle */
char *query; /* db_common_expand() query */
char *result_format; /* db_common_expand() result_format */
void *ctx; /* db_common_parse() context */
char *dbpath; /* dbpath config attribute */
int expansion_limit; /* expansion_limit config attribute */
} DICT_SQLITE;
/* dict_sqlite_quote - escape SQL metacharacters in input string */
static void dict_sqlite_quote(DICT *dict, const char *name, VSTRING *result)
{
char *q;
q = sqlite3_mprintf("%q", name);
/* Fix 20100616 */
if (q == 0)
msg_fatal("dict_sqlite_quote: out of memory");
vstring_strcat(result, q);
sqlite3_free(q);
}
/* dict_sqlite_close - close the database */
static void dict_sqlite_close(DICT *dict)
{
const char *myname = "dict_sqlite_close";
DICT_SQLITE *dict_sqlite = (DICT_SQLITE *) dict;
if (msg_verbose)
msg_info("%s: %s", myname, dict_sqlite->parser->name);
if (sqlite3_close(dict_sqlite->db) != SQLITE_OK)
msg_fatal("%s: close %s failed", myname, dict_sqlite->parser->name);
cfg_parser_free(dict_sqlite->parser);
myfree(dict_sqlite->dbpath);
myfree(dict_sqlite->query);
myfree(dict_sqlite->result_format);
if (dict_sqlite->ctx)
db_common_free_ctx(dict_sqlite->ctx);
if (dict->fold_buf)
vstring_free(dict->fold_buf);
dict_free(dict);
}
/* dict_sqlite_lookup - find database entry */
static const char *dict_sqlite_lookup(DICT *dict, const char *name)
{
const char *myname = "dict_sqlite_lookup";
DICT_SQLITE *dict_sqlite = (DICT_SQLITE *) dict;
sqlite3_stmt *sql;
const char *zErrMsg;
static VSTRING *query;
static VSTRING *result;
const char *r;
int expansion = 0;
int status;
/*
* Don't frustrate future attempts to make Postfix UTF-8 transparent.
*/
if (!valid_utf_8(name, strlen(name))) {
if (msg_verbose)
msg_info("%s: %s: Skipping lookup of non-UTF-8 key '%s'",
myname, dict_sqlite->parser->name, name);
return (0);
}
/*
* Optionally fold the key.
*/
if (dict->flags & DICT_FLAG_FOLD_FIX) {
if (dict->fold_buf == 0)
dict->fold_buf = vstring_alloc(10);
vstring_strcpy(dict->fold_buf, name);
name = lowercase(vstring_str(dict->fold_buf));
}
/*
* Domain filter for email address lookups.
*/
if (db_common_check_domain(dict_sqlite->ctx, name) == 0) {
if (msg_verbose)
msg_info("%s: %s: Skipping lookup of '%s'",
myname, dict_sqlite->parser->name, name);
return (0);
}
/*
* Expand the query and query the database.
*/
#define INIT_VSTR(buf, len) do { \
if (buf == 0) \
buf = vstring_alloc(len); \
VSTRING_RESET(buf); \
VSTRING_TERMINATE(buf); \
} while (0)
INIT_VSTR(query, 10);
if (!db_common_expand(dict_sqlite->ctx, dict_sqlite->query,
name, 0, query, dict_sqlite_quote))
return (0);
if (msg_verbose)
msg_info("%s: %s: Searching with query %s",
myname, dict_sqlite->parser->name, vstring_str(query));
if (sqlite3_prepare_v2(dict_sqlite->db, vstring_str(query), -1,
&sql, &zErrMsg) != SQLITE_OK) {
