-TCRYPTO_EX_DATA
-TCTABLE
-TCTABLE_ENTRY
+-TDB_COMMON_CTX
-TDELIVERED_HDR_INFO
-TDELIVER_ATTR
-TDELIVER_REQUEST
-TDICT_REGEXP_PRESCAN_CONTEXT
-TDICT_REGEXP_RULE
-TDICT_SDBM
+-TDICT_SQLITE
-TDICT_TCP
-TDICT_UNIX
-TDNS_FIXED
"tls_append_default_CA = yes". Files: tls/tls_certkey.c,
tls/tls_misc.c, global/mail_params.h. proto/postconf.proto,
mantools/postlink.
+
+20100615
+
+ Cleanup: the master no longer logs "process P killed with
+ signal S" when it shuts down a running service (for example,
+ the service is removed from master.cf, or the service is
+ disabled via the main.cf master_service_disable parameter).
+ File: master/master_spawn.c.
+
+20100617
+
+ Feature: read-only sqlite support based on code by Axel
+ Steiner and documentation by Jesus Garcia Crespo. Files:
+ conf/postfix-files, mantools/postlink, proto/DATABASE_README.html,
+ proto/Makefile.in, proto/INSTALL.html, proto/SASL_README.html,
+ proto/mysql_table, proto/pgsql_table, proto/sqlite_table,
+ proto/SQLITE_README.html, global/Makefile.in, global/mail_dict.c,
+ global/dict_sqlite.c, global/dict_sqlite.h, postconf/postconf.c,
+ postfix/postfix.c.
* MYSQL_README: MySQL Howto
* PCRE_README: PCRE Howto
* PGSQL_README: PostgreSQL Howto
+ * SQLITE_README: SQLite Howto
M\bMa\bai\bil\bli\bin\bng\bg l\bli\bis\bst\bt s\bsu\bup\bpp\bpo\bor\brt\bt
% p\bpo\bos\bst\btm\bma\bap\bp -\b-q\bq i\bin\bnf\bfo\bo@\b@e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm h\bha\bas\bsh\bh:\b:/\b/e\bet\btc\bc/\b/p\bpo\bos\bst\btf\bfi\bix\bx/\b/v\bvi\bir\brt\btu\bua\bal\bl
Once you have local files working properly you can follow the instructions in
-ldap_table(5), mysql_table(5) or pgsql_table(5) and replace local file lookups
-with LDAP or SQL lookups. When you do this, you should use the postmap(1)
-command again, to verify that database lookups still produce the exact same
-results as local file lookup:
+ldap_table(5), mysql_table(5), pgsql_table(5) or sqlite_table(5) and replace
+local file lookups with LDAP or SQL lookups. When you do this, you should use
+the postmap(1) command again, to verify that database lookups still produce the
+exact same results as local file lookup:
% p\bpo\bos\bst\btm\bma\bap\bp -\b-q\bq i\bin\bnf\bfo\bo@\b@e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm l\bld\bda\bap\bp:\b:/\b/e\bet\btc\bc/\b/p\bpo\bos\bst\btf\bfi\bix\bx/\b/v\bvi\bir\brt\btu\bua\bal\bl.\b.c\bcf\bf
with the postmap(1) or postalias(1) command. The lookup table name as
used in "sdbm:table" is the database file name without the ".dir" or
".pag" suffix.
+ s\bsq\bql\bli\bit\bte\be (read-only)
+ Perform SQLite database lookups. Configuration details are given in
+ sqlite_table(5).
s\bst\bta\bat\bti\bic\bc (read-only)
Always returns its lookup table name as lookup result. For example, the
lookup table "static:foobar" always returns the string "foobar" as
Postfix is compiled. The following documents describe how to build Postfix with
support for extensions:
- _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b
- |P\bPo\bos\bst\btf\bfi\bix\bx e\bex\bxt\bte\ben\bns\bsi\bio\bon\bn |D\bDo\boc\bcu\bum\bme\ben\bnt\bt |A\bAv\bva\bai\bil\bla\bab\bbi\bil\bli\bit\bty\by|
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |Berkeley DB database |DB_README |Postfix 1.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |LDAP database |LDAP_README |Postfix 1.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |MySQL database |MYSQL_README|Postfix 1.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |Perl compatible regular expression|PCRE_README |Postfix 1.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |PostgreSQL database |PGSQL_README|Postfix 2.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |SASL authentication |SASL_README |Postfix 1.0 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |STARTTLS session encryption |TLS_README |Postfix 2.2 |
- |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b
+ |P\bPo\bos\bst\btf\bfi\bix\bx e\bex\bxt\bte\ben\bns\bsi\bio\bon\bn |D\bDo\boc\bcu\bum\bme\ben\bnt\bt |A\bAv\bva\bai\bil\bla\bab\bbi\bil\bli\bit\bty\by|
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |Berkeley DB database |DB_README |Postfix 1.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |LDAP database |LDAP_README |Postfix 1.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |MySQL database |MYSQL_README |Postfix 1.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |Perl compatible regular expression|PCRE_README |Postfix 1.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |PostgreSQL database |PGSQL_README |Postfix 2.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |SASL authentication |SASL_README |Postfix 1.0 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |SQLite database |SQLITE_README|Postfix 2.8 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+ |STARTTLS session encryption |TLS_README |Postfix 2.2 |
+ |_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
Note: IP version 6 support is compiled into Postfix on operating systems that
have IPv6 support. See the IPV6_README file for details.
--- /dev/null
+P\bPo\bos\bst\btf\bfi\bix\bx S\bSQ\bQL\bLi\bit\bte\be H\bHo\bow\bwt\bto\bo
+
+-------------------------------------------------------------------------------
+
+I\bIn\bnt\btr\bro\bod\bdu\buc\bct\bti\bio\bon\bn
+
+The Postfix sqlite map type allows you to hook up Postfix to a SQLite database.
+This implementation allows for multiple sqlite databases: you can use one for a
+virtual(5) table, one for an access(5) table, and one for an aliases(5) table
+if you want.
+
+B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bit\bth\bh S\bSQ\bQL\bLi\bit\bte\be s\bsu\bup\bpp\bpo\bor\brt\bt
+
+The Postfix SQLite client utilizes the sqlite3 library, which can be obtained
+from:
+
+ http://www.sqlite.org/
+
+In order to build Postfix with sqlite map support, you will need to add -
+DHAS_SQLITE and -I for the directory containing the sqlite headers, and the
+sqlite3 library to AUXLIBS, for example:
+
+ make -f Makefile.init makefiles \
+ 'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
+ 'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
+
+Then, just run 'make'.
+
+U\bUs\bsi\bin\bng\bg S\bSQ\bQL\bLi\bit\bte\be t\bta\bab\bbl\ble\bes\bs
+
+Once Postfix is built with sqlite support, you can specify a map type in
+main.cf like this:
+
+ alias_maps = sqlite:/etc/postfix/sqlite-aliases.cf
+
+The file /etc/postfix/sqlite-aliases.cf specifies lots of information telling
+Postfix how to reference the sqlite database. For a complete description, see
+the sqlite_table(5) manual page.
+
+E\bEx\bxa\bam\bmp\bpl\ble\be:\b: l\blo\boc\bca\bal\bl a\bal\bli\bia\bas\bse\bes\bs
+
+#
+# sqlite config file for local(8) aliases(5) lookups
+#
+
+# Path to database
+dbpath = /some/path/to/sqlite_database
+
+# See sqlite_table(5) for details.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+
+A\bAd\bdd\bdi\bit\bti\bio\bon\bna\bal\bl n\bno\bot\bte\bes\bs
+
+The SQLite configuration interface setup allows for multiple sqlite databases:
+you can use one for a virtual table, one for an access table, and one for an
+aliases table if you want.
+
+C\bCr\bre\bed\bdi\bit\bts\bs
+
+ * Implementation by Axel Steiner
+ * Documentation by Jesus Garcia Crespo
+
$manpage_directory/man5/ldap_table.5:f:root:-:644
$manpage_directory/man5/master.5:f:root:-:644
$manpage_directory/man5/mysql_table.5:f:root:-:644
+$manpage_directory/man5/sqlite_table.5:f:root:-:644
$manpage_directory/man5/nisplus_table.5:f:root:-:644
$manpage_directory/man5/pcre_table.5:f:root:-:644
$manpage_directory/man5/pgsql_table.5:f:root:-:644
$readme_directory/MILTER_README:f:root:-:644
$readme_directory/MULTI_INSTANCE_README:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644
+$readme_directory/SQLITE_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/OVERVIEW:f:root:-:644
$readme_directory/PACKAGE_README:f:root:-:644
$html_directory/MILTER_README.html:f:root:-:644
$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
$html_directory/MYSQL_README.html:f:root:-:644
+$html_directory/SQLITE_README.html:f:root:-:644
$html_directory/NFS_README.html:f:root:-:644
$html_directory/OVERVIEW.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
$html_directory/master.5.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
$html_directory/mysql_table.5.html:f:root:-:644
+$html_directory/sqlite_table.5.html:f:root:-:644
$html_directory/nisplus_table.5.html:f:root:-:644
$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/oqmgr.8.html:f:root:-:644
</blockquote>
<p> Once you have local files working properly you can follow the
-instructions in <a href="ldap_table.5.html">ldap_table(5)</a>, <a href="mysql_table.5.html">mysql_table(5)</a> or <a href="pgsql_table.5.html">pgsql_table(5)</a>
+instructions in <a href="ldap_table.5.html">ldap_table(5)</a>, <a href="mysql_table.5.html">mysql_table(5)</a>, <a href="pgsql_table.5.html">pgsql_table(5)</a>
+or <a href="sqlite_table.5.html">sqlite_table(5)</a>
and replace local file lookups with LDAP or SQL lookups. When you
do this, you should use the <a href="postmap.1.html">postmap(1)</a> command again, to verify
that database lookups still produce the exact same results as local
table name as used in "sdbm:table" is the database file name without
the ".dir" or ".pag" suffix. </dd>
+<dt> <b>sqlite</b> (read-only) </dt>
+
+<dd> Perform SQLite database lookups. Configuration details are given
+in <a href="sqlite_table.5.html">sqlite_table(5)</a>. </dd>
+
<dt> <b>static</b> (read-only) </dt>
<dd> Always returns its lookup table name as lookup result. For
<tr> <td> SASL authentication </td> <td><a href="SASL_README.html">SASL_README</a></td> <td>
Postfix 1.0 </td> </tr>
+<tr> <td> SQLite database</td> <td><a href="SQLITE_README.html">SQLITE_README</a></td> <td> Postfix
+2.8 </td> </tr>
+
<tr> <td> STARTTLS session encryption </td> <td><a href="TLS_README.html">TLS_README</a></td> <td>
Postfix 2.2 </td> </tr>
cidr_table.5.html tcp_table.5.html header_checks.5.html \
ldap_table.5.html mysql_table.5.html pgsql_table.5.html \
master.5.html nisplus_table.5.html generic.5.html bounce.5.html \
- postfix-wrapper.5.html
+ postfix-wrapper.5.html sqlite_table.5.html
OTHER = postfix-manuals.html
AWK = awk '{ print; if (NR == 2) print ".pl 9999\n.ll 65" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
+sqlite_table.5.html: ../proto/sqlite_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
+
nisplus_table.5.html: ../proto/nisplus_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SQLite Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SQLite Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> The Postfix sqlite map type allows you to hook up Postfix to a
+SQLite database. This implementation allows for multiple sqlite
+databases: you can use one for a <a href="virtual.5.html">virtual(5)</a> table, one for an
+<a href="access.5.html">access(5)</a> table, and one for an <a href="aliases.5.html">aliases(5)</a> table if you want. </p>
+
+<h2>Building Postfix with SQLite support</h2>
+
+<p> The Postfix SQLite client utilizes the sqlite3 library,
+which can be obtained from: </p>
+
+<blockquote>
+ <p> <a href="http://www.sqlite.org/">http://www.sqlite.org/</a> </p>
+</blockquote>
+
+<p> In order to build Postfix with sqlite map support, you will need to add
+-DHAS_SQLITE and -I for the directory containing the sqlite headers, and
+the sqlite3 library to AUXLIBS, for example: </p>
+
+<blockquote>
+<pre>
+make -f Makefile.init makefiles \
+ 'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
+ 'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
+</pre>
+</blockquote>
+
+<p> Then, just run 'make'.</p>
+
+<h2>Using SQLite tables</h2>
+
+<p> Once Postfix is built with sqlite support, you can specify a
+map type in <a href="postconf.5.html">main.cf</a> like this: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = sqlite:/etc/postfix/sqlite-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/sqlite-aliases.cf specifies lots of
+information telling Postfix how to reference the sqlite database.
+For a complete description, see the <a href="sqlite_table.5.html">sqlite_table(5)</a> manual page. </p>
+
+<h2>Example: local aliases </h2>
+
+<pre>
+#
+# sqlite config file for <a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> lookups
+#
+
+# Path to database
+dbpath = /some/path/to/sqlite_database
+
+# See <a href="sqlite_table.5.html">sqlite_table(5)</a> for details.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+</pre>
+
+<h2>Additional notes</h2>
+
+<p> The SQLite configuration interface setup allows for multiple
+sqlite databases: you can use one for a virtual table, one for an
+access table, and one for an aliases table if you want. </p>
+
+<h2>Credits</h2>
+
+<ul>
+
+<li>Implementation by Axel Steiner</li>
+<li>Documentation by Jesus Garcia Crespo</li>
+
+</ul>
+
+</body>
+
+</html>
<li> <a href="PGSQL_README.html"> PostgreSQL Howto </a>
+<li> <a href="SQLITE_README.html"> SQLite Howto </a>
+
</ul>
<p><strong> Mailing list support </strong></p>
Support for this form will be removed in a future Postfix
version.
