diff options
Diffstat (limited to 'doc/wiki/Variables.txt')
-rw-r--r-- | doc/wiki/Variables.txt | 355 |
1 files changed, 355 insertions, 0 deletions
diff --git a/doc/wiki/Variables.txt b/doc/wiki/Variables.txt new file mode 100644 index 0000000..9051220 --- /dev/null +++ b/doc/wiki/Variables.txt @@ -0,0 +1,355 @@ +Variables +========= + +You can use special variables in several places: + + * <mail_location> [MailLocation.txt] setting and <namespace> [Namespaces.txt] + locations + * <static userdb> [UserDatabase.Static.txt] and <passwd-file userdb> + [AuthDatabase.PasswdFile.txt] template strings + * <LDAP> [AuthDatabase.LDAP.txt] and <SQL> [AuthDatabase.SQL.txt] userdb query + strings + * log prefix for imap/pop3 process + * <Plugin> [Plugins.txt] settings + +The variables that work (almost) everywhere are: + + * ++------------+------------------------------+---------------------------------+ +| *Variable* | *Long name* | *Description* | ++------------+------------------------------+---------------------------------+ +| %% | | '%' character. See | +| | | <SharedMailboxes.Shared.txt> for| +| | | further information about %% | +| | | variables | ++------------+------------------------------+---------------------------------+ +| %u | user | full username (e.g. user@domain)| ++------------+------------------------------+---------------------------------+ +| %n | username | user part in user@domain, same | +| | | as %u if there's no domain | ++------------+------------------------------+---------------------------------+ +| %d | domain | domain part in user@domain, | +| | | empty if user with no domain | ++------------+------------------------------+---------------------------------+ +| %s | service | imap, pop3, smtp, lda (and | +| | | doveadm, dsync, etc.) | ++------------+------------------------------+---------------------------------+ +| %p | pid | PID of the current process | +| | | (login or imap/pop3 process) | ++------------+------------------------------+---------------------------------+ +| %l | lip | local IP address | ++------------+------------------------------+---------------------------------+ +| %r | rip | remote IP address | ++------------+------------------------------+---------------------------------+ +| | session | session ID for this client | +| | | connection (unique for 9 years) | +| | | (v2.1.6+) | ++------------+------------------------------+---------------------------------+ +| | auth_user | SASL authentication ID (e.g. if | +| | | master user login is done, this | +| | | contains the master username). | +| | | If username changes during | +| | | authentication, this value | +| | | contains the original username. | +| | | Otherwise the same as %{user}. | +| | | (v2.2.11+) | ++------------+------------------------------+---------------------------------+ +| | auth_username | user part in %{auth_user} | +| | | (v2.2.11+) | ++------------+------------------------------+---------------------------------+ +| | auth_domain | domain part in %{auth_user} | +| | | (v2.2.11+) | ++------------+------------------------------+---------------------------------+ +| | userdb:<name> | Expands to extra field "name" | +| | | returned by userdb (v2.2.19+) | ++------------+------------------------------+---------------------------------+ +| | encrypt;<parameters>:<field> | Encrypt field (v2.2.29+) (see | +| | | <Plugins.VarExpandCrypt.txt>) | ++------------+------------------------------+---------------------------------+ +| | decrypt;<parameters<:<field> | Decrypt field (v2.2.29+) (see | +| | | <Plugins.VarExpandCrypt.txt>) | ++------------+------------------------------+---------------------------------+ + +These variables work almost everywhere else except in Dovecot-auth (userdb +queries/templates): + + * ++------------+----------+-----------------------------------------------------+ +| *Variable* | *Long | *Description* | +| | name* | | ++------------+----------+-----------------------------------------------------+ +| %h | home | home directory. Use of ~/ is better whenever | +| | | possible. | ++------------+----------+-----------------------------------------------------+ +| %i | uid | UNIX UID of the user | ++------------+----------+-----------------------------------------------------+ +| | gid | UNIX group identifier of the user (v2.0.17+) | ++------------+----------+-----------------------------------------------------+ + +These variables work only in Dovecot-auth and 'login_log_format_elements' +setting: + + * ++----+--------------------+---------------------------------------------------+ +| %m | mech | <authentication