1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
.TH PGSQL_TABLE 5
.ad
.fi
.SH NAME
pgsql_table
\-
Postfix PostgreSQL client configuration
.SH "SYNOPSIS"
.na
.nf
\fBpostmap \-q "\fIstring\fB" pgsql:/etc/postfix/\fIfilename\fR
\fBpostmap \-q \- pgsql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in
\fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified as PostgreSQL
databases. In order to use PostgreSQL lookups, define a
PostgreSQL source as a lookup table in main.cf, for example:
.nf
alias_maps = pgsql:/etc/pgsql\-aliases.cf
.fi
The file /etc/postfix/pgsql\-aliases.cf has the same format as
the Postfix main.cf file, and can specify the parameters
described below.
.SH "LIST MEMBERSHIP"
.na
.nf
.ad
.fi
When using SQL to store lists such as $mynetworks,
$mydestination, $relay_domains, $local_recipient_maps,
etc., it is important to understand that the table must
store each list member as a separate key. The table lookup
verifies the *existence* of the key. See "Postfix lists
versus tables" in the DATABASE_README document for a
discussion.
Do NOT create tables that return the full list of domains
in $mydestination or $relay_domains etc., or IP addresses
in $mynetworks.
DO create tables with each matching item as a key and with
an arbitrary value. With SQL databases it is not uncommon to
return the key itself or a constant value.
.SH "PGSQL PARAMETERS"
.na
.nf
.ad
.fi
.IP "\fBhosts\fR"
The hosts that Postfix will try to connect to and query
from. Besides a \fBpostgresql://\fR connection URI, this
setting supports the historical forms \fBunix:/\fIpathname\fR
for UNIX\-domain sockets and \fBinet:\fIhost:port\fR for TCP
connections, where the \fBunix:\fR and \fBinet:\fR prefixes
are accepted and ignored for backwards compatibility.
Examples:
.nf
hosts = postgresql://username@example.com/tablename?sslmode=require
hosts = host1.some.domain host2.some.domain:port
hosts = unix:/file/name
.fi
The hosts are tried in random order. The connections are
automatically closed after being idle for about 1 minute,
and are re\-opened as necessary.
.IP "\fBuser, password\fR"
The user name and password to log into the pgsql server.
Example:
.nf
user = someone
password = some_password
.fi
.IP "\fBdbname\fR"
The database name on the servers. Example:
.nf
dbname = customer_database
.fi
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
e.g.
.nf
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
.fi
This parameter supports the following '%' expansions:
.RS
.IP "\fB%%\fR"
This is replaced by a literal '%' character. (Postfix 2.2 and later)
.IP "\fB%s\fR"
This is replaced by the input key.
SQL quoting is used to make sure that the input key does not
add unexpected metacharacters.
.IP "\fB%u\fR"
When the input key is an address of the form user@domain, \fB%u\fR
is replaced by the SQL quoted local part of the address.
Otherwise, \fB%u\fR is replaced by the entire search string.
If the localpart is empty, the query is suppressed and returns
no results.
.IP "\fB%d\fR"
When the input key is an address of the form user@domain, \fB%d\fR
is replaced by the SQL quoted domain part of the address.
Otherwise, the query is suppressed and returns no results.
.IP "\fB%[SUD]\fR"
The upper\-case equivalents of the above expansions behave in the
\fBquery\fR parameter identically to their lower\-case counter\-parts.
With the \fBresult_format\fR parameter (see below), they expand the
input key rather than the result value.
.IP
The above %S, %U and %D expansions are available with Postfix 2.2
and later
.IP "\fB%[1\-9]\fR"
The patterns %1, %2, ... %9 are replaced by the corresponding
most significant component of the input key's domain. If the
input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
unqualified or does not have enough domain components to satisfy
all the specified patterns, the query is suppressed and returns
no results.
.IP
The above %1, ... %9 expansions are available with Postfix 2.2
and later
.RE
.IP
The \fBdomain\fR parameter described below limits the input
keys to addresses in matching domains. When the \fBdomain\fR
parameter is non\-empty, SQL queries for unqualified addresses
or addresses in non\-matching domains are suppressed
and return no results.
The precedence of this parameter has changed with Postfix 2.2,
in prior releases the precedence was, from highest to lowest,
\fBselect_function\fR, \fBquery\fR, \fBselect_field\fR, ...
With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
see COMPATIBILITY above.
NOTE: DO NOT put quotes around the \fBquery\fR parameter.
.IP "\fBresult_format (default: \fB%s\fR)\fR"
Format template applied to result attributes. Most commonly used
to append (or prepend) text to the result. This parameter supports
the following '%' expansions:
.RS
.IP "\fB%%\fR"
This is replaced by a literal '%' character.
.IP "\fB%s\fR"
This is replaced by the value of the result attribute. When
result is empty it is skipped.
.IP "\fB%u\fR
When the result attribute value is an address of the form
user@domain, \fB%u\fR is replaced by the local part of the
address. When the result has an empty localpart it is skipped.