- Postfix 2.2 has enhanced query interfaces for MySQL and
- PostgreSQL. These include features that were previously
- available only in the Postfix LDAP client. This work also
- created an opportunity for improvements in the LDAP inter-
- face. The primary compatibility issue is that <b>result_fil-</b>
- <b>ter</b> (a name that has caused some confusion as to its mean-
- ing in the past) has been renamed to <b>result_format</b>. For
- backwards compatibility with the pre 2.2 LDAP client,
- <b>result_filter</b> can for now be used instead of <b>result_for-</b>
- <b>mat</b>, when the latter parameter is not also set. The new
- name better reflects the function of the parameter. This
- compatibility interface may be removed in a future
+ For backwards compatibility with the pre 2.2 LDAP clients,
+ <b>result_filter</b> can for now be used instead of <b>result_for-</b>
+ <b>mat</b>, when the latter parameter is not also set. The new
+ name better reflects the function of the parameter. This
+ compatibility interface may be removed in a future
release.
<b>LIST MEMBERSHIP</b>
- When
using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>,
+ When
using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>,
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>,
- etc., it is important to understand that the table must
+ etc., it is important to understand that the table must
store each list member as a separate key. The table lookup
- verifies the *existence* of the key. See "Postfix lists
- versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a dis-
+ verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a dis-
cussion.
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
+ Do NOT create tables that return the full list of domains
+ in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
an arbitrary value. With LDAP databases it is not uncommon
to return the key itself.
- For
example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
+ For
example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
<a href="postconf.5.html#mydestination">tion</a>:
query_filter = domain=*
result_attribute = domain
<b>GENERAL LDAP PARAMETERS</b>
- In the text below, default values are given in parenthe-
+ In the text below, default values are given in parenthe-
ses. Note: don't use quotes in these variables; at least,
- not until the Postfix configuration routines understand
+ not until the Postfix configuration routines understand
how to deal with quoted strings.
<b>server_host (default: localhost)</b>
- The name of the host running the LDAP server, e.g.
+ The name of the host running the LDAP server, e.g.
server_host = ldap.example.com
- Depending on the LDAP client library you're using,
- it should be possible to specify multiple servers
- here, with the library trying them in order should
- the first one fail. It should also be possible to
- give each server in the list a different port
+ Depending on the LDAP client library you're using,
+ it should be possible to specify multiple servers
+ here, with the library trying them in order should
+ the first one fail. It should also be possible to
+ give each server in the list a different port
(overriding <b>server_port</b> below), by naming them like
server_host = ldap.example.com:1444
server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
<a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
- All LDAP URLs accepted by the OpenLDAP library are
- supported, including connections over UNIX domain
- sockets, and LDAP SSL (the last one provided that
+ All LDAP URLs accepted by the OpenLDAP library are
+ supported, including connections over UNIX domain
+ sockets, and LDAP SSL (the last one provided that
OpenLDAP was compiled with support for SSL):
server_host = ldapi://%2Fsome%2Fpath
search_base = dc=your, dc=com
- With Postfix 2.2 and later this parameter supports
+ With Postfix 2.2 and later this parameter supports
the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
+ quoting is used to make sure that the input
+ key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
- Otherwise, <b>%u</b> is replaced by the entire
- search string. If the localpart is empty,
- the search is suppressed and returns no
+ user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
+ Otherwise, <b>%u</b> is replaced by the entire
+ search string. If the localpart is empty,
+ the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
+ user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
- <b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-
- case equivalents of the above expansions
- behave identically to their lower-case
+ <b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-
+ case equivalents of the above expansions
+ behave identically to their lower-case
counter-parts. With the <b>result_format</b> param-
- eter (previously called <b>result_filter</b> see
- the COMPATIBILITY section and below), they
- expand to the corresponding components of
+ eter (previously called <b>result_filter</b> see
+ the COMPATIBILITY section and below), they
+ expand to the corresponding components of
input key rather than the result value.
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
- of the input key's domain. If the input key
+ of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the search is suppressed and
+ domain components to satisfy all the speci-
+ fied patterns, the search is suppressed and
returns no results.
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
- The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
+ The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
query_filter = (&(mail=%s)(paid_up=true))
- This parameter supports the following '%' expan-
+ This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
+ quoting is used to make sure that the input
+ key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
- Otherwise, <b>%u</b> is replaced by the entire
- search string. If the localpart is empty,
- the search is suppressed and returns no
+ user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
+ Otherwise, <b>%u</b> is replaced by the entire
+ search string. If the localpart is empty,
+ the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
+ user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
expansions behave in the <b>query_filter</b> param-
eter identically to their lower-case
counter-parts. With the <b>result_format</b> param-
- eter (previously called <b>result_filter</b> see
- the COMPATIBILITY section and below), they
- expand to the corresponding components of
+ eter (previously called <b>result_filter</b> see
+ the COMPATIBILITY section and below), they
+ expand to the corresponding components of
input key rather than the result value.
- The above %S, %U and %D expansions are
+ The above %S, %U and %D expansions are
available with Postfix 2.2 and later.
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
- of the input key's domain. If the input key
+ of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the search is suppressed and
+ domain components to satisfy all the speci-
+ fied patterns, the search is suppressed and
returns no results.
- The above %1, ..., %9 expansions are avail-
+ The above %1, ..., %9 expansions are avail-
able with Postfix 2.2 and later.
- The "domain" parameter described below limits the
- input keys to addresses in matching domains. When
- the "domain" parameter is non-empty, LDAP queries
- for unqualified addresses or addresses in non-
+ The "domain" parameter described below limits the
+ input keys to addresses in matching domains. When
+ the "domain" parameter is non-empty, LDAP queries
+ for unqualified addresses or addresses in non-
matching domains are suppressed and return no
results.
- NOTE: DO NOT put quotes around the <b>query_filter</b>
+ NOTE: DO NOT put quotes around the <b>query_filter</b>
parameter.
<b>result_format (default: %s</b>)
- Called <b>result_filter</b> in Postfix releases prior to
+ Called <b>result_filter</b> in Postfix releases prior to
2.2. Format template applied to result attributes.
- Most commonly used to append (or prepend) text to
- the result. This parameter supports the following
+ Most commonly used to append (or prepend) text to
+ the result. This parameter supports the following
'%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
+ <b>%s</b> This is replaced by the value of the result
+ attribute. When result is empty it is
skipped.
- <b>%u</b> When the result attribute value is an
+ <b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
+ replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
+ <b>%d</b> When a result attribute value is an address
+ of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
+ The upper-case and decimal digit expansions
interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query_fil-</b>
- <b>ter</b>, and in fact because the input key is
+ rather than the result. Their behavior is
+ identical to that described with <b>query_fil-</b>
+ <b>ter</b>, and in fact because the input key is
known in advance, lookups whose key does not
contain all the information specified in the
result template are suppressed and return no
results.
- The above %S, %U, %D and %1, ..., %9 expan-
- sions are available with Postfix 2.2 and
+ The above %S, %U, %D and %1, ..., %9 expan-
+ sions are available with Postfix 2.2 and
later.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and
- size_limit parameters explained below allow one to
- restrict the number of values in the result, which
- is especially useful for maps that should return a
+ of a <a href="transport.5.html">transport(5)</a> table. After applying the result
+ format, multiple values are concatenated as comma
+ separated strings. The expansion_limit and
+ size_limit parameters explained below allow one to
+ restrict the number of values in the result, which
+ is especially useful for maps that should return a
single value.
- The default value <b>%s</b> specifies that each attribute
+ The default value <b>%s</b> specifies that each attribute
value should be used as is.
- This parameter was called <b>result_filter</b> in Postfix
- releases prior to 2.2. If no "result_format" is
- specified, the value of "result_filter" will be
+ This parameter was called <b>result_filter</b> in Postfix
+ releases prior to 2.2. If no "result_format" is
+ specified, the value of "result_filter" will be
used instead before resorting to the default value.
- This provides compatibility with old configuration
+ This provides compatibility with old configuration
files.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
+ This is a list of domain names, paths to files, or
+ dictionaries. When specified, only fully qualified
+ search keys with a *non-empty* localpart and a
+ matching domain are eligible for lookup: 'user'
+ lookups, bare domain lookups and "@domain" lookups
+ are not performed. This can significantly reduce
the query load on the LDAP server.
domain = postfix.org, hash:/etc/postfix/searchdomains
- It is best not to use LDAP to store the domains
+ It is best not to use LDAP to store the domains
eligible for LDAP lookups.
- NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
+ NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases.
This feature is available in Postfix 1.0 and later.
<b>result_attribute (default: maildrop)</b>
- The attribute(s) Postfix will read from any direc-
+ The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved
to an email address.
result_attribute = mailbox, maildrop
- Don't rely on the default value ("maildrop"). Set
- the result_attribute explicitly in all ldap table
- configuration files. This is particularly relevant
- when no result_attribute is applicable, e.g. cases
- in which leaf_result_attribute and/or termi-
- nal_result_attribute are used instead. The default
+ Don't rely on the default value ("maildrop"). Set
+ the result_attribute explicitly in all ldap table
+ configuration files. This is particularly relevant
+ when no result_attribute is applicable, e.g. cases
+ in which leaf_result_attribute and/or termi-
+ nal_result_attribute are used instead. The default
value is harmless if "maildrop" is also listed as a
- leaf or terminal result attribute, but it is best
+ leaf or terminal result attribute, but it is best
to not leave this to chance.
<b>special_result_attribute (default: empty)</b>
The attribute(s) of directory entries that can con-
- tain DNs or <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recur-
+ tain DNs or <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recur-
sive search is performed to retrieve the entry ref-
- erenced by the DN, or the entries matched by the
+ erenced by the DN, or the entries matched by the
URL query.
special_result_attribute = memberdn
- DN recursion retrieves the same result_attributes
+ DN recursion retrieves the same result_attributes
as the main query, including the special attributes
for further recursion.
URL processing retrieves only those attributes that
- are included in both the URL definition and as
- result attributes (ordinary, special, leaf or ter-
+ are included in both the URL definition and as
+ result attributes (ordinary, special, leaf or ter-
minal) in the Postfix table definition. If the URL
lists any of the table's special result attributes,
- these are retrieved and used recursively. A URL
- that does not specify any attribute selection, is
- equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a URL that selects all
- attributes, in which case the selected attributes
- will be the full set of result attributes in the
+ these are retrieved and used recursively. A URL
+ that does not specify any attribute selection, is
+ equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a URL that selects all
+ attributes, in which case the selected attributes
+ will be the full set of result attributes in the
Postfix table.
- If an LDAP URL attribute-descriptor or the corre-
- sponding Postfix LDAP table result attribute (but
- not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-type options
- ("attr;option"), the attribute requested from the
- LDAP server will include the sub-type option. In
- all other cases, the URL attribute and the table
- attribute must match exactly. Attributes with
- options in both the URL and the Postfix table are
+ If an LDAP URL attribute-descriptor or the corre-
+ sponding Postfix LDAP table result attribute (but
+ not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-type options
+ ("attr;option"), the attribute requested from the
+ LDAP server will include the sub-type option. In
+ all other cases, the URL attribute and the table
+ attribute must match exactly. Attributes with
+ options in both the URL and the Postfix table are
requested only when the options are identical. LDAP
- attribute-descriptor options are very rarely used,
+ attribute-descriptor options are very rarely used,
most LDAP users will not need to concern themselves
with this level of nuanced detail.
<b>terminal_result_attribute (default: empty)</b>
- When one or more terminal result attributes are
+ When one or more terminal result attributes are
found in an LDAP entry, all other result attributes
are ignored and only the terminal result attributes
- are returned. This is useful for delegating expan-
- sion of group members to a particular host, by
- using an optional "maildrop" attribute on selected
+ are returned. This is useful for delegating expan-
+ sion of group members to a particular host, by
+ using an optional "maildrop" attribute on selected
groups to route the group to a specific host, where
- the group is expanded, possibly via mailing-list
+ the group is expanded, possibly via mailing-list
manager or other special processing.
result_attribute =
terminal_result_attribute = maildrop
- When using terminal and/or leaf result attributes,
- the result_attribute is best set to an empty value
- when it is not used, or else explicitly set to the
- desired value, even if it is the default value
+ When using terminal and/or leaf result attributes,
+ the result_attribute is best set to an empty value
+ when it is not used, or else explicitly set to the
+ desired value, even if it is the default value
"maildrop".
- This feature is available with Postfix 2.4 or
+ This feature is available with Postfix 2.4 or
later.
<b>leaf_result_attribute (default: empty)</b>
- When one or more special result attributes are
- found in a non-terminal (see above) LDAP entry,
+ When one or more special result attributes are
+ found in a non-terminal (see above) LDAP entry,
leaf result attributes are excluded from the expan-
- sion of that entry. This is useful when expanding
+ sion of that entry. This is useful when expanding
groups and the desired mail address attribute(s) of
the member objects obtained via DN or URI recursion
- are also present in the group object. To only
- return the attribute values from the leaf objects
- and not the containing group, add the attribute to
- the leaf_result_attribute list, and not the
- result_attribute list, which is always expanded.
- Note, the default value of "result_attribute" is
- not empty, you may want to set it explicitly empty
- when using "leaf_result_attribute" to expand the
- group to a list of member DN addresses. If groups
- have both member DN references AND attributes that
- hold multiple string valued rfc822 addresses, then
- the string attributes go in "result_attribute".
- The attributes that represent the email addresses
- of objects referenced via a DN (or LDAP URI) go in
+ are also present in the group object. To only
+ return the attribute values from the leaf objects
+ and not the containing group, add the attribute to
+ the leaf_result_attribute list, and not the
+ result_attribute list, which is always expanded.
+ Note, the default value of "result_attribute" is
+ not empty, you may want to set it explicitly empty
+ when using "leaf_result_attribute" to expand the
+ group to a list of member DN addresses. If groups
+ have both member DN references AND attributes that
+ hold multiple string valued rfc822 addresses, then
+ the string attributes go in "result_attribute".
+ The attributes that represent the email addresses
+ of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute".
result_attribute = memberaddr
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- When using terminal and/or leaf result attributes,
- the result_attribute is best set to an empty value
- when it is not used, or else explicitly set to the
- desired value, even if it is the default value
+ When using terminal and/or leaf result attributes,
+ the result_attribute is best set to an empty value
+ when it is not used, or else explicitly set to the
+ desired value, even if it is the default value
"maildrop".
- This feature is available with Postfix 2.4 or
+ This feature is available with Postfix 2.4 or
later.
