1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
|
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - mysql_table(5) </title>
</head> <body> <pre>
MYSQL_TABLE(5) MYSQL_TABLE(5)
<b>NAME</b>
mysql_table - Postfix MySQL client configuration
<b>SYNOPSIS</b>
<b>postmap -q "</b><i>string</i><b>" <a href="mysql_table.5.html">mysql</a>:/etc/postfix/</b><i>filename</i>
<b>postmap -q - <a href="mysql_table.5.html">mysql</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address rewriting or
mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
Alternatively, lookup tables can be specified as MySQL databases. In
order to use MySQL lookups, define a MySQL source as a lookup table in
<a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/postfix/mysql-aliases.cf
The file /etc/postfix/mysql-aliases.cf has the same format as the Post-
fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
$<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
stand that the table must store each list member as a separate key. The
table lookup verifies the *existence* of the key. See "Postfix lists
versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
<a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with an arbitrary
value. With SQL databases it is not uncommon to return the key itself
or a constant value.
<b>MYSQL PARAMETERS</b>
<b>hosts</b> The hosts that Postfix will try to connect to and query from.
Specify <i>unix:</i> for UNIX domain sockets, <i>inet:</i> for TCP connections
(default). Examples:
hosts = inet:host1.some.domain inet:host2.some.domain:port
hosts = host1.some.domain host2.some.domain:port
hosts = unix:/file/name
The hosts are tried in random order, with all connections over
UNIX domain sockets being tried before those over TCP. The con-
nections are automatically closed after being idle for about 1
minute, and are re-opened as necessary. Postfix versions 2.0 and
earlier do not randomize the host order.
NOTE: if you specify localhost as a hostname (even if you prefix
it with <i>inet:</i>), MySQL will connect to the default UNIX domain
socket. In order to instruct MySQL to connect to localhost over
TCP you have to specify
hosts = 127.0.0.1
<b>user</b>
<b>password</b>
The user name and password to log into the mysql server. Exam-
ple:
user = someone
password = some_password
<b>dbname</b> The database name on the servers. Example:
dbname = customer_database
<b>charset (default: utf8mb4)</b>
The default MySQL client character set; this also implies the
collation order.
This parameter is available with Postfix 3.9 and later. With
earlier Postfix versions, the default was chosen by the MySQL
implementation (<b>utf8mb4</b> as of MySQL 8.0, <b>latin1</b> historically).
<b>idle_interval (default: 60)</b>
The number of seconds after which an idle database connection
will be closed.
This feature is available in Postfix 3.9 and later.
<b>retry_interval (default: 60)</b>
The number of seconds that a database connection will be skipped
after an error.
This feature is available in Postfix 3.9 and later.
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is
a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
By default, every query must return a result set (instead of
storing its results in a table); with "<b>require_result_set = no</b>"
(Postfix 3.2 and later), the absence of a result set is treated
as "not found".
This parameter supports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. SQL quoting is used
to make sure that the input key does not add unexpected
metacharacters.
<b>%u</b> When the input key is an address of the form user@domain,
<b>%u</b> is replaced by the SQL quoted local part of the
address. Otherwise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the query is sup-
pressed and returns no results.
<b>%d</b> When the input key is an address of the form user@domain,
<b>%d</b> is replaced by the SQL quoted domain part of the
address. Otherwise, the query is suppressed and returns
no results.
<b>%[SUD]</b> The upper-case equivalents of the above expansions behave
in the <b>query</b> parameter identically to their lower-case
counter-parts. With the <b>result_format</b> parameter (see
below), they expand the input key rather than the result
value.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
sponding most significant component of the input key's
domain. If the input key is <i>user@mail.example.com</i>, then
%1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough domain components
to satisfy all the specified patterns, the query is sup-
pressed and returns no results.
The <b>domain</b> parameter described below limits the input keys to
addresses in matching domains. When the <b>domain</b> parameter is
non-empty, SQL queries for unqualified addresses or addresses in
non-matching domains are suppressed and return no results.
This parameter is available with Postfix 2.2. In prior releases
the SQL query was built from the separate parameters:
<b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>. The
mapping from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The '%s' in the <b>WHERE</b> clause expands to the escaped search
string. With Postfix 2.2 these legacy parameters are used if
the <b>query</b> parameter is not specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
Format template applied to result attributes. Most commonly used
to append (or prepend) text to the result. This parameter sup-
ports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result attribute.
When result is empty it is skipped.
<b>%u</b> When the result attribute value is an address of the form
user@domain, <b>%u</b> is replaced by the local part of the
address. When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address of the form
user@domain, <b>%d</b> is replaced by the domain part of the
attribute value. When the result is unqualified it is
skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions interpolate
the parts of the input key rather than the result. Their
behavior is identical to that described with <b>query</b>, and
in fact because the input key is known in advance,
queries whose key does not contain all the information
specified in the result template are suppressed and
return no results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
applying the result format, multiple values are concatenated as
comma separated strings. The expansion_limit and parameter
explained below allows one to restrict the number of values in
the result, which is especially useful for maps that must return
at most one value.