msg_fatal("%s: %s: SQL prepare failed: %s\n",
myname, dict_sqlite->parser->name,
sqlite3_errmsg(dict_sqlite->db));
}
/*
* Retrieve and expand the result(s).
*/
INIT_VSTR(result, 10);
while ((status = sqlite3_step(sql)) == SQLITE_ROW) {
if (db_common_expand(dict_sqlite->ctx, dict_sqlite->result_format,
(char *) sqlite3_column_text(sql, 0),
name, result, 0)
&& dict_sqlite->expansion_limit > 0
&& ++expansion > dict_sqlite->expansion_limit) {
msg_warn("%s: %s: Expansion limit exceeded for key: '%s'",
myname, dict_sqlite->parser->name, name);
dict_errno = DICT_ERR_RETRY;
break;
}
}
/* Fix 20100616 */
if (status != SQLITE_ROW && status != SQLITE_DONE) {
msg_warn("%s: %s: sql step for %s; %s\n",
myname, dict_sqlite->parser->name,
vstring_str(query), sqlite3_errmsg(dict_sqlite->db));
dict_errno = DICT_ERR_RETRY;
}
/*
* Clean up.
*/
if (sqlite3_finalize(sql))
msg_fatal("%s: %s: SQL finalize for %s; %s\n",
myname, dict_sqlite->parser->name,
vstring_str(query), sqlite3_errmsg(dict_sqlite->db));
r = vstring_str(result);
return ((dict_errno == 0 && *r) ? r : 0);
}
/* sqlite_parse_config - parse sqlite configuration file */
static void sqlite_parse_config(DICT_SQLITE *dict_sqlite, const char *sqlitecf)
{
CFG_PARSER *p;
VSTRING *buf;
p = dict_sqlite->parser = cfg_parser_alloc(sqlitecf);
dict_sqlite->dbpath = cfg_get_str(p, "dbpath", "", 1, 0);
dict_sqlite->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
if ((dict_sqlite->query = cfg_get_str(p, "query", NULL, 0, 0)) == 0) {
buf = vstring_alloc(64);
db_common_sql_build_query(buf, p);
dict_sqlite->query = vstring_export(buf);
}
dict_sqlite->expansion_limit = cfg_get_int(p, "expansion_limit", 0, 0, 0);
dict_sqlite->ctx = 0;
(void) db_common_parse(&dict_sqlite->dict, &dict_sqlite->ctx, dict_sqlite->query, 1);
(void) db_common_parse(0, &dict_sqlite->ctx, dict_sqlite->result_format, 0);
db_common_parse_domain(p, dict_sqlite->ctx);
if (dict_sqlite->dict.flags & DICT_FLAG_FOLD_FIX)
dict_sqlite->dict.fold_buf = vstring_alloc(10);
}
/* dict_sqlite_open - open sqlite database */
DICT *dict_sqlite_open(const char *name, int open_flags, int dict_flags)
{
DICT_SQLITE *dict_sqlite;
/*
* Sanity checks.
*/
if (open_flags != O_RDONLY)
msg_fatal("%s:%s map requires O_RDONLY access mode",
DICT_TYPE_SQLITE, name);
dict_sqlite = (DICT_SQLITE *) dict_alloc(DICT_TYPE_SQLITE, name,
sizeof(DICT_SQLITE));
dict_sqlite->dict.lookup = dict_sqlite_lookup;
dict_sqlite->dict.close = dict_sqlite_close;
dict_sqlite->dict.flags = dict_flags;
dict_sqlite->dict.flags |= DICT_FLAG_FIXED;
sqlite_parse_config(dict_sqlite, name);
if (sqlite3_open(dict_sqlite->dbpath, &dict_sqlite->db)) {
msg_fatal("Can't open database: %s\n", sqlite3_errmsg(dict_sqlite->db));
sqlite3_close(dict_sqlite->db);
}
return (DICT_DEBUG (&dict_sqlite->dict));
}
#endif