<b>scope (default: sub)</b>
- The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
+ The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
- Whether or not to bind to the LDAP server. Newer
+ Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
bind = no
- If you do need to bind, you might consider config-
- uring Postfix to connect to the local machine on a
- port that's an SSL tunnel to your LDAP server. If
- your LDAP server doesn't natively support SSL, put
+ If you do need to bind, you might consider config-
+ uring Postfix to connect to the local machine on a
+ port that's an SSL tunnel to your LDAP server. If
+ your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call
- it) on that system too. This should prevent the
- password from traversing the network in the clear.
+ it) on that system too. This should prevent the
+ password from traversing the network in the clear.
<b>bind_dn (default: empty)</b>
- If you do have to bind, do it with this distin-
+ If you do have to bind, do it with this distin-
guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b>
- The password for the distinguished name above. If
+ The password for the distinguished name above. If
you have to use this, you probably want to make the
map configuration file readable only by the Postfix
- user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
+ user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos-
- sible to securely store the bind password. This is
+ sible to securely store the bind password. This is
because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
local accounts to submit mail via the sendmail com-
mand. Example:
<b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b>
- The above parameters are NO LONGER SUPPORTED by
+ The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b>
- A limit on the nesting depth of DN and URL special
- result attribute evaluation. The limit must be a
+ A limit on the nesting depth of DN and URL special
+ result attribute evaluation. The limit must be a
non-zero positive number.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
+ A limit on the total number of result elements
+ returned (as a comma separated list) by a lookup
+ against the map. A setting of zero disables the
+ limit. Lookups fail with a temporary error if the
+ limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b>
- A limit on the number of LDAP entries returned by
- any single LDAP search performed as part of the
- lookup. A setting of 0 disables the limit. Expan-
- sion of DN and URL references involves nested LDAP
- queries, each of which is separately subjected to
+ A limit on the number of LDAP entries returned by
+ any single LDAP search performed as part of the
+ lookup. A setting of 0 disables the limit. Expan-
+ sion of DN and URL references involves nested LDAP
+ queries, each of which is separately subjected to
this limit.
- Note: even a single LDAP entry can generate multi-
- ple lookup results, via multiple result attributes
- and/or multi-valued result attributes. This limit
- caps the per search resource utilization on the
- LDAP server, not the final multiplicity of the
- lookup result. It is analogous to the "-z" option
+ Note: even a single LDAP entry can generate multi-
+ ple lookup results, via multiple result attributes
+ and/or multi-valued result attributes. This limit
+ caps the per search resource utilization on the
+ LDAP server, not the final multiplicity of the
+ lookup result. It is analogous to the "-z" option
of "ldapsearch".
<b>dereference (default: 0)</b>
- When to dereference LDAP aliases. (Note that this
+ When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted
- values are those legal for the OpenLDAP/UM LDAP
+ values are those legal for the OpenLDAP/UM LDAP
implementations:
0 never
3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man
- pages for more information. And if you're using an
+ pages for more information. And if you're using an
LDAP package that has other possible values, please
- bring it to the attention of the postfix-
+ bring it to the attention of the postfix-
users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b>
- Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
+ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support).
<b>version (default: 2)</b>
Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b>
- What level to set for debugging in the OpenLDAP
+ What level to set for debugging in the OpenLDAP
libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
- If you're using the OpenLDAP libraries compiled with SSL
- support, Postfix can connect to LDAP SSL servers and can
+ If you're using the OpenLDAP libraries compiled with SSL
+ support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command.
- LDAP SSL service can be requested by using a LDAP SSL URL
+ LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
server_host = ldaps://ldap.example.com:636
start_tls = yes
- Both forms require LDAP protocol version 3, which has to
+ Both forms require LDAP protocol version 3, which has to
be set explicitly with:
version = 3
If any of the Postfix programs querying the map is config-
- ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
+ ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of
- course, the private keys should only be readable by the
+ course, the private keys should only be readable by the
user "postfix".
- The following parameters are relevant to LDAP SSL and
+ The following parameters are relevant to LDAP SSL and
STARTTLS:
<b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to
- the server. Don't set this with LDAP SSL (the SSL
+ the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec-
tion is opened).
- <b>tls_ca_cert_dir (No default; set either this or</b>
+ <b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority
- certificates in PEM format which are to be recog-
- nized by the client in SSL/TLS connections. The
- files each contain one CA certificate. The files
- are looked up by the CA subject name hash value,
- which must hence be available. If more than one CA
- certificate with the same name hash value exist,
- the extension must be different (e.g. 9d66eef0.0,
- 9d66eef0.1 etc). The search is performed in the
- ordering of the extension number, regardless of
+ certificates in PEM format which are to be recog-
+ nized by the client in SSL/TLS connections. The
+ files each contain one CA certificate. The files
+ are looked up by the CA subject name hash value,
+ which must hence be available. If more than one CA
+ certificate with the same name hash value exist,
+ the extension must be different (e.g. 9d66eef0.0,
+ 9d66eef0.1 etc). The search is performed in the
+ ordering of the extension number, regardless of
other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to
create the necessary links.
- <b>tls_ca_cert_file (No default; set either this or</b>
+ <b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer-
- tificates in PEM format which are to be recognized
- by the client in SSL/TLS connections. This setting
+ tificates in PEM format which are to be recognized
+ by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b>
- File containing client's X509 certificate to be
+ File containing client's X509 certificate to be
used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b>
- File containing the private key corresponding to
+ File containing the private key corresponding to
the above tls_cert.
<b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate
- and check its validity when establishing SSL/TLS
- connections. The supported values are <b>no</b> and <b>yes</b>.
+ and check its validity when establishing SSL/TLS
+ connections. The supported values are <b>no</b> and <b>yes</b>.
- With <b>no</b>, the server certificate trust chain is not
- checked, but with OpenLDAP prior to 2.1.13, the
+ With <b>no</b>, the server certificate trust chain is not
+ checked, but with OpenLDAP prior to 2.1.13, the
name in the server certificate must still match the
LDAP server name. With OpenLDAP 2.0.0 to 2.0.11 the
- server name is not necessarily what you specified,
- rather it is determined (by reverse lookup) from
- the IP address of the LDAP server connection. With
- OpenLDAP prior to 2.0.13, subjectAlternativeName
+ server name is not necessarily what you specified,
+ rather it is determined (by reverse lookup) from
+ the IP address of the LDAP server connection. With
+ OpenLDAP prior to 2.0.13, subjectAlternativeName
extensions in the LDAP server certificate are
- ignored: the server name must match the subject
+ ignored: the server name must match the subject
CommonName. The <b>no</b> setting corresponds to the <b>never</b>
- value of <b>TLS_REQCERT</b> in LDAP client configuration
+ value of <b>TLS_REQCERT</b> in LDAP client configuration
files.
- Don't use TLS with OpenLDAP 2.0.x (and especially
+ Don't use TLS with OpenLDAP 2.0.x (and especially
with x <= 11) if you can avoid it.
- With <b>yes</b>, the server certificate must be issued by
- a trusted CA, and not be expired. The LDAP server
- name must match one of the name(s) found in the
+ With <b>yes</b>, the server certificate must be issued by
+ a trusted CA, and not be expired. The LDAP server
+ name must match one of the name(s) found in the
certificate (see above for OpenLDAP library version
dependent behavior). The <b>yes</b> setting corresponds to
the <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client con-
The "try" and "never" values of <b>TLS_REQCERT</b> have no
equivalents here. They are not available with
- OpenLDAP 2.0, and in any case have questionable
- security properties. Either you want TLS verified
+ OpenLDAP 2.0, and in any case have questionable
+ security properties. Either you want TLS verified
LDAP connections, or you don't.
The <b>yes</b> value only works correctly with Postfix 2.5
- and later, or with OpenLDAP 2.0. Earlier Postfix
- releases or later OpenLDAP releases don't work
- together with this setting. Support for LDAP over
- TLS was added to Postfix based on the OpenLDAP 2.0
+ and later, or with OpenLDAP 2.0. Earlier Postfix
+ releases or later OpenLDAP releases don't work
+ together with this setting. Support for LDAP over
+ TLS was added to Postfix based on the OpenLDAP 2.0
API.
<b>tls_random_file (No default)</b>
- Path of a file to obtain random bits from when
- /dev/[u]random is not available, to be used by the
+ Path of a file to obtain random bits from when
+ /dev/[u]random is not available, to be used by the
client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
- Here's
a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
+ Here's
a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
server_host = ldap.example.com
search_base = dc=example, dc=com
- Upon receiving mail for a local address "ldapuser" that
- isn't found in the /etc/aliases database, Postfix will
+ Upon receiving mail for a local address "ldapuser" that
+ isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on ldap.exam-
- ple.com. It will bind anonymously, search for any direc-
- tory entries whose mailacceptinggeneralid attribute is
+ ple.com. It will bind anonymously, search for any direc-
+ tory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found,
and build a list of their maildrops, which will be treated
- as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
+ as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
ered.
<b>SEE ALSO</b>
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
- Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
- Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
- Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
+ Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
+ Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
+ Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others.
LDAP_TABLE(5)
Support for this form will be removed in a future Postfix
version.
- Postfix 2.2 has enhanced query interfaces for MySQL and
- PostgreSQL; these include features previously available
- only in the Postfix LDAP client. In the new interface the
- SQL query is specified via a single <b>query</b> parameter
- (described in more detail below). When the new <b>query</b>
- parameter is not specified in the map definition, Postfix
- reverts to the old interface, with the SQL query con-
- structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
- <b>additional_conditions</b> parameters. The old interface will
- be gradually phased out. To migrate to the new interface
+ Normally, the SQL query is specified via a single <b>query</b>
+ parameter (described in more detail below). When this
+ parameter is not specified in the map definition, Postfix
+ reverts to an older interface, with the SQL query con-
+ structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
+ <b>additional_conditions</b> parameters. The old interface will
+ be gradually phased out. To migrate to the new interface
set:
<b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
[<i>additional</i><b>_</b><i>conditions</i>]
- Insert the value, not the name, of each legacy parameter.
- Note that the <b>additional_conditions</b> parameter is optional
+ Insert the value, not the name, of each legacy parameter.
+ Note that the <b>additional_conditions</b> parameter is optional
and if not empty, will always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
- <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
- is important to understand that the table must store each
- list member as a separate key. The table lookup verifies
- the *existence* of the key. See "Postfix lists versus
- tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
-
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
+ <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
+ is important to understand that the table must store each
+ list member as a separate key. The table lookup verifies
+ the *existence* of the key. See "Postfix lists versus
+ tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains
+ in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
- an arbitrary value. With SQL databases it is not uncommon
+ an arbitrary value. With SQL databases it is not uncommon
to return the key itself or a constant value.
<b>MYSQL PARAMETERS</b>
- <b>hosts</b> The hosts that Postfix will try to connect to and
+ <b>hosts</b> The hosts that Postfix will try to connect to and
query from. Specify <i>unix:</i> for UNIX domain sockets,
<i>inet:</i> for TCP connections (default). Example:
hosts = host1.some.domain host2.some.domain
hosts = unix:/file/name
- The hosts are tried in random order, with all con-
+ The hosts are tried in random order, with all con-
nections over UNIX domain sockets being tried
- before those over TCP. The connections are auto-
- matically closed after being idle for about 1
- minute, and are re-opened as necessary. Postfix
- versions 2.0 and earlier do not randomize the host
+ before those over TCP. The connections are auto-
+ matically closed after being idle for about 1
+ minute, and are re-opened as necessary. Postfix
+ versions 2.0 and earlier do not randomize the host
order.
- NOTE: if you specify localhost as a hostname (even
+ NOTE: if you specify localhost as a hostname (even
if you prefix it with <i>inet:</i>), MySQL will connect to
the default UNIX domain socket. In order to
instruct MySQL to connect to localhost over TCP you
hosts = 127.0.0.1
<b>user, password</b>
- The user name and password to log into the mysql
+ The user name and password to log into the mysql
server. Example:
user = someone
password = some_password
trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
- This parameter supports the following '%' expan-
+ This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the input key. SQL
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
+ <b>%s</b> This is replaced by the input key. SQL
+ quoting is used to make sure that the input
+ key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, the
- query is suppressed and returns no results.
+ quoted local part of the address. Other-
+ wise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the
+ query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL
- quoted domain part of the address. Other-
+ quoted domain part of the address. Other-
wise, the query is suppressed and returns no
results.
<b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query</b> parameter
+ expansions behave in the <b>query</b> parameter
identically to their lower-case counter-
parts. With the <b>result_format</b> parameter
(see below), they expand the input key
rather than the result value.
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
- of the input key's domain. If the input key
+ of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the query is suppressed and
+ domain components to satisfy all the speci-
+ fied patterns, the query is suppressed and
returns no results.
- The <b>domain</b> parameter described below limits the
- input keys to addresses in matching domains. When
- the <b>domain</b> parameter is non-empty, SQL queries for
- unqualified addresses or addresses in non-matching
+ The <b>domain</b> parameter described below limits the
+ input keys to addresses in matching domains. When
+ the <b>domain</b> parameter is non-empty, SQL queries for
+ unqualified addresses or addresses in non-matching
domains are suppressed and return no results.
- This parameter is available with Postfix 2.2. In
- prior releases the SQL query was built from the
- separate parameters: <b>select_field</b>, <b>table</b>,
- <b>where_field</b> and <b>additional_conditions</b>. The mapping
+ This parameter is available with Postfix 2.2. In
+ prior releases the SQL query was built from the
+ separate parameters: <b>select_field</b>, <b>table</b>,
+ <b>where_field</b> and <b>additional_conditions</b>. The mapping
from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
The '%s' in the <b>WHERE</b> clause expands to the escaped
search string. With Postfix 2.2 these legacy
- parameters are used if the <b>query</b> parameter is not
+ parameters are used if the <b>query</b> parameter is not
specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
- Format template applied to result attributes. Most
- commonly used to append (or prepend) text to the
- result. This parameter supports the following '%'
+ Format template applied to result attributes. Most
+ commonly used to append (or prepend) text to the
+ result. This parameter supports the following '%'
expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
+ <b>%s</b> This is replaced by the value of the result
+ attribute. When result is empty it is
skipped.