mechanism> | +| | | [Authentication.Mechanisms.txt], e.g. PLAIN | ++----+--------------------+---------------------------------------------------+ +| %a | lport | Local port | ++----+--------------------+---------------------------------------------------+ +| %b | rport | Remote port | ++----+--------------------+---------------------------------------------------+ +| %c | secured | "secured" string with SSL, TLS and localhost | +| | | connections. Otherwise empty. | ++----+--------------------+---------------------------------------------------+ +| | real_rip | Same as %{rip}, except in proxy setups contains | +| | | the remote proxy's IP instead of the client's IP | +| | | (v2.1.10+) | ++----+--------------------+---------------------------------------------------+ +| | real_lip | Same as %{lip}, except in proxy setups contains | +| | | the local proxy's IP instead of the remote proxy's| +| | | IP (v2.2+) | ++----+--------------------+---------------------------------------------------+ +| | real_rport | Similar to %{real_rip} except for port instead of | +| | | IP (v2.2+) | ++----+--------------------+---------------------------------------------------+ +| | real_lport | Similar to %{real_lip} except for port instead of | +| | | IP (v2.2+) | ++----+--------------------+---------------------------------------------------+ +| | orig_user | Same as %{user}, except using the original | +| | | username the client sent before any changes by | +| | | auth process (v2.2.6+, v2.2.13+ for auth) | ++----+--------------------+---------------------------------------------------+ +| | orig_username | Same as %{username}, except using the original | +| | | username (v2.2.6+, v2.2.13+ for auth) | ++----+--------------------+---------------------------------------------------+ +| | orig_domain | Same as %{domain}, except using the original | +| | | username (v2.2.6+, v2.2.13+ for auth) | ++----+--------------------+---------------------------------------------------+ +| | local_name | Expands to TLS SNI hostname, if given (v2.2.26+) | ++----+--------------------+---------------------------------------------------+ +| | client_id | Expands to client ID request as IMAP arglist | +| | | (v2.2.29+/v2.3+). Needs imap_id_retain=yes | ++----+--------------------+---------------------------------------------------+ +| | passdb:<name> | Expands to extra field "name" returned by passdb | +| | | (v2.2.19+) | ++----+--------------------+---------------------------------------------------+ +| | forward_<variable> | Used by proxies to pass on values to next hop, see| +| | | <PasswordDatabase.ExtraFields.Proxy.txt> | +| | | (v2.2.29+/v2.3+) | ++----+--------------------+---------------------------------------------------+ + +These variables work only in Dovecot-auth: + + * ++------------+----------------+-----------------------------------------------+ +| *Variable* | *Long name* | *Description* | ++------------+----------------+-----------------------------------------------+ +| %w | password | plaintext password from plaintext | +| | | authentication mechanism | ++------------+----------------+-----------------------------------------------+ +| %k | cert | "valid" if client had sent a valid client | +| | | certificate, otherwise empty. | ++------------+----------------+-----------------------------------------------+ +| | login_user | For master user logins: Logged in user@domain | ++------------+----------------+-----------------------------------------------+ +| | login_username | For master user logins: Logged in user | ++------------+----------------+-----------------------------------------------+ +| | login_domain | For master user logins: Logged in domain | ++------------+----------------+-----------------------------------------------+ +| | domain_first | For "username@domain_first@domain_last" style | +| | | usernames (v2.2.6+) | ++------------+----------------+-----------------------------------------------+ +| | domain_last | For "username@domain_first@domain_last" style | +| | | usernames (v2.2.6+) | ++------------+----------------+-----------------------------------------------+ +| | master_user | For master user logins: The master username | +| | | (v2.2.7+) | ++------------+----------------+-----------------------------------------------+ +| | session_pid | For user logins: The PID of the IMAP/POP3 | +| | | process handling the session. (v2.2.7+) | ++------------+----------------+-----------------------------------------------+ +| | passdb:<name> | Return passdb extra field "name". | +| | | %{passdb:name:default} returns "default" if | +| | | "name" doesn't exist (not returned if name | +| | | exists but is empty) (v2.2.19+) | ++------------+----------------+-----------------------------------------------+ +| | userdb:<name> | Return userdb extra field "name". | +| | | %{userdb:name:default} returns "default" if | +| | | "name" doesn't exist (not returned if name | +| | | exists but is empty) (v2.2.19+) | ++------------+----------------+-----------------------------------------------+ + +These variables work only in 'login_log_format_elements' setting: + + * ++------------+--------------+-------------------------------------------------+ +| *Variable* | *Long name* | *Description* | ++------------+--------------+-------------------------------------------------+ +| %k | ssl_security | SSL protocol and cipher information, e.g. "TLSv1| +| | | with cipher DHE-RSA-AES256-SHA (256/256 bits)" | ++------------+--------------+-------------------------------------------------+ +| %e | mail_pid | Mail process (imap/pop3) PID that handles the | +| | | post-login connection | ++------------+--------------+-------------------------------------------------+ +| | listener | Expands to the socket listener name as specified| +| | | in config file (v2.2.19+) | ++------------+--------------+-------------------------------------------------+ + +These variables work only in 'deliver_log_format' setting: + + * ++------------+---------------+------------------------------------------------+ +| *Variable* | *Long name* | *Description* | ++------------+---------------+------------------------------------------------+ +| %$ | | Log entry | ++------------+---------------+------------------------------------------------+ +| %m | msgid | Message-ID | ++------------+---------------+------------------------------------------------+ +| %s | subject | Subject | ++------------+---------------+------------------------------------------------+ +| %f | from | From address | ++------------+---------------+------------------------------------------------+ +| %e | from_envelope | Envelope sender | ++------------+---------------+------------------------------------------------+ +| | to_envelope | Envelope recipient (v2.2.19+) | ++------------+---------------+------------------------------------------------+ +| %p | size | Message size | ++------------+---------------+------------------------------------------------+ +| %w | vsize | Virtual message size | ++------------+---------------+------------------------------------------------+ +| | delivery_time | How many milliseconds was spent actually | +| | | delivering the mail (v2.2.18+) | ++------------+---------------+------------------------------------------------+ +| | session_time | How many milliseconds the LMTP session took in | +| | | total, including network waits (v2.2.18+) | ++------------+---------------+------------------------------------------------+ + +These variables work only in 'auth_policy_request_attributes' setting: + + * ++------------+--------------------+-------------------------------------------+ +| *Variable* | *Long name* | *Description* | ++------------+--------------------+-------------------------------------------+ +| | hashed_password | Truncated auth policy hash of username and| +| | | password | ++------------+--------------------+-------------------------------------------+ +| | requested_username | Since v2.2.34, contains correct username | ++------------+--------------------+-------------------------------------------+ + + * Long variable names can be used like '%{long_name} ' or with L modifier: + '%L{long_name}'. + * Environment variables can be accessed with '%{env:ENVIRONMENT_VARIABLE} '. + * Additionally, the (self-explanatory) variables '%{pid} ' and '%{hostname} ' + are available. + +Modifiers +--------- + +You can apply a modifiers for each variable (e.g. %Us = POP3): + + * %L - lowercase + * %U - uppercase + * %E - escape '"', "'" and '\' characters by inserting '\' before them. Note + that variables in SQL queries are automatically escaped, you don't need to + use this modifier for them. + * %X - parse the variable as a base-10 number, and convert it to base-16 + (hexadecimal) + * %R - reverse the string + * %N - take a 32bit hash of the variable and return it as hex. You can also + limit the hash value. For example %256Nu gives values 0..ff. You might want + padding also, so %2.256Nu gives 00..ff. This can be useful for example in + dividing users automatically to multiple partitions. + * This is "New Hash", based on MD5 to give better distribution of values + (no need for any string reversing kludges either). (v2.2.3+) + * %H - Same as %N, but use "old hash" (not recommended anymore) + * %H hash function is a bit bad if all the strings end with the same + text, so if you're hashing usernames being in user@domain form, you + probably want to reverse the username to get better hash value + variety, e.g. %3RHu. + * %{<hash + algorithm>;rounds=<n>,truncate=<bits>,salt=s,format=<hex|hexuc|base64>:field} + - Generic hash function that outputs a hex (by default) or base64 value. + Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also + "pkcs5" is supported using SHA256. For example: %{sha256:user} or + %{md5;truncate=32:user}. (v2.2.27+) + * %M - return the string's MD5 sum as hex. + * %D - return "sub.domain.org" as "sub,dc=domain,dc=org" (for LDAP queries) + * %T - Trim trailing whitespace + +You can take a substring of the variable by giving optional offset followed by +'.' and width after the '%' character. For example %2u gives first two +characters of the username. %2.1u gives third character of the username. + +If the offset is negative, it counts from the end, for example %-2.2i gives the +UID mod 100 (last two characters of the UID printed in a string). If a positive +offset points outside the value, empty string is returned, if a negative offset +does then the string is taken from the start. + +If the width is prefixed with zero, the string isn't truncated, but only padded +with '0' character if the string is shorter. For example %04i may return +"0001", "1000" and "12345". %1.04i for the same string would return "001", +"000" and "2345". + +If the width is negative, it counts from the end, for example %0.-2u gives all +but the last two characters from the username. (v2.2.13+) + +The modifiers are applied from left-to-right order, except the substring is +always taken from the final string. + +Conditionals +------------ + +Since v2.2.33 it's possible to use conditionals in variable expansion. The +generic syntax is + +---%<------------------------------------------------------------------------- + %{if;value1;operator;value2;value-if-true;value-if-false} +---%<------------------------------------------------------------------------- + +Each field can contain another variable expansion, facilitating for nested ifs. +If some field refers to another field, it must use either %v or %{value} +syntax. + +Escaping is supported, so one can have values like \%{value} that will not get +expanded, or literal : and ; in the expression. + +Spaces and quotes are fully supported. + +Following operators are supported ++------------+--------------------------------------------------------------+ +| *operator* | *explanation* | ++------------+--------------------------------------------------------------+ +| == | NUMERIC equality | ++------------+--------------------------------------------------------------+ +| != | NUMERIC inequality | ++------------+--------------------------------------------------------------+ +| < | NUMERIC less than | ++------------+--------------------------------------------------------------+ +| <= | NUMERIC less or equal | ++------------+--------------------------------------------------------------+ +| > | NUMERIC greater than | ++------------+--------------------------------------------------------------+ +| >= | NUMERIC greater or equal | ++------------+--------------------------------------------------------------+ +| eq | String equality | ++------------+--------------------------------------------------------------+ +| ne | String inequality | ++------------+--------------------------------------------------------------+ +| lt | String inequality | ++------------+--------------------------------------------------------------+ +| le | String inequality | ++------------+--------------------------------------------------------------+ +| gt | String inequality | ++------------+--------------------------------------------------------------+ +| ge | String inequality | ++------------+--------------------------------------------------------------+ +| * | Wildcard match (mask on value2) | ++------------+--------------------------------------------------------------+ +| !* | Wildcard non-match (mask on value2) | ++------------+--------------------------------------------------------------+ +| ~ | Regular expression match (pattern on value2, extended POSIX) | ++------------+--------------------------------------------------------------+ +| !~ | String inequality (pattern on value2, extended POSIX) | ++------------+--------------------------------------------------------------+ + +(This file was created from the wiki on 2019-06-19 12:42) |