32
postfix/src/global/dict_sqlite.h Normal file
View File

@ -0,0 +1,32 @@
#ifndef _DICT_SQLITE_H_INCLUDED_
#define _DICT_SQLITE_H_INCLUDED_
/*++
/* NAME
/* dict_sqlite 3h
/* SUMMARY
/* dictionary manager interface to sqlite databases
/* SYNOPSIS
/* #include <dict_sqlite.h>
/* DESCRIPTION
/* .nf
/*
* Utility library.
*/
#include <dict.h>
/*
* External interface.
*/
#define DICT_TYPE_SQLITE "sqlite"
extern DICT *dict_sqlite_open(const char *, int, int);
/* AUTHOR(S)
/* Axel Steiner
/* ast@treibsand.com
/*--*/
#endif

4
postfix/src/global/mail_dict.c
View File

@ -36,6 +36,7 @@
#include <dict_ldap.h>
#include <dict_mysql.h>
#include <dict_pgsql.h>
#include <dict_sqlite.h>
#include <mail_dict.h>
typedef struct {
@ -53,6 +54,9 @@ static const DICT_OPEN_INFO dict_open_info[] = {
#endif
#ifdef HAS_PGSQL
DICT_TYPE_PGSQL, dict_pgsql_open,
#endif
#ifdef HAS_SQLITE
DICT_TYPE_SQLITE, dict_sqlite_open,
#endif
0,
};

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20100615"
#define MAIL_RELEASE_DATE "20100617"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT

1
postfix/src/master/master.h
View File

@ -66,6 +66,7 @@ typedef struct MASTER_SERV {
#define MASTER_FLAG_LOCAL_ONLY (1<<4) /* no remote clients */
#define MASTER_THROTTLED(f) ((f)->flags & MASTER_FLAG_THROTTLE)
#define MASTER_MARKED_FOR_DELETION(f) ((f)->flags & MASTER_FLAG_MARK)
#define MASTER_LIMIT_OK(limit, count) ((limit) == 0 || ((count) < (limit)))

21
postfix/src/master/master_spawn.c
View File

@ -304,18 +304,25 @@ void master_reap_child(void)
(char *) &pid, sizeof(pid))) == 0)
msg_panic("master_reap: unknown pid: %d", pid);
serv = proc->serv;
#define MASTER_KILL_SIGNAL SIGTERM
#define MASTER_SENT_SIGNAL(serv, status) \
(MASTER_MARKED_FOR_DELETION(serv) \
&& WTERMSIG(status) == MASTER_KILL_SIGNAL)
if (!NORMAL_EXIT_STATUS(status)) {
if (WIFEXITED(status))
msg_warn("process %s pid %d exit status %d",
serv->path, pid, WEXITSTATUS(status));
if (WIFSIGNALED(status))
if (WIFSIGNALED(status) && !MASTER_SENT_SIGNAL(serv, status))
msg_warn("process %s pid %d killed by signal %d",
serv->path, pid, WTERMSIG(status));
}
if (!NORMAL_EXIT_STATUS(status) && proc->use_count == 0
&& (serv->flags & MASTER_FLAG_THROTTLE) == 0) {
msg_warn("%s: bad command startup -- throttling", serv->path);
master_throttle(serv);
/* master_delete_children() throttles first, then kills. */
if (proc->use_count == 0
&& (serv->flags & MASTER_FLAG_THROTTLE) == 0) {
msg_warn("%s: bad command startup -- throttling", serv->path);
master_throttle(serv);
}
}
master_delete_child(proc);
}
@ -338,7 +345,7 @@ void master_delete_children(MASTER_SERV *serv)
for (info = list = binhash_list(master_child_table); *info; info++) {
proc = (MASTER_PROC *) info[0]->value;
if (proc->serv == serv)
(void) kill(proc->pid, SIGTERM);
(void) kill(proc->pid, MASTER_KILL_SIGNAL);
}
while (serv->total_proc > 0)
master_reap_child();

3
postfix/src/postconf/postconf.c
View File

@ -146,6 +146,9 @@
/* .IP \fBsdbm\fR
/* An indexed file type based on hashing.
/* This is available on systems with support for SDBM databases.
/* .IP "\fBsqlite\fR (read-only)"
/* Perform lookups from SQLite database files. This is described
/* in \fBsqlite_table\fR(5).
/* .IP "\fBstatic\fR (read-only)"
/* A table that always returns its name as lookup result. For example,
/* \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup

1
postfix/src/postfix/postfix.c
View File

@ -245,6 +245,7 @@
/* pcre_table(5), Associate PCRE pattern with value
/* pgsql_table(5), Postfix PostgreSQL client
/* regexp_table(5), Associate POSIX regexp pattern with value
/* slite_table(5), Postfix SQLite database driver
/* tcp_table(5), Postfix client-server table lookup
/*
/* Daemon processes:

2
postfix/src/util/vstring.c
View File

@ -299,7 +299,7 @@ static void vstring_extend(VBUF *bp, ssize_t incr)
* negative length parameters).
*/
new_len = bp->len + (bp->len > incr ? bp->len : incr);
if (new_len < 0)
if (new_len <= bp->len)
msg_fatal("vstring_extend: length overflow");
bp->data = (unsigned char *) myrealloc((char *) bp->data, new_len);
bp->len = new_len;