- <b>%u</b> When the result attribute value is an
+ <b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
+ replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
+ <b>%d</b> When a result attribute value is an address
+ of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
+ The upper-case and decimal digit expansions
interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query</b>, and
- in fact because the input key is known in
- advance, queries whose key does not contain
- all the information specified in the result
- template are suppressed and return no
+ rather than the result. Their behavior is
+ identical to that described with <b>query</b>, and
+ in fact because the input key is known in
+ advance, queries whose key does not contain
+ all the information specified in the result
+ template are suppressed and return no
results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and parame-
+ of a <a href="transport.5.html">transport(5)</a> table. After applying the result
+ format, multiple values are concatenated as comma
+ separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num-
- ber of values in the result, which is especially
+ ber of values in the result, which is especially
useful for maps that must return at most one value.
- The default value <b>%s</b> specifies that each result
+ The default value <b>%s</b> specifies that each result
value should be used as is.
- This parameter is available with Postfix 2.2 and
+ This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
+ This is a list of domain names, paths to files, or
+ dictionaries. When specified, only fully qualified
+ search keys with a *non-empty* localpart and a
+ matching domain are eligible for lookup: 'user'
+ lookups, bare domain lookups and "@domain" lookups
+ are not performed. This can significantly reduce
the query load on the MySQL server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eli-
gible for SQL lookups.
- This parameter is available with Postfix 2.2 and
+ This parameter is available with Postfix 2.2 and
later.
- NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
+ NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases, because the input keys are always unquali-
fied.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
+ A limit on the total number of result elements
+ returned (as a comma separated list) by a lookup
+ against the map. A setting of zero disables the
+ limit. Lookups fail with a temporary error if the
+ limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACE</b>
- This section describes an interface that is deprecated as
- of Postfix 2.2. It is replaced by the more general <b>query</b>
- interface described above. If the <b>query</b> parameter is
- defined, the legacy parameters described here ignored.
- Please migrate to the new interface as the legacy inter-
+ This section describes an interface that is deprecated as
+ of Postfix 2.2. It is replaced by the more general <b>query</b>
+ interface described above. If the <b>query</b> parameter is
+ defined, the legacy parameters described here ignored.
+ Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
- The following parameters can be used to fill in a SELECT
+ The following parameters can be used to fill in a SELECT
template statement of the form:
SELECT [<b>select_field</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The specifier %s is replaced by the search string, and is
+ The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu-
rity problem.
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
+ <a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="MYSQL_README.html">MYSQL_README</a>, Postfix MYSQL client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
readable. Support for this form will be removed in a
future Postfix version.
- Postfix 2.2 has enhanced query interfaces for MySQL and
- PostgreSQL, these include features previously available
- only in the Postfix LDAP client. In the new interface the
- SQL query is specified via a single <b>query</b> parameter
- (described in more detail below). In Postfix 2.1 the
- parameter precedence was, from highest to lowest,
- <b>select_function</b>, <b>query</b> and finally <b>select_field</b>, ...
-
- With Postfix 2.2 the <b>query</b> parameter has highest prece-
- dence, and is used in preference to the still supported,
- but slated to be phased out, <b>select_function</b>,
- <b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>
- parameters. To migrate to the new interface set:
+ Normally, the SQL query is specified via a single <b>query</b>
+ parameter (described in more detail below). When this
+ parameter is not specified in the map definition, Postfix
+ reverts to an older interface, with the SQL query con-
+ structed from the <b>select_function</b>, <b>select_field</b>, <b>table</b>,
+ <b>where_field</b> and <b>additional_conditions</b> parameters. The old
+ interface will be gradually phased out. To migrate to the
+ new interface set:
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
- or in the absence of <b>select_function</b>, the lower prece-
+ or in the absence of <b>select_function</b>, the lower prece-
dence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
WHERE <i>where</i><b>_</b><i>field</i> = '%s'
<i>additional</i><b>_</b><i>conditions</i>
- Use the value, not the name, of each legacy parameter.
- Note that the <b>additional_conditions</b> parameter is optional
+ Use the value, not the name, of each legacy parameter.
+ Note that the <b>additional_conditions</b> parameter is optional
and if not empty, will always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
- <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
- is important to understand that the table must store each
- list member as a separate key. The table lookup verifies
- the *existence* of the key. See "Postfix lists versus
- tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
-
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
+ <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
+ is important to understand that the table must store each
+ list member as a separate key. The table lookup verifies
+ the *existence* of the key. See "Postfix lists versus
+ tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains
+ in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
DO create tables with each matching item as a key and with
- an arbitrary value. With SQL databases it is not uncommon
+ an arbitrary value. With SQL databases it is not uncommon
to return the key itself or a constant value.
<b>PGSQL PARAMETERS</b>
- <b>hosts</b> The hosts that Postfix will try to connect to and
+ <b>hosts</b> The hosts that Postfix will try to connect to and
query from. Specify <i>unix:</i> for UNIX-domain sockets,
<i>inet:</i> for TCP connections (default). Example:
hosts = host1.some.domain host2.some.domain
hosts = unix:/file/name
- The hosts are tried in random order, with all con-
+ The hosts are tried in random order, with all con-
nections over UNIX domain sockets being tried
- before those over TCP. The connections are auto-
- matically closed after being idle for about 1
+ before those over TCP. The connections are auto-
+ matically closed after being idle for about 1
minute, and are re-opened as necessary.
NOTE: the <i>unix:</i> and <i>inet:</i> prefixes are accepted for
- backwards compatibility reasons, but are actually
+ backwards compatibility reasons, but are actually
ignored. The PostgreSQL client library will always
try to connect to an UNIX socket if the name starts
- with a slash, and will try a TCP connection other-
+ with a slash, and will try a TCP connection other-
wise.
<b>user, password</b>
- The user name and password to log into the pgsql
+ The user name and password to log into the pgsql
server. Example:
user = someone
password = some_password
trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
- This parameter supports the following '%' expan-
+ This parameter supports the following '%' expan-
sions:
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later)
- <b>%s</b> This is replaced by the input key. SQL
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
+ <b>%s</b> This is replaced by the input key. SQL
+ quoting is used to make sure that the input
+ key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, the
- query is suppressed and returns no results.
+ quoted local part of the address. Other-
+ wise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the
+ query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL
- quoted domain part of the address. Other-
+ quoted domain part of the address. Other-
wise, the query is suppressed and returns no
results.
<b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query</b> parameter
+ expansions behave in the <b>query</b> parameter
identically to their lower-case counter-
parts. With the <b>result_format</b> parameter
(see below), they expand the input key
rather than the result value.
- The above %S, %U and %D expansions are
+ The above %S, %U and %D expansions are
available with Postfix 2.2 and later
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
- of the input key's domain. If the input key
+ of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the query is suppressed and
+ domain components to satisfy all the speci-
+ fied patterns, the query is suppressed and
returns no results.
- The above %1, ... %9 expansions are avail-
+ The above %1, ... %9 expansions are avail-
able with Postfix 2.2 and later
- The <b>domain</b> parameter described below limits the
- input keys to addresses in matching domains. When
- the <b>domain</b> parameter is non-empty, SQL queries for
- unqualified addresses or addresses in non-matching
+ The <b>domain</b> parameter described below limits the
+ input keys to addresses in matching domains. When
+ the <b>domain</b> parameter is non-empty, SQL queries for
+ unqualified addresses or addresses in non-matching
domains are suppressed and return no results.
- The precedence of this parameter has changed with
- Postfix 2.2, in prior releases the precedence was,
- from highest to lowest, <b>select_function</b>, <b>query</b>,
+ The precedence of this parameter has changed with
+ Postfix 2.2, in prior releases the precedence was,
+ from highest to lowest, <b>select_function</b>, <b>query</b>,
<b>select_field</b>, ...
- With Postfix 2.2 the <b>query</b> parameter has highest
+ With Postfix 2.2 the <b>query</b> parameter has highest
precedence, see COMPATIBILITY above.
NOTE: DO NOT put quotes around the <b>query</b> parameter.
<b>result_format (default: %s</b>)
- Format template applied to result attributes. Most
- commonly used to append (or prepend) text to the
- result. This parameter supports the following '%'
+ Format template applied to result attributes. Most
+ commonly used to append (or prepend) text to the
+ result. This parameter supports the following '%'
expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
+ <b>%s</b> This is replaced by the value of the result
+ attribute. When result is empty it is
skipped.
- <b>%u</b> When the result attribute value is an
+ <b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
+ replaced by the local part of the address.
When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
+ <b>%d</b> When a result attribute value is an address
+ of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When
the result is unqualified it is skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
+ The upper-case and decimal digit expansions
interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query</b>, and
- in fact because the input key is known in
- advance, queries whose key does not contain
- all the information specified in the result
- template are suppressed and return no
+ rather than the result. Their behavior is
+ identical to that described with <b>query</b>, and
+ in fact because the input key is known in
+ advance, queries whose key does not contain
+ all the information specified in the result
+ template are suppressed and return no
results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and parame-
+ of a <a href="transport.5.html">transport(5)</a> table. After applying the result
+ format, multiple values are concatenated as comma
+ separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num-
- ber of values in the result, which is especially
+ ber of values in the result, which is especially
useful for maps that must return at most one value.
- The default value <b>%s</b> specifies that each result
+ The default value <b>%s</b> specifies that each result
value should be used as is.
- This parameter is available with Postfix 2.2 and
+ This parameter is available with Postfix 2.2 and
later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
+ This is a list of domain names, paths to files, or
+ dictionaries. When specified, only fully qualified
+ search keys with a *non-empty* localpart and a
+ matching domain are eligible for lookup: 'user'
+ lookups, bare domain lookups and "@domain" lookups
+ are not performed. This can significantly reduce
the query load on the PostgreSQL server.
domain = postfix.org, hash:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eli-
gible for SQL lookups.
- This parameter is available with Postfix 2.2 and
+ This parameter is available with Postfix 2.2 and
later.
- NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
+ NOTE:
DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases, because the input keys are always unquali-
fied.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
+ A limit on the total number of result elements
+ returned (as a comma separated list) by a lookup
+ against the map. A setting of zero disables the
+ limit. Lookups fail with a temporary error if the
+ limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACES</b>
- This section describes query interfaces that are depre-
- cated as of Postfix 2.2. Please migrate to the new <b>query</b>
- interface as the old interfaces are slated to be phased
+ This section describes query interfaces that are depre-
+ cated as of Postfix 2.2. Please migrate to the new <b>query</b>
+ interface as the old interfaces are slated to be phased
out.
<b>select_function</b>
- This parameter specifies a database function name.
+ This parameter specifies a database function name.
Example:
select_function = my_lookup_user_alias
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
- This parameter overrides the legacy table-related
- fields (described below). With Postfix versions
- prior to 2.2, it also overrides the <b>query</b> parame-
+ This parameter overrides the legacy table-related
+ fields (described below). With Postfix versions
+ prior to 2.2, it also overrides the <b>query</b> parame-
ter. Starting with Postfix 2.2, the <b>query</b> parameter
- has highest precedence, and the <b>select_function</b>
+ has highest precedence, and the <b>select_function</b>
parameter is deprecated.
- The following parameters (with lower precedence than the
- <b>select_function</b> interface described above) can be used to
+ The following parameters (with lower precedence than the
+ <b>select_function</b> interface described above) can be used to
build the SQL select statement as follows:
SELECT [<b>select_field</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The specifier %s is replaced with each lookup by the
- lookup key and is escaped so if it contains single quotes
- or other odd characters, it will not cause a parse error,
+ The specifier %s is replaced with each lookup by the
+ lookup key and is escaped so if it contains single quotes
+ or other odd characters, it will not cause a parse error,
or worse, a security problem.
- Starting with Postfix 2.2, this interface is obsoleted by
- the more general <b>query</b> interface described above. If
- higher precedence the <b>query</b> or <b>select_function</b> parameters
+ Starting with Postfix 2.2, this interface is obsoleted by
+ the more general <b>query</b> interface described above. If
+ higher precedence the <b>query</b> or <b>select_function</b> parameters
described above are defined, the parameters described here
are ignored.
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
<a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
+ <a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
is available on systems with support for
SDBM databases.
+ <b>sqlite</b> (read-only)
+ Perform lookups from SQLite database files.
+ This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
+
<b>static</b> (read-only)
- A table that always returns its name as
- lookup result. For example, <b>static:foobar</b>
- always returns the string <b>foobar</b> as lookup
+ A table that always returns its name as
+ lookup result. For example, <b>static:foobar</b>
+ always returns the string <b>foobar</b> as lookup
result.
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
- protocol
that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
+ protocol
that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not included with the stable
Postfix release.
<b>unix</b> (read-only)
- A limited way to query the UNIX authentica-
+ A limited way to query the UNIX authentica-
tion database. The following tables are
implemented:
<b>unix:passwd.byname</b>
- The table is the UNIX password data-
- base. The key is a login name. The
- result is a password file entry in
+ The table is the UNIX password data-
+ base. The key is a login name. The
+ result is a password file entry in
<b>passwd</b>(5) format.
<b>unix:group.byname</b>
The table is the UNIX group database.
- The key is a group name. The result
- is a group file entry in <b>group</b>(5)
+ The key is a group name. The result
+ is a group file entry in <b>group</b>(5)
format.
- Other table types may exist depending on how Post-
+ Other table types may exist depending on how Post-
fix was built.
<b>-n</b> Print parameter settings that are not left at their
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
Display the templates for delivery status notifica-
- tion (DSN) messages. To override the built-in tem-
- plates, specify a template file at the end of the
+ tion (DSN) messages. To override the built-in tem-
+ plates, specify a template file at the end of the
command line, or specify a template file in <a href="postconf.5.html">main.cf</a>
- with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter. To force
- selection of the built-in templates, specify an
+ with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter. To force
+ selection of the built-in templates, specify an
empty template file name (in shell language: "").
- This feature is available with Postfix 2.3 and
+ This feature is available with Postfix 2.3 and
later.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file. The file is
+ <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file. The file is
copied to a temporary file then renamed into place.