.IP "\fB%d\fR"
When a result attribute value is an address of the form
user@domain, \fB%d\fR is replaced by the domain part of
the attribute value. When the result is unqualified it
is skipped.
.IP "\fB%[SUD1\-9]\fR"
The upper\-case and decimal digit expansions interpolate
the parts of the input key rather than the result. Their
behavior is identical to that described with \fBquery\fR,
and in fact because the input key is known in advance, queries
whose key does not contain all the information specified in
the result template are suppressed and return no results.
.RE
.IP
For example, using "result_format = smtp:[%s]" allows one
to use a mailHost attribute as the basis of a transport(5)
table. After applying the result format, multiple values
are concatenated as comma separated strings. The expansion_limit
and parameter explained below allows one to restrict the number
of values in the result, which is especially useful for maps that
must return at most one value.
The default value \fB%s\fR specifies that each result value should
be used as is.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
.IP "\fBdomain (default: no domain list)\fR"
This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified search
keys with a *non\-empty* localpart and a matching domain
are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly
reduce the query load on the PostgreSQL server.
.nf
domain = postfix.org, hash:/etc/postfix/searchdomains
.fi
It is best not to use SQL to store the domains eligible
for SQL lookups.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT define this parameter for local(8) aliases,
because the input keys are always unqualified.
.IP "\fBexpansion_limit (default: 0)\fR"
A limit on the total number of result elements returned
(as a comma separated list) by a lookup against the map.
A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple
values.
.SH "OBSOLETE MAIN.CF PARAMETERS"
.na
.nf
.ad
.fi
For compatibility with other Postfix lookup tables, PostgreSQL
parameters can also be defined in main.cf. In order to do
that, specify as PostgreSQL source a name that doesn't begin
with a slash or a dot. The PostgreSQL parameters will then
be accessible as the name you've given the source in its
definition, an underscore, and the name of the parameter. For
example, if the map is specified as "pgsql:\fIpgsqlname\fR",
the parameter "hosts" would be defined in main.cf as
"\fIpgsqlname\fR_hosts".
Note: with this form, the passwords for the PostgreSQL sources
are written in main.cf, which is normally world\-readable.
Support for this form will be removed in a future Postfix
version.
.SH "OBSOLETE QUERY INTERFACES"
.na
.nf
.ad
.fi
This section describes query interfaces that are deprecated
as of Postfix 2.2. Please migrate to the new \fBquery\fR
interface as the old interfaces are slated to be phased
out.
.IP "\fBselect_function\fR"
This parameter specifies a database function name. Example:
.nf
select_function = my_lookup_user_alias
.fi
This is equivalent to:
.nf
query = SELECT my_lookup_user_alias('%s')
.fi
This parameter overrides the legacy table\-related fields (described
below). With Postfix versions prior to 2.2, it also overrides the
\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
parameter has highest precedence, and the \fBselect_function\fR
parameter is deprecated.
.PP
The following parameters (with lower precedence than the
\fBselect_function\fR interface described above) can be used to
build the SQL select statement as follows:
.nf
SELECT [\fBselect_field\fR]
FROM [\fBtable\fR]
WHERE [\fBwhere_field\fR] = '%s'
[\fBadditional_conditions\fR]
.fi
The specifier %s is replaced with each lookup by the lookup key
and is escaped so if it contains single quotes or other odd
characters, it will not cause a parse error, or worse, a security
problem.
Starting with Postfix 2.2, this interface is obsoleted by the more
general \fBquery\fR interface described above. If higher precedence
the \fBquery\fR or \fBselect_function\fR parameters described above
are defined, the parameters described here are ignored.
.IP "\fBselect_field\fR"
The SQL "select" parameter. Example:
.nf
\fBselect_field\fR = forw_addr
.fi
.IP "\fBtable\fR"
The SQL "select .. from" table name. Example:
.nf
\fBtable\fR = mxaliases
.fi
.IP "\fBwhere_field\fR
The SQL "select .. where" parameter. Example:
.nf
\fBwhere_field\fR = alias
.fi
.IP "\fBadditional_conditions\fR
Additional conditions to the SQL query. Example:
.nf
\fBadditional_conditions\fR = AND status = 'paid'
.fi
.SH "SEE ALSO"
.na
.nf
postmap(1), Postfix lookup table manager
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
mysql_table(5), MySQL lookup tables
sqlite_table(5), SQLite lookup tables
.SH "README FILES"
.na
.nf
.ad
.fi
Use "\fBpostconf readme_directory\fR" or
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
DATABASE_README, Postfix lookup table overview
PGSQL_README, Postfix PostgreSQL client guide
.SH "LICENSE"
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
.SH HISTORY
.ad
.fi
PgSQL support was introduced with Postfix version 2.1.
.SH "AUTHOR(S)"
.na
.nf
Based on the MySQL client by:
Scott Cotton, Joshua Marcus
IC Group, Inc.
Ported to PostgreSQL by:
Aaron Sethman
Further enhanced by:
Liviu Daia
Institute of Mathematics of the Romanian Academy
P.O. BOX 1\-764
RO\-014700 Bucharest, ROMANIA
|