The default value <b>%s</b> specifies that each result value should be
used as is.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
databases. When specified, only fully qualified search keys with
a *non-empty* localpart and a matching domain are eligible for
lookup: 'user' lookups, bare domain lookups and "@domain"
lookups are not performed. This can significantly reduce the
query load on the MySQL server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eligible for SQL
lookups.
This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
the input keys are always unqualified.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements returned (as a
comma separated list) by a lookup against the map. A setting of
zero disables the limit. Lookups fail with a temporary error if
the limit is exceeded. Setting the limit to 1 ensures that
lookups do not return multiple values.
<b>option_file</b>
Read options from the given file instead of the default my.cnf
location. This reads options from the <b>[client]</b> option group,
optionally followed by options from the group given with
<b>option_group</b>.
This parameter is available with Postfix 2.11 and later.
<b>option_group (default: Postfix</b> ><b>=3.2: client,</b> <<b>= 3.1: empty)</b>
Read options from the given group of the mysql options file,
after reading options from the <b>[client]</b> group.
Postfix 3.2 and later read <b>[client]</b> option group settings by
default. To disable this specify no <b>option_file</b> and specify
"<b>option_group =</b>" (i.e. an empty value).
Postfix 3.1 and earlier don't read <b>[client]</b> option group set-
tings unless a non-empty <b>option_file</b> or <b>option_group</b> value are
specified. To enable this, specify, for example, "<b>option_group =</b>
<b>client</b>".
This parameter is available with Postfix 2.11 and later.
<b>require_result_set (default: yes)</b>
If "<b>yes</b>", require that every query returns a result set. If
"<b>no</b>", treat the absence of a result set as "not found".
This parameter is available with Postfix 3.2 and later.
<b>tls_cert_file</b>
File containing client's X509 certificate.
This parameter is available with Postfix 2.11 and later.
<b>tls_key_file</b>
File containing the private key corresponding to <b>tls_cert_file</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CAfile</b>
File containing certificates for all of the X509 Certification
Authorities the client will recognize. Takes precedence over
<b>tls_CApath</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CApath</b>
Directory containing X509 Certification Authority certificates
in separate individual files.
This parameter is available with Postfix 2.11 and later.
<b>tls_ciphers</b>
The list of permissible ciphers for SSL encryption.
This parameter is available with Postfix 2.11 and later.
<b>tls_verify_cert (default: no)</b>
Verify that the server's name matches the common name in the
certificate.
This parameter is available with Postfix 2.11 and later.
<b>USING MYSQL STORED PROCEDURES</b>
Postfix 3.2 and later support calling a stored procedure instead of
using a SELECT statement in the query, e.g.
<b>query</b> = CALL lookup('%s')
The previously described '%' expansions can be used in the parameter(s)
to the stored procedure.
By default, every stored procedure call must return a result set, i.e.
every code path must execute a SELECT statement that returns a result
set (instead of storing its results in a table). With
"<b>require_result_set = no</b>", the absence of a result set is treated as
"not found".
A stored procedure must not return multiple result sets. That is,
there must be no code path that executes multiple SELECT statements
that return a result (instead of storing their results in a table).
The following is an example of a stored procedure returning a single
result set:
CREATE [DEFINER=`user`@`host`] PROCEDURE
`lookup`(IN `param` VARCHAR(255))
READS SQL DATA
SQL SECURITY INVOKER
BEGIN
select goto from alias where address=param;
END
<b>OBSOLETE MAIN.CF PARAMETERS</b>
For compatibility with other Postfix lookup tables, MySQL parameters
can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as MySQL
source a name that doesn't begin with a slash or a dot. The MySQL
parameters will then be accessible as the name you've given the source
in its definition, an underscore, and the name of the parameter. For
example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>", the parameter
"hosts" would be defined in <a href="postconf.5.html">main.cf</a> as "<i>mysqlname</i>_hosts".
Note: with this form, the passwords for the MySQL sources are written
in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this form
will be removed in a future Postfix version.
<b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as of Postfix
2.2. It is replaced by the more general <b>query</b> interface described
above. If the <b>query</b> parameter is defined, the legacy parameters
described here ignored. Please migrate to the new interface as the
legacy interface may be removed in a future release.
The following parameters can be used to fill in a SELECT template
statement of the form:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is escaped so if
it contains single quotes or other odd characters, it will not cause a
parse error, or worse, a security problem.
<b>select_field</b>
The SQL "select" parameter. Example:
<b>select_field</b> = forw_addr
<b>table</b> The SQL "select .. from" table name. Example:
<b>table</b> = mxaliases
<b>where_field</b>
The SQL "select .. where" parameter. Example:
<b>where_field</b> = alias
<b>additional_conditions</b>
Additional conditions to the SQL query. Example:
<b>additional_conditions</b> = AND status = 'paid'
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
<a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="MYSQL_README.html">MYSQL_README</a>, Postfix MYSQL client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
MySQL support was introduced with Postfix version 1.0.
<b>AUTHOR(S)</b>
Original implementation by:
Scott Cotton, Joshua Marcus
IC Group, Inc.
Further enhancements by:
Liviu Daia
Institute of Mathematics of the Romanian Academy
P.O. BOX 1-764
RO-014700 Bucharest, ROMANIA
Stored-procedure support by John Fawcett.
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
MYSQL_TABLE(5)
</pre> </body> </html>
|