- The parameters specified on the command line are
+ The parameters specified on the command line are
commented-out, so that they revert to their default
- values. Specify a list of parameter names, not
- name=value pairs. There is no <b>postconf</b> command to
+ values. Specify a list of parameter names, not
+ name=value pairs. There is no <b>postconf</b> command to
perform the reverse operation.
- This feature is available with Postfix 2.6 and
+ This feature is available with Postfix 2.6 and
later.
<b>DIAGNOSTICS</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
to this program.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
+ Pathname of a configuration file with bounce mes-
sage templates.
<b>FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
certificates and giving them relay permission with
<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
-<p> This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
-later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for backwards
-compatibility, to avoid breaking certificate verification with sites
-that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
+<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
+2.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for
+backwards compatibility, to avoid breaking certificate verification
+
with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
</DD>
<li> <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
+<li> slite_table(5), Postfix SQLite database driver
+
<li> <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
</ul>
<a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
<a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
<a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
+ slite_table(5), Postfix SQLite database driver
<a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
Daemon processes:
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - sqlite_table(5) </title>
+</head> <body> <pre>
+SQLITE_TABLE(5) SQLITE_TABLE(5)
+
+<b>NAME</b>
+ sqlite_table - Postfix SQLite configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" sqlite:/etc/postfix/filename</b>
+
+ <b>postmap -q - sqlite:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address
+ rewriting or mail routing. These tables are usually in <b>dbm</b>
+ or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as SQLite
+ databases. In order to use SQLite lookups, define a
+ SQLite source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = sqlite:/etc/sqlite-aliases.cf
+
+ The file /etc/postfix/sqlite-aliases.cf has the same for-
+ mat as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the
+ parameters described below.
+
+<b>BACKWARDS COMPATIBILITY</b>
+ For compatibility with other Postfix lookup tables, SQLite
+ parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do
+ that, specify as SQLite source a name that doesn't begin
+ with a slash or a dot. The SQLite parameters will then be
+ accessible as the name you've given the source in its def-
+ inition, an underscore, and the name of the parameter.
+ For example, if the map is specified as "sqlite:<i>sqlite-</i>
+ <i>name</i>", the parameter "query" below would be defined in
+ <a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
+
+ Normally, the SQL query is specified via a single <b>query</b>
+ parameter (described in more detail below). When this
+ parameter is not specified in the map definition, Postfix
+ reverts to an older interface, with the SQL query con-
+ structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
+ <b>additional_conditions</b> parameters. The old interface will
+ be gradually phased out. To migrate to the new interface
+ set:
+
+ <b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
+ FROM [<i>table</i>]
+ WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
+ [<i>additional</i><b>_</b><i>conditions</i>]
+
+ Insert the value, not the name, of each legacy parameter.
+ Note that the <b>additional_conditions</b> parameter is optional
+ and if not empty, will always start with <b>AND</b>.
+
+<b>LIST MEMBERSHIP</b>
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
+ <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
+ is important to understand that the table must store each
+ list member as a separate key. The table lookup verifies
+ the *existence* of the key. See "Postfix lists versus
+ tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains
+ in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
+ in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+
+ DO create tables with each matching item as a key and with
+ an arbitrary value. With SQL databases it is not uncommon
+ to return the key itself or a constant value.
+
+<b>SQLITE PARAMETERS</b>
+ <b>dbpath</b> The SQLite database file location. Example:
+ dbpath = customer_database
+
+ <b>query</b> The SQL query template used to search the database,
+ where <b>%s</b> is a substitute for the address Postfix is
+ trying to resolve, e.g.
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+
+ This parameter supports the following '%' expan-
+ sions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the input key. SQL
+ quoting is used to make sure that the input
+ key does not add unexpected metacharacters.
+
+ <b>%u</b> When the input key is an address of the form
+ user@domain, <b>%u</b> is replaced by the SQL
+ quoted local part of the address. Other-
+ wise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the
+ query is suppressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form
+ user@domain, <b>%d</b> is replaced by the SQL
+ quoted domain part of the address. Other-
+ wise, the query is suppressed and returns no
+ results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above
+ expansions behave in the <b>query</b> parameter
+ identically to their lower-case counter-
+ parts. With the <b>result_format</b> parameter
+ (see below), they expand the input key
+ rather than the result value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ the corresponding most significant component
+ of the input key's domain. If the input key
+ is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough
+ domain components to satisfy all the speci-
+ fied patterns, the query is suppressed and
+ returns no results.
+
+ The <b>domain</b> parameter described below limits the
+ input keys to addresses in matching domains. When
+ the <b>domain</b> parameter is non-empty, SQL queries for
+ unqualified addresses or addresses in non-matching
+ domains are suppressed and return no results.
+
+ This parameter is available with Postfix 2.2. In
+ prior releases the SQL query was built from the
+ separate parameters: <b>select_field</b>, <b>table</b>,
+ <b>where_field</b> and <b>additional_conditions</b>. The mapping
+ from the old parameters to the equivalent query is:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The '%s' in the <b>WHERE</b> clause expands to the escaped
+ search string. With Postfix 2.2 these legacy
+ parameters are used if the <b>query</b> parameter is not
+ specified.
+
+ NOTE: DO NOT put quotes around the query parameter.
+
+ <b>result_format (default: %s</b>)
+ Format template applied to result attributes. Most
+ commonly used to append (or prepend) text to the
+ result. This parameter supports the following '%'
+ expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the value of the result
+ attribute. When result is empty it is
+ skipped.
+
+ <b>%u</b> When the result attribute value is an
+ address of the form user@domain, <b>%u</b> is
+ replaced by the local part of the address.
+ When the result has an empty localpart it is
+ skipped.
+
+ <b>%d</b> When a result attribute value is an address
+ of the form user@domain, <b>%d</b> is replaced by
+ the domain part of the attribute value. When
+ the result is unqualified it is skipped.
+
+ <b>%[SUD1-9]</b>
+ The upper-case and decimal digit expansions
+ interpolate the parts of the input key
+ rather than the result. Their behavior is
+ identical to that described with <b>query</b>, and
+ in fact because the input key is known in
+ advance, queries whose key does not contain
+ all the information specified in the result
+ template are suppressed and return no
+ results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
+ allows one to use a mailHost attribute as the basis
+ of a <a href="transport.5.html">transport(5)</a> table. After applying the result
+ format, multiple values are concatenated as comma
+ separated strings. The expansion_limit and parame-
+ ter explained below allows one to restrict the num-
+ ber of values in the result, which is especially
+ useful for maps that must return at most one value.
+
+ The default value <b>%s</b> specifies that each result
+ value should be used as is.
+
+ This parameter is available with Postfix 2.2 and
+ later.
+
+ NOTE: DO NOT put quotes around the result format!
+
+ <b>domain (default: no domain list)</b>
+ This is a list of domain names, paths to files, or
+ dictionaries. When specified, only fully qualified
+ search keys with a *non-empty* localpart and a
+ matching domain are eligible for lookup: 'user'
+ lookups, bare domain lookups and "@domain" lookups
+ are not performed. This can significantly reduce
+ the query load on the SQLite server.
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+
+ It is best not to use SQL to store the domains eli-
+ gible for SQL lookups.
+
+ This parameter is available with Postfix 2.2 and
+ later.
+
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
+ aliases, because the input keys are always unquali-
+ fied.
+
+ <b>expansion_limit (default: 0)</b>
+ A limit on the total number of result elements
+ returned (as a comma separated list) by a lookup
+ against the map. A setting of zero disables the
+ limit. Lookups fail with a temporary error if the
+ limit is exceeded. Setting the limit to 1 ensures
+ that lookups do not return multiple values.
+
+<b>OBSOLETE QUERY INTERFACE</b>
+ This section describes an interface that is deprecated as
+ of Postfix 2.2. It is replaced by the more general <b>query</b>
+ interface described above. If the <b>query</b> parameter is
+ defined, the legacy parameters described here ignored.
+ Please migrate to the new interface as the legacy inter-
+ face may be removed in a future release.
+
+ The following parameters can be used to fill in a SELECT
+ template statement of the form:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The specifier %s is replaced by the search string, and is
+ escaped so if it contains single quotes or other odd char-
+ acters, it will not cause a parse error, or worse, a secu-
+ rity problem.
+
+ <b>select_field</b>
+ The SQL "select" parameter. Example:
+ <b>select_field</b> = forw_addr
+
+ <b>table</b> The SQL "select .. from" table name. Example:
+ <b>table</b> = mxaliases
+
+ <b>where_field</b>
+ The SQL "select .. where" parameter. Example:
+ <b>where_field</b> = alias
+
+ <b>additional_conditions</b>
+ Additional conditions to the SQL query. Example:
+ <b>additional_conditions</b> = AND status = 'paid'
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
+ <a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
+ <a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="SQLITE_README.html">SQLITE_README</a>, Postfix SQLITE driver
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>HISTORY</b>
+ SQLite support was introduced with Postfix version 2.8.
+
+<b>AUTHOR(S)</b>
+ Original implementation by:
+ Axel Steiner
+
+ SQLITE_TABLE(5)
+</pre> </body> </html>
man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \
man5/body_checks.5 man5/ldap_table.5 man5/mysql_table.5 \
man5/pgsql_table.5 man5/master.5 man5/nisplus_table.5 \
- man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5
+ man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5 \
+ man5/sqlite_table.5
TOOLS = man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
man1/qmqp-source.1 man1/qshape.1
man5/mysql_table.5: ../proto/mysql_table
../mantools/srctoman - $? >$@
+man5/sqlite_table.5: ../proto/sqlite_table
+ ../mantools/srctoman - $? >$@
+
man5/nisplus_table.5: ../proto/nisplus_table
../mantools/srctoman - $? >$@
.IP \fBsdbm\fR
An indexed file type based on hashing.
This is available on systems with support for SDBM databases.
+.IP "\fBsqlite\fR (read-only)"
+Perform lookups from SQLite database files. This is described
+in \fBsqlite_table\fR(5).
.IP "\fBstatic\fR (read-only)"
A table that always returns its name as lookup result. For example,
\fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
pcre_table(5), Associate PCRE pattern with value
pgsql_table(5), Postfix PostgreSQL client
regexp_table(5), Associate POSIX regexp pattern with value
+slite_table(5), Postfix SQLite database driver
tcp_table(5), Postfix client-server table lookup
Daemon processes:
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
-Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
-These include features that were previously available only in the
-Postfix LDAP client. This work also created an opportunity for
-improvements in the LDAP interface. The primary compatibility
-issue is that \fBresult_filter\fR (a name that has caused some
-confusion as to its meaning in the past) has been renamed to
-\fBresult_format\fR. For backwards compatibility with the pre
-2.2 LDAP client, \fBresult_filter\fR can for now be used instead
+For backwards compatibility with the pre
+2.2 LDAP clients, \fBresult_filter\fR can for now be used instead
of \fBresult_format\fR, when the latter parameter is not also set.
The new name better reflects the function of the parameter. This
compatibility interface may be removed in a future release.
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
-Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
-these include features previously available only in the Postfix
-LDAP client. In the new interface the SQL query is specified via
-a single \fBquery\fR parameter (described in more detail below).
-When the new \fBquery\fR parameter is not specified in the map
-definition, Postfix reverts to the old interface, with the SQL
-query constructed from the \fBselect_field\fR, \fBtable\fR,
-\fBwhere_field\fR and \fBadditional_conditions\fR parameters.
-The old interface will be gradually phased out. To migrate to
-the new interface set:
+Normally, the SQL query is specified via a single \fBquery\fR
+parameter (described in more detail below). When this
+parameter is not specified in the map definition, Postfix
+reverts to an older interface, with the SQL query constructed
+from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
+and \fBadditional_conditions\fR parameters. The old interface
+will be gradually phased out. To migrate to the new interface
+set:
.nf
\fBquery\fR = SELECT [\fIselect_field\fR]
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
pgsql_table(5), PostgreSQL lookup tables
+sqlite_table(5), SQLite lookup tables
.SH "README FILES"
.na
.nf
Support for this form will be removed in a future Postfix
version.
-Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
-these include features previously available only in the Postfix
-LDAP client. In the new interface the SQL query is specified via
-a single \fBquery\fR parameter (described in more detail below).
-In Postfix 2.1 the parameter precedence was, from highest to lowest,
-\fBselect_function\fR, \fBquery\fR and finally \fBselect_field\fR, ...
-
-With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
-and is used in preference to the still supported, but slated to be
-phased out, \fBselect_function\fR, \fBselect_field\fR, \fBtable\fR,
-\fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
-migrate to the new interface set:
+Normally, the SQL query is specified via a single \fBquery\fR
+parameter (described in more detail below). When this
+parameter is not specified in the map definition, Postfix
+reverts to an older interface, with the SQL query
+constructed from the \fBselect_function\fR, \fBselect_field\fR,
+\fBtable\fR, \fBwhere_field\fR and \fBadditional_conditions\fR
+parameters. The old interface will be gradually phased
+out. To migrate to the new interface set:
.nf
\fBquery\fR = SELECT \fIselect_function\fR('%s')
postconf(5), configuration parameters
ldap_table(5), LDAP lookup tables
mysql_table(5), MySQL lookup tables
+sqlite_table(5), SQLite lookup tables
.SH "README FILES"
.na
.nf
certificates and giving them relay permission with
permit_tls_all_clientcerts.
.PP
-This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
-later versions. Specify "tls_append_default_CA = yes" for backwards
-compatibility, to avoid breaking certificate verification with sites
-that don't use permit_tls_all_clientcerts.
+This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
+2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
+backwards compatibility, to avoid breaking certificate verification
+with sites that don't use permit_tls_all_clientcerts.
.SH tls_daemon_random_bytes (default: 32)
The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its
--- /dev/null
+.TH SQLITE_TABLE 5
+.ad
+.fi
+.SH NAME
+sqlite_table
+\-
+Postfix SQLite configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap -q "\fIstring\fB" sqlite:/etc/postfix/filename\fR
+
+\fBpostmap -q - sqlite:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as SQLite databases.
+In order to use SQLite lookups, define a SQLite source as a lookup
+table in main.cf, for example:
+.nf
+ alias_maps = sqlite:/etc/sqlite-aliases.cf
+.fi
+
+The file /etc/postfix/sqlite-aliases.cf has the same format as
+the Postfix main.cf file, and can specify the parameters
+described below.
+.SH "BACKWARDS COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+For compatibility with other Postfix lookup tables, SQLite
+parameters can also be defined in main.cf. In order to do that,
+specify as SQLite source a name that doesn't begin with a slash
+or a dot. The SQLite parameters will then be accessible as the
+name you've given the source in its definition, an underscore,
+and the name of the parameter. For example, if the map is
+specified as "sqlite:\fIsqlitename\fR", the parameter "query"
+below would be defined in main.cf as "\fIsqlitename\fR_query".
+
+Normally, the SQL query is specified via a single \fBquery\fR
+parameter (described in more detail below). When this
+parameter is not specified in the map definition, Postfix
+reverts to an older interface, with the SQL query constructed
+from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
+and \fBadditional_conditions\fR parameters. The old interface
+will be gradually phased out. To migrate to the new interface
+set:
+
+.nf
+ \fBquery\fR = SELECT [\fIselect_field\fR]
+ FROM [\fItable\fR]
+ WHERE [\fIwhere_field\fR] = '%s'
+ [\fIadditional_conditions\fR]
+.fi
+
+Insert the value, not the name, of each legacy parameter. Note
+that the \fBadditional_conditions\fR parameter is optional
+and if not empty, will always start with \fBAND\fR.
+.SH "LIST MEMBERSHIP"
+.na
+.nf
+.ad
+.fi
+When using SQL to store lists such as $mynetworks,
+$mydestination, $relay_domains, $local_recipient_maps,
+etc., it is important to understand that the table must
+store each list member as a separate key. The table lookup
+verifies the *existence* of the key. See "Postfix lists
+versus tables" in the DATABASE_README document for a
+discussion.
+
+Do NOT create tables that return the full list of domains
+in $mydestination or $relay_domains etc., or IP addresses
+in $mynetworks.
+
+DO create tables with each matching item as a key and with
+an arbitrary value. With SQL databases it is not uncommon to
+return the key itself or a constant value.
+.SH "SQLITE PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBdbpath\fR"
+The SQLite database file location. Example:
+.nf
+ dbpath = customer_database
+.fi
+.IP "\fBquery\fR"
+The SQL query template used to search the database, where \fB%s\fR
+is a substitute for the address Postfix is trying to resolve,
+e.g.
+.nf
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+.fi
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB\fB%%\fR\fR"
+This is replaced by a literal '%' character.
+.IP "\fB\fB%s\fR\fR"
+This is replaced by the input key.
+SQL quoting is used to make sure that the input key does not
+add unexpected metacharacters.
+.IP "\fB\fB%u\fR\fR"
+When the input key is an address of the form user@domain, \fB%u\fR
+is replaced by the SQL quoted local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+If the localpart is empty, the query is suppressed and returns
+no results.
+.IP "\fB\fB%d\fR\fR"
+When the input key is an address of the form user@domain, \fB%d\fR
+is replaced by the SQL quoted domain part of the address.
+Otherwise, the query is suppressed and returns no results.
+.IP "\fB\fB%[SUD]\fR\fR"
+The upper-case equivalents of the above expansions behave in the
+\fBquery\fR parameter identically to their lower-case counter-parts.
+With the \fBresult_format\fR parameter (see below), they expand the
+input key rather than the result value.
+.IP "\fB\fB%[1-9]\fR\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If the
+input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+unqualified or does not have enough domain components to satisfy
+all the specified patterns, the query is suppressed and returns
+no results.
+.RE
+.IP
+The \fBdomain\fR parameter described below limits the input
+keys to addresses in matching domains. When the \fBdomain\fR
+parameter is non-empty, SQL queries for unqualified addresses
+or addresses in non-matching domains are suppressed
+and return no results.
+
+This parameter is available with Postfix 2.2. In prior releases
+the SQL query was built from the separate parameters:
+\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
+\fBadditional_conditions\fR. The mapping from the old parameters
+to the equivalent query is:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
+With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
+parameter is not specified.
+
+NOTE: DO NOT put quotes around the query parameter.
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Format template applied to result attributes. Most commonly used
+to append (or prepend) text to the result. This parameter supports
+the following '%' expansions:
+.RS
+.IP "\fB\fB%%\fR\fR"
+This is replaced by a literal '%' character.
+.IP "\fB\fB%s\fR\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is skipped.
+.IP "\fB\fB%d\fR\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of
+the attribute value. When the result is unqualified it
+is skipped.
+.IP "\fB\fB%[SUD1-9]\fR\fB"
+The upper-case and decimal digit expansions interpolate
+the parts of the input key rather than the result. Their
+behavior is identical to that described with \fBquery\fR,
+and in fact because the input key is known in advance, queries
+whose key does not contain all the information specified in
+the result template are suppressed and return no results.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+and parameter explained below allows one to restrict the number
+of values in the result, which is especially useful for maps that
+must return at most one value.
+
+The default value \fB%s\fR specifies that each result value should
+be used as is.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT put quotes around the result format!
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or
+dictionaries. When specified, only fully qualified search
+keys with a *non-empty* localpart and a matching domain
+are eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the SQLite server.
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+
+It is best not to use SQL to store the domains eligible
+for SQL lookups.
+
+This parameter is available with Postfix 2.2 and later.
+
+NOTE: DO NOT define this parameter for local(8) aliases,
+because the input keys are always unqualified.
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned
+(as a comma separated list) by a lookup against the map.
+A setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the
+limit to 1 ensures that lookups do not return multiple
+values.
+.SH "OBSOLETE QUERY INTERFACE"
+.na
+.nf
+.ad
+.fi
+This section describes an interface that is deprecated as
+of Postfix 2.2. It is replaced by the more general \fBquery\fR
+interface described above. If the \fBquery\fR parameter
+is defined, the legacy parameters described here ignored.
+Please migrate to the new interface as the legacy interface
+may be removed in a future release.
+
+The following parameters can be used to fill in a
+SELECT template statement of the form:
+
+.nf
+ SELECT [\fBselect_field\fR]
+ FROM [\fBtable\fR]
+ WHERE [\fBwhere_field\fR] = '%s'
+ [\fBadditional_conditions\fR]
+.fi
+
+The specifier %s is replaced by the search string, and is
+escaped so if it contains single quotes or other odd characters,
+it will not cause a parse error, or worse, a security problem.
+.IP "\fBselect_field\fR"
+The SQL "select" parameter. Example:
+.nf
+ \fBselect_field\fR = forw_addr
+.fi
+.IP "\fBtable\fR"
+The SQL "select .. from" table name. Example:
+.nf
+ \fBtable\fR = mxaliases
+.fi
+.IP "\fBwhere_field\fR
+The SQL "select .. where" parameter. Example:
+.nf
+ \fBwhere_field\fR = alias
+.fi
+.IP "\fBadditional_conditions\fR
+Additional conditions to the SQL query. Example:
+.nf
+ \fBadditional_conditions\fR = AND status = 'paid'
+.fi
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table maintenance
+postconf(5), configuration parameters
+ldap_table(5), LDAP lookup tables
+mysql_table(5), MySQL lookup tables
+pgsql_table(5), PostgreSQL lookup tables
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+SQLITE_README, Postfix SQLITE driver
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "HISTORY"
+.na
+.nf
+SQLite support was introduced with Postfix version 2.8.
+.SH "AUTHOR(S)"
+.na
+.nf
+Original implementation by:
+Axel Steiner
s/[<bB>]*reg[-<\/bB>]*\n*[ <bB>]*exp[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="regexp_table.5.html">$&<\/a>/g;
s/[<bB>]*relocated[<\/bB>]*\(5\)/<a href="relocated.5.html">$&<\/a>/g;
s/[<bB>]*scache[<\/bB>]*\(8\)/<a href="scache.8.html">$&<\/a>/g;
+ s/[<bB>]*sqlite[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="sqlite_table.5.html">$&<\/a>/g;
s/[<bB>]*trans[-<\/bB>]*\n*[ <bB>]*port[<\/bB>]*\(5\)/<a href="transport.5.html">$&<\/a>/g;
s/[<bB>]*verify[<\/bB>]*\(8\)/<a href="verify.8.html">$&<\/a>/g;
s/[<bB>]*vir[-<\/bB>]*\n*[ <bB>]*tual[<\/bB>]*\(5\)/<a href="virtual.5.html">$&<\/a>/g;
</blockquote>
<p> Once you have local files working properly you can follow the
-instructions in ldap_table(5), mysql_table(5) or pgsql_table(5)
+instructions in ldap_table(5), mysql_table(5), pgsql_table(5)
+or sqlite_table(5)
and replace local file lookups with LDAP or SQL lookups. When you
do this, you should use the postmap(1) command again, to verify
that database lookups still produce the exact same results as local
table name as used in "sdbm:table" is the database file name without
the ".dir" or ".pag" suffix. </dd>
+<dt> <b>sqlite</b> (read-only) </dt>
+
+<dd> Perform SQLite database lookups. Configuration details are given
+in sqlite_table(5). </dd>
+
<dt> <b>static</b> (read-only) </dt>
<dd> Always returns its lookup table name as lookup result. For
<tr> <td> SASL authentication </td> <td>SASL_README</td> <td>
Postfix 1.0 </td> </tr>
+<tr> <td> SQLite database</td> <td>SQLITE_README</td> <td> Postfix
+2.8 </td> </tr>
+
<tr> <td> STARTTLS session encryption </td> <td>TLS_README</td> <td>
Postfix 2.2 </td> </tr>
../html/SMTPD_POLICY_README.html \
../html/SMTPD_PROXY_README.html \
../html/SOHO_README.html \
+ ../html/SQLITE_README.html \
../html/STANDARD_CONFIGURATION_README.html \
../html/STRESS_README.html \
../html/TLS_README.html ../html/TLS_LEGACY_README.html \
../README_FILES/SMTPD_ACCESS_README \
../README_FILES/SMTPD_POLICY_README ../README_FILES/SMTPD_PROXY_README \
../README_FILES/SOHO_README \
+ ../README_FILES/SQLITE_README \
../README_FILES/STANDARD_CONFIGURATION_README \
../README_FILES/STRESS_README \
../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \
../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(POSTLINK) >$@
+../html/SQLITE_README.html: SQLITE_README.html
+ $(POSTLINK) $? >$@
+
../html/STANDARD_CONFIGURATION_README.html: STANDARD_CONFIGURATION_README.html
$(POSTLINK) $? >$@
../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(HT2READ) >$@
+../README_FILES/SQLITE_README: SQLITE_README.html
+ $(HT2READ) $? >$@
+
../README_FILES/STANDARD_CONFIGURATION_README: STANDARD_CONFIGURATION_README.html
$(HT2READ) $? >$@
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SQLite Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SQLite Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> The Postfix sqlite map type allows you to hook up Postfix to a
+SQLite database. This implementation allows for multiple sqlite
+databases: you can use one for a virtual(5) table, one for an
+access(5) table, and one for an aliases(5) table if you want. </p>
+
+<h2>Building Postfix with SQLite support</h2>
+
+<p> The Postfix SQLite client utilizes the sqlite3 library,
+which can be obtained from: </p>
+
+<blockquote>
+ <p> http://www.sqlite.org/ </p>
+</blockquote>
+
+<p> In order to build Postfix with sqlite map support, you will need to add
+-DHAS_SQLITE and -I for the directory containing the sqlite headers, and
+the sqlite3 library to AUXLIBS, for example: </p>
+
+<blockquote>
+<pre>
+make -f Makefile.init makefiles \
+ 'CCARGS=-DHAS_SQLITE -I/usr/local/include' \
+ 'AUXLIBS=-L/usr/local/lib -lsqlite3 -lpthread'
+</pre>
+</blockquote>
+
+<p> Then, just run 'make'.</p>
+
+<h2>Using SQLite tables</h2>
+
+<p> Once Postfix is built with sqlite support, you can specify a
+map type in main.cf like this: </p>
+
+<blockquote>
+<pre>
+alias_maps = sqlite:/etc/postfix/sqlite-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/sqlite-aliases.cf specifies lots of
+information telling Postfix how to reference the sqlite database.
+For a complete description, see the sqlite_table(5) manual page. </p>
+
+<h2>Example: local aliases </h2>
+
+<pre>
+#
+# sqlite config file for local(8) aliases(5) lookups
+#
+
+# Path to database
+dbpath = /some/path/to/sqlite_database
+
+# See sqlite_table(5) for details.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+</pre>
+
+<h2>Additional notes</h2>
+
+<p> The SQLite configuration interface setup allows for multiple
+sqlite databases: you can use one for a virtual table, one for an
+access table, and one for an aliases table if you want. </p>
+
+<h2>Credits</h2>
+
+<ul>
+
+<li>Implementation by Axel Steiner</li>
+<li>Documentation by Jesus Garcia Crespo</li>
+
+</ul>
+
+</body>
+
+</html>
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
-# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
-# These include features that were previously available only in the
-# Postfix LDAP client. This work also created an opportunity for
-# improvements in the LDAP interface. The primary compatibility
-# issue is that \fBresult_filter\fR (a name that has caused some
-# confusion as to its meaning in the past) has been renamed to
-# \fBresult_format\fR. For backwards compatibility with the pre
-# 2.2 LDAP client, \fBresult_filter\fR can for now be used instead
+# For backwards compatibility with the pre
+# 2.2 LDAP clients, \fBresult_filter\fR can for now be used instead
# of \fBresult_format\fR, when the latter parameter is not also set.
# The new name better reflects the function of the parameter. This
# compatibility interface may be removed in a future release.
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
-# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
-# these include features previously available only in the Postfix
-# LDAP client. In the new interface the SQL query is specified via
-# a single \fBquery\fR parameter (described in more detail below).
-# When the new \fBquery\fR parameter is not specified in the map
-# definition, Postfix reverts to the old interface, with the SQL
-# query constructed from the \fBselect_field\fR, \fBtable\fR,
-# \fBwhere_field\fR and \fBadditional_conditions\fR parameters.
-# The old interface will be gradually phased out. To migrate to
-# the new interface set:
+# Normally, the SQL query is specified via a single \fBquery\fR
+# parameter (described in more detail below). When this
+# parameter is not specified in the map definition, Postfix
+# reverts to an older interface, with the SQL query constructed
+# from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
+# and \fBadditional_conditions\fR parameters. The old interface
+# will be gradually phased out. To migrate to the new interface
+# set:
#
# .nf
# \fBquery\fR = SELECT [\fIselect_field\fR]
# postconf(5), configuration parameters
# ldap_table(5), LDAP lookup tables
# pgsql_table(5), PostgreSQL lookup tables
+# sqlite_table(5), SQLite lookup tables
# README FILES
# .ad
# .fi
# Support for this form will be removed in a future Postfix
# version.
#
-# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
-# these include features previously available only in the Postfix
-# LDAP client. In the new interface the SQL query is specified via
-# a single \fBquery\fR parameter (described in more detail below).
-# In Postfix 2.1 the parameter precedence was, from highest to lowest,
-# \fBselect_function\fR, \fBquery\fR and finally \fBselect_field\fR, ...
-#
-# With Postfix 2.2 the \fBquery\fR parameter has highest precedence,
-# and is used in preference to the still supported, but slated to be
-# phased out, \fBselect_function\fR, \fBselect_field\fR, \fBtable\fR,
-# \fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
-# migrate to the new interface set:
+# Normally, the SQL query is specified via a single \fBquery\fR
+# parameter (described in more detail below). When this
+# parameter is not specified in the map definition, Postfix
+# reverts to an older interface, with the SQL query
+# constructed from the \fBselect_function\fR, \fBselect_field\fR,
+# \fBtable\fR, \fBwhere_field\fR and \fBadditional_conditions\fR
+# parameters. The old interface will be gradually phased
+# out. To migrate to the new interface set:
#
# .nf
# \fBquery\fR = SELECT \fIselect_function\fR('%s')
# postconf(5), configuration parameters
# ldap_table(5), LDAP lookup tables
# mysql_table(5), MySQL lookup tables
+# sqlite_table(5), SQLite lookup tables
# README FILES
# .ad
# .fi
certificates and giving them relay permission with
permit_tls_all_clientcerts. </p>
-<p> This feature is available in Postfix 2.4.15, 2.6.8, 2.7.2 and
-later versions. Specify "tls_append_default_CA = yes" for backwards
-compatibility, to avoid breaking certificate verification with sites
-that don't use permit_tls_all_clientcerts. </p>
+<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
+2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
+backwards compatibility, to avoid breaking certificate verification
+with sites that don't use permit_tls_all_clientcerts. </p>
%PARAM tls_random_exchange_name see "postconf -d" output
--- /dev/null
+#++
+# NAME
+# sqlite_table 5
+# SUMMARY
+# Postfix SQLite configuration
+# SYNOPSIS
+# \fBpostmap -q "\fIstring\fB" sqlite:/etc/postfix/filename\fR
+#
+# \fBpostmap -q - sqlite:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+# DESCRIPTION
+# The Postfix mail system uses optional tables for address
+# rewriting or mail routing. These tables are usually in
+# \fBdbm\fR or \fBdb\fR format.
+#
+# Alternatively, lookup tables can be specified as SQLite databases.
+# In order to use SQLite lookups, define a SQLite source as a lookup
+# table in main.cf, for example:
+# .nf
+# alias_maps = sqlite:/etc/sqlite-aliases.cf
+# .fi
+#
+# The file /etc/postfix/sqlite-aliases.cf has the same format as
+# the Postfix main.cf file, and can specify the parameters
+# described below.
+# BACKWARDS COMPATIBILITY
+# .ad
+# .fi
+# For compatibility with other Postfix lookup tables, SQLite
+# parameters can also be defined in main.cf. In order to do that,
+# specify as SQLite source a name that doesn't begin with a slash
+# or a dot. The SQLite parameters will then be accessible as the
+# name you've given the source in its definition, an underscore,
+# and the name of the parameter. For example, if the map is
+# specified as "sqlite:\fIsqlitename\fR", the parameter "query"
+# below would be defined in main.cf as "\fIsqlitename\fR_query".
+#
+# Normally, the SQL query is specified via a single \fBquery\fR
+# parameter (described in more detail below). When this
+# parameter is not specified in the map definition, Postfix
+# reverts to an older interface, with the SQL query constructed
+# from the \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR
+# and \fBadditional_conditions\fR parameters. The old interface
+# will be gradually phased out. To migrate to the new interface
+# set:
+#
+# .nf
+# \fBquery\fR = SELECT [\fIselect_field\fR]
+# FROM [\fItable\fR]
+# WHERE [\fIwhere_field\fR] = '%s'
+# [\fIadditional_conditions\fR]
+# .fi
+#
+# Insert the value, not the name, of each legacy parameter. Note
+# that the \fBadditional_conditions\fR parameter is optional
+# and if not empty, will always start with \fBAND\fR.
+# LIST MEMBERSHIP
+# .ad
+# .fi
+# When using SQL to store lists such as $mynetworks,
+# $mydestination, $relay_domains, $local_recipient_maps,
+# etc., it is important to understand that the table must
+# store each list member as a separate key. The table lookup
+# verifies the *existence* of the key. See "Postfix lists
+# versus tables" in the DATABASE_README document for a
+# discussion.
+#
+# Do NOT create tables that return the full list of domains
+# in $mydestination or $relay_domains etc., or IP addresses
+# in $mynetworks.
+#
+# DO create tables with each matching item as a key and with
+# an arbitrary value. With SQL databases it is not uncommon to
+# return the key itself or a constant value.
+# SQLITE PARAMETERS
+# .ad
+# .fi
+# .IP "\fBdbpath\fR"
+# The SQLite database file location. Example:
+# .nf
+# dbpath = customer_database
+# .fi
+# .IP "\fBquery\fR"
+# The SQL query template used to search the database, where \fB%s\fR
+# is a substitute for the address Postfix is trying to resolve,
+# e.g.
+# .nf
+# query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+# .fi
+#
+# This parameter supports the following '%' expansions:
+# .RS
+# .IP "\fB\fB%%\fR\fR"
+# This is replaced by a literal '%' character.
+# .IP "\fB\fB%s\fR\fR"
+# This is replaced by the input key.
+# SQL quoting is used to make sure that the input key does not
+# add unexpected metacharacters.
+# .IP "\fB\fB%u\fR\fR"
+# When the input key is an address of the form user@domain, \fB%u\fR
+# is replaced by the SQL quoted local part of the address.
+# Otherwise, \fB%u\fR is replaced by the entire search string.
+# If the localpart is empty, the query is suppressed and returns
+# no results.
+# .IP "\fB\fB%d\fR\fR"
+# When the input key is an address of the form user@domain, \fB%d\fR
+# is replaced by the SQL quoted domain part of the address.
+# Otherwise, the query is suppressed and returns no results.
+# .IP "\fB\fB%[SUD]\fR\fR"
+# The upper-case equivalents of the above expansions behave in the
+# \fBquery\fR parameter identically to their lower-case counter-parts.
+# With the \fBresult_format\fR parameter (see below), they expand the
+# input key rather than the result value.
+# .IP "\fB\fB%[1-9]\fR\fR"
+# The patterns %1, %2, ... %9 are replaced by the corresponding
+# most significant component of the input key's domain. If the
+# input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
+# %2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
+# unqualified or does not have enough domain components to satisfy
+# all the specified patterns, the query is suppressed and returns
+# no results.
+# .RE
+# .IP
+# The \fBdomain\fR parameter described below limits the input
+# keys to addresses in matching domains. When the \fBdomain\fR
+# parameter is non-empty, SQL queries for unqualified addresses
+# or addresses in non-matching domains are suppressed
+# and return no results.
+#
+# This parameter is available with Postfix 2.2. In prior releases
+# the SQL query was built from the separate parameters:
+# \fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
+# \fBadditional_conditions\fR. The mapping from the old parameters
+# to the equivalent query is:
+#
+# .nf
+# SELECT [\fBselect_field\fR]
+# FROM [\fBtable\fR]
+# WHERE [\fBwhere_field\fR] = '%s'
+# [\fBadditional_conditions\fR]
+# .fi
+#
+# The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
+# With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
+# parameter is not specified.
+#
+# NOTE: DO NOT put quotes around the query parameter.
+# .IP "\fBresult_format (default: \fB%s\fR)\fR"
+# Format template applied to result attributes. Most commonly used
+# to append (or prepend) text to the result. This parameter supports
+# the following '%' expansions:
+# .RS
+# .IP "\fB\fB%%\fR\fR"
+# This is replaced by a literal '%' character.
+# .IP "\fB\fB%s\fR\fR"
+# This is replaced by the value of the result attribute. When
+# result is empty it is skipped.
+# .IP "\fB%u\fR
+# When the result attribute value is an address of the form
+# user@domain, \fB%u\fR is replaced by the local part of the
+# address. When the result has an empty localpart it is skipped.
+# .IP "\fB\fB%d\fR\fR"
+# When a result attribute value is an address of the form
+# user@domain, \fB%d\fR is replaced by the domain part of
+# the attribute value. When the result is unqualified it
+# is skipped.
+# .IP "\fB\fB%[SUD1-9]\fR\fB"
+# The upper-case and decimal digit expansions interpolate
+# the parts of the input key rather than the result. Their
+# behavior is identical to that described with \fBquery\fR,
+# and in fact because the input key is known in advance, queries
+# whose key does not contain all the information specified in
+# the result template are suppressed and return no results.
+# .RE
+# .IP
+# For example, using "result_format = smtp:[%s]" allows one
+# to use a mailHost attribute as the basis of a transport(5)
+# table. After applying the result format, multiple values
+# are concatenated as comma separated strings. The expansion_limit
+# and parameter explained below allows one to restrict the number
+# of values in the result, which is especially useful for maps that
+# must return at most one value.
+#
+# The default value \fB%s\fR specifies that each result value should
+# be used as is.
+#
+# This parameter is available with Postfix 2.2 and later.
+#
+# NOTE: DO NOT put quotes around the result format!
+# .IP "\fBdomain (default: no domain list)\fR"
+# This is a list of domain names, paths to files, or
+# dictionaries. When specified, only fully qualified search
+# keys with a *non-empty* localpart and a matching domain
+# are eligible for lookup: 'user' lookups, bare domain lookups
+# and "@domain" lookups are not performed. This can significantly
+# reduce the query load on the SQLite server.
+# .nf
+# domain = postfix.org, hash:/etc/postfix/searchdomains
+# .fi
+#
+# It is best not to use SQL to store the domains eligible
+# for SQL lookups.
+#
+# This parameter is available with Postfix 2.2 and later.
+#
+# NOTE: DO NOT define this parameter for local(8) aliases,
+# because the input keys are always unqualified.
+# .IP "\fBexpansion_limit (default: 0)\fR"
+# A limit on the total number of result elements returned
+# (as a comma separated list) by a lookup against the map.
+# A setting of zero disables the limit. Lookups fail with a
+# temporary error if the limit is exceeded. Setting the
+# limit to 1 ensures that lookups do not return multiple
+# values.
+# OBSOLETE QUERY INTERFACE
+# .ad
+# .fi
+# This section describes an interface that is deprecated as
+# of Postfix 2.2. It is replaced by the more general \fBquery\fR
+# interface described above. If the \fBquery\fR parameter
+# is defined, the legacy parameters described here ignored.
+# Please migrate to the new interface as the legacy interface
+# may be removed in a future release.
+#
+# The following parameters can be used to fill in a
+# SELECT template statement of the form:
+#
+# .nf
+# SELECT [\fBselect_field\fR]
+# FROM [\fBtable\fR]
+# WHERE [\fBwhere_field\fR] = '%s'
+# [\fBadditional_conditions\fR]
+# .fi
+#
+# The specifier %s is replaced by the search string, and is
+# escaped so if it contains single quotes or other odd characters,
+# it will not cause a parse error, or worse, a security problem.
+# .IP "\fBselect_field\fR"
+# The SQL "select" parameter. Example:
+# .nf
+# \fBselect_field\fR = forw_addr
+# .fi
+# .IP "\fBtable\fR"
+# The SQL "select .. from" table name. Example:
+# .nf
+# \fBtable\fR = mxaliases
+# .fi
+# .IP "\fBwhere_field\fR
+# The SQL "select .. where" parameter. Example:
+# .nf
+# \fBwhere_field\fR = alias
+# .fi
+# .IP "\fBadditional_conditions\fR
+# Additional conditions to the SQL query. Example:
+# .nf
+# \fBadditional_conditions\fR = AND status = 'paid'
+# .fi
+# SEE ALSO
+# postmap(1), Postfix lookup table maintenance
+# postconf(5), configuration parameters
+# ldap_table(5), LDAP lookup tables
+# mysql_table(5), MySQL lookup tables
+# pgsql_table(5), PostgreSQL lookup tables
+# README FILES
+# .ad
+# .fi
+# Use "\fBpostconf readme_directory\fR" or
+# "\fBpostconf html_directory\fR" to locate this information.
+# .na
+# .nf
+# DATABASE_README, Postfix lookup table overview
+# SQLITE_README, Postfix SQLITE driver
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# HISTORY
+# SQLite support was introduced with Postfix version 2.8.
+# AUTHOR(S)
+# Original implementation by:
+# Axel Steiner
+#--
clnt_stream.c conv_time.c db_common.c debug_peer.c debug_process.c \
defer.c deliver_completed.c deliver_flock.c deliver_pass.c \
deliver_request.c dict_ldap.c dict_mysql.c dict_pgsql.c \
- dict_proxy.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
+ dict_proxy.c dict_sqlite.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
dsb_scan.c dsn.c dsn_buf.c dsn_mask.c dsn_print.c dsn_util.c \
ehlo_mask.c ext_prop.c file_id.c flush_clnt.c header_opts.c \
header_token.c input_transp.c int_filt.c is_header.c log_adhoc.c \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
- dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
+ dict_proxy.o dict_sqlite.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
header_token.o input_transp.o int_filt.o is_header.o log_adhoc.o \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \
- dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h \
+ dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h dict_sqlite.h domain_list.h \
dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \
dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \
file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \
dict_mysql.o: dict_mysql.c
dict_mysql.o: dict_mysql.h
dict_mysql.o: string_list.h
+dict_sqlite.o: ../../include/dict.h
+dict_sqlite.o: ../../include/msg.h
+dict_sqlite.o: ../../include/sys_defs.h
+dict_sqlite.o: cfg_parser.h
+dict_sqlite.o: db_common.h
+dict_sqlite.o: dict_sqlite.c
+dict_sqlite.o: dict_sqlite.h
dict_pgsql.o: ../../include/argv.h
dict_pgsql.o: ../../include/dict.h
dict_pgsql.o: ../../include/events.h
mail_dict.o: dict_mysql.h
mail_dict.o: dict_pgsql.h
mail_dict.o: dict_proxy.h
+mail_dict.o: dict_sqlite.h
mail_dict.o: mail_dict.c
mail_dict.o: mail_dict.h
mail_error.o: ../../include/name_mask.h
STRING_LIST *domain;
int flags;
int nparts;
-} DB_COMMON_CTX;
+} DB_COMMON_CTX;
/* db_common_parse - validate query or result template */
int db_common_parse(DICT *dict, void **ctxPtr, const char *format, int query)
{
- DB_COMMON_CTX *ctx = (DB_COMMON_CTX *) * ctxPtr;
+ DB_COMMON_CTX *ctx = (DB_COMMON_CTX *) *ctxPtr;
const char *cp;
int dynamic = 0;
/* main.cf configuration parameters for this search.
/*
/* In the first case, the configuration parameters below are
-/* specified in the file as \fIname\fR=\fBvalue\fR pairs.
+/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
/*
/* In the second case, the configuration parameters are
/* prefixed with the value of \fIname\fR and an underscore,
/* See dict_open(3).
/* .PP
/* Configuration parameters:
-/*
-/* The parameters encodes a number of pieces of information:
-/* username, password, databasename, table, select_field,
-/* where_field, and hosts:
-/* .IP \fIuser\fR
+/* .IP user
/* Username for connecting to the database.
-/* .IP \fIpassword\fR
+/* .IP password
/* Password for the above.
-/* .IP \fIdbname\fR
+/* .IP dbname
/* Name of the database.
-/* .IP \fIdomain\fR
+/* .IP domain
/* List of domains the queries should be restricted to. If
/* specified, only FQDN addresses whose domain parts matching this
/* list will be queried against the SQL database. Lookups for
/* partial addresses are also supressed. This can significantly
/* reduce the query load on the server.
-/* .IP \fIquery\fR
+/* .IP query
/* Query template, before the query is actually issued, variable
/* substitutions are performed. See mysql_table(5) for details. If
/* No query is specified, the legacy variables \fItable\fR,
/* \fIselect_field\fR, \fIwhere_field\fR and \fIadditional_conditions\fR
/* are used to construct the query template.
-/* .IP \fIresult_format\fR
+/* .IP result_format
/* The format used to expand results from queries. Substitutions
/* are performed as described in mysql_table(5). Defaults to returning
/* the lookup result unchanged.
/* exceed the limit fail with dict_errno=DICT_ERR_RETRY. Note that each
/* non-empty (and non-NULL) column of a multi-column result row counts as
/* one result.
-/* .IP \fItable\fR
+/* .IP table
/* When \fIquery\fR is not set, name of the table used to construct the
/* query string. This provides compatibility with older releases.
-/* .IP \fIselect_field\fR
+/* .IP select_field
/* When \fIquery\fR is not set, name of the result field used to
/* construct the query string. This provides compatibility with older
/* releases.
-/* .IP \fIwhere_field\fR
+/* .IP where_field
/* When \fIquery\fR is not set, name of the where clause field used to
/* construct the query string. This provides compatibility with older
/* releases.
-/* .IP \fIadditional_conditions\fR
+/* .IP additional_conditions
/* When \fIquery\fR is not set, additional where clause conditions used
/* to construct the query string. This provides compatibility with older
/* releases.
-/* .IP \fIhosts\fR
+/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of
/* \fIwhere_field\fR = \fBalias\fR
/* .br
/* \fIhosts\fR = \fBhost1.some.domain\fR \fBhost2.some.domain\fR
-/* .IP \fIadditional_conditions\fR
+/* .IP additional_conditions
/* Backward compatibility when \fIquery\fR is not set, additional
/* conditions to the WHERE clause.
-/* .IP \fIhosts\fR
+/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of
/* obtain main.cf configuration parameters for this search.
/*
/* In the first case, the configuration parameters below are
-/* specified in the file as \fIname\fR=\fBvalue\fR pairs.
+/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
/*
/* In the second case, the configuration parameters are
/* prefixed with the value of \fIname\fR and an underscore,
/*
/* .PP
/* Configuration parameters:
-/*
-/* The parameters encode a number of pieces of information:
-/* username, password, databasename, table, select_field,
-/* where_field, and hosts:
-/* .IP \fIuser\fR
+/* .IP user
/* Username for connecting to the database.
-/* .IP \fIpassword\fR
+/* .IP password
/* Password for the above.
-/* .IP \fIdbname\fR
+/* .IP dbname
/* Name of the database.
-/* .IP \fIquery\fR
+/* .IP query
/* Query template. If not defined a default query template is constructed
/* from the legacy \fIselect_function\fR or failing that the \fItable\fR,
/* \fIselect_field\fR, \fIwhere_field\fR, and \fIadditional_conditions\fR
/* parameters. Before the query is issues, variable substitutions are
/* performed. See pgsql_table(5).
-/* .IP \fIdomain\fR
+/* .IP domain
/* List of domains the queries should be restricted to. If
/* specified, only FQDN addresses whose domain parts matching this
/* list will be queried against the SQL database. Lookups for
/* partial addresses are also supressed. This can significantly
/* reduce the query load on the server.
-/* .IP \fIresult_format\fR
+/* .IP result_format
/* The format used to expand results from queries. Substitutions
/* are performed as described in pgsql_table(5). Defaults to returning
/* the lookup result unchanged.
/* exceed the limit fail with dict_errno=DICT_ERR_RETRY. Note that each
/* non-empty (and non-NULL) column of a multi-column result row counts as
/* one result.
-/* .IP \fIselect_function\fR
+/* .IP select_function
/* When \fIquery\fR is not defined, the function to be used instead of
/* the default query based on the legacy \fItable\fR, \fIselect_field\fR,
/* \fIwhere_field\fR, and \fIadditional_conditions\fR parameters.
-/* .IP \fItable\fR
+/* .IP table
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* FROM table used to construct the default query template, see pgsql_table(5).
-/* .IP \fIselect_field\fR
+/* .IP select_field
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* SELECT field used to construct the default query template, see pgsql_table(5).
-/* .IP \fIwhere_field\fR
+/* .IP where_field
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* WHERE field used to construct the default query template, see pgsql_table(5).
-/* .IP \fIadditional_conditions\fR
+/* .IP additional_conditions
/* When \fIquery\fR and \fIselect_function\fR are not defined, the name of the
/* additional text to add to the WHERE field in the default query template (this
/* usually begins with "and") see pgsql_table(5).
-/* .IP \fIhosts\fR
+/* .IP hosts
/* List of hosts to connect to.
/* .PP
/* For example, if you want the map to reference databases of
--- /dev/null
+/*++
+/* NAME
+/* dict_sqlite 3
+/* SUMMARY
+/* dictionary manager interface to SQLite3 databases
+/* SYNOPSIS
+/* #include <dict_sqlite.h>
+/*
+/* DICT *dict_sqlite_open(name, open_flags, dict_flags)
+/* const char *name;
+/* int open_flags;
+/* int dict_flags;
+/* DESCRIPTION
+/* dict_sqlite_open() creates a dictionary of type 'sqlite'.
+/* This dictionary is an interface for the postfix key->value
+/* mappings to SQLite. The result is a pointer to the installed
+/* dictionary, or a null pointer in case of problems.
+/* .PP
+/* Arguments:
+/* .IP name
+/* Either the path to the SQLite configuration file (if it
+/* starts with '/' or '.'), or the prefix which will be used
+/* to obtain main.cf configuration parameters for this search.
+/*
+/* In the first case, the configuration parameters below are
+/* specified in the file as \fIname\fR=\fIvalue\fR pairs.
+/*
+/* In the second case, the configuration parameters are prefixed
+/* with the value of \fIname\fR and an underscore, and they
+/* are specified in main.cf. For example, if this value is
+/* \fIsqlitecon\fR, the parameters would look like
+/* \fIsqlitecon_dbpath\fR, \fIsqlitecon_query\fR, and so on.
+/* .IP open_flags
+/* Must be O_RDONLY.
+/* .IP dict_flags
+/* See dict_open(3).
+/* .PP
+/* Configuration parameters:
+/* .IP dbpath
+/* Path to SQLite database
+/* .IP query
+/* Query template, before the query is actually issued, variable
+/* substitutions are performed. See sqlite_table(5) for details.
+/* .IP result_format
+/* The format used to expand results from queries. Substitutions
+/* are performed as described in sqlite_table(5). Defaults to
+/* returning the lookup result unchanged.
+/* .IP expansion_limit
+/* Limit (if any) on the total number of lookup result values.
+/* Lookups which exceed the limit fail with dict_errno=DICT_ERR_RETRY.
+/* Note that each non-empty (and non-NULL) column of a
+/* multi-column result row counts as one result.
+/* .IP "select_field, where_field, additional_conditions"
+/* Legacy query interface.
+/* SEE ALSO
+/* dict(3) generic dictionary manager
+/* AUTHOR(S)
+/* Axel Steiner
+/* ast@treibsand.com
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <string.h>
+
+#ifdef HAS_SQLITE
+#include <sqlite3.h>
+
+#if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005004)
+#error "Your SQLite version is too old"
+#endif
+
+/* Utility library. */
+
+#include <msg.h>
+#include <dict.h>
+#include <vstring.h>
+#include <stringops.h>
+#include <mymalloc.h>
+
+/* Global library. */
+
+#include <cfg_parser.h>
+#include <db_common.h>
+
+/* Application-specific. */
+
+#include <dict_sqlite.h>
+
+typedef struct {
+ DICT dict; /* generic member */
+ CFG_PARSER *parser; /* common parameter parser */
+ sqlite3 *db; /* sqlite handle */
+ char *query; /* db_common_expand() query */
+ char *result_format; /* db_common_expand() result_format */
+ void *ctx; /* db_common_parse() context */
+ char *dbpath; /* dbpath config attribute */
+ int expansion_limit; /* expansion_limit config attribute */
+} DICT_SQLITE;
+
+/* dict_sqlite_quote - escape SQL metacharacters in input string */
+
+static void dict_sqlite_quote(DICT *dict, const char *name, VSTRING *result)
+{
+ char *q;
+
+ q = sqlite3_mprintf("%q", name);
+ /* Fix 20100616 */
+ if (q == 0)
+ msg_fatal("dict_sqlite_quote: out of memory");
+ vstring_strcat(result, q);
+ sqlite3_free(q);
+}
+
+/* dict_sqlite_close - close the database */
+
+static void dict_sqlite_close(DICT *dict)
+{
+ const char *myname = "dict_sqlite_close";
+ DICT_SQLITE *dict_sqlite = (DICT_SQLITE *) dict;
+
+ if (msg_verbose)
+ msg_info("%s: %s", myname, dict_sqlite->parser->name);
+
+ if (sqlite3_close(dict_sqlite->db) != SQLITE_OK)
+ msg_fatal("%s: close %s failed", myname, dict_sqlite->parser->name);
+ cfg_parser_free(dict_sqlite->parser);
+ myfree(dict_sqlite->dbpath);
+ myfree(dict_sqlite->query);
+ myfree(dict_sqlite->result_format);
+ if (dict_sqlite->ctx)
+ db_common_free_ctx(dict_sqlite->ctx);
+ if (dict->fold_buf)
+ vstring_free(dict->fold_buf);
+ dict_free(dict);
+}
+
+/* dict_sqlite_lookup - find database entry */
+
+static const char *dict_sqlite_lookup(DICT *dict, const char *name)
+{
+ const char *myname = "dict_sqlite_lookup";
+ DICT_SQLITE *dict_sqlite = (DICT_SQLITE *) dict;
+ sqlite3_stmt *sql;
+ const char *zErrMsg;
+ static VSTRING *query;
+ static VSTRING *result;
+ const char *r;
+ int expansion = 0;
+ int status;
+
+ /*
+ * Don't frustrate future attempts to make Postfix UTF-8 transparent.
+ */
+ if (!valid_utf_8(name, strlen(name))) {
+ if (msg_verbose)
+ msg_info("%s: %s: Skipping lookup of non-UTF-8 key '%s'",
+ myname, dict_sqlite->parser->name, name);
+ return (0);
+ }
+
+ /*
+ * Optionally fold the key.
+ */
+ if (dict->flags & DICT_FLAG_FOLD_FIX) {
+ if (dict->fold_buf == 0)
+ dict->fold_buf = vstring_alloc(10);
+ vstring_strcpy(dict->fold_buf, name);
+ name = lowercase(vstring_str(dict->fold_buf));
+ }
+
+ /*
+ * Domain filter for email address lookups.
+ */
+ if (db_common_check_domain(dict_sqlite->ctx, name) == 0) {
+ if (msg_verbose)
+ msg_info("%s: %s: Skipping lookup of '%s'",
+ myname, dict_sqlite->parser->name, name);
+ return (0);
+ }
+
+ /*
+ * Expand the query and query the database.
+ */
+#define INIT_VSTR(buf, len) do { \
+ if (buf == 0) \
+ buf = vstring_alloc(len); \
+ VSTRING_RESET(buf); \
+ VSTRING_TERMINATE(buf); \
+ } while (0)
+
+ INIT_VSTR(query, 10);
+
+ if (!db_common_expand(dict_sqlite->ctx, dict_sqlite->query,
+ name, 0, query, dict_sqlite_quote))
+ return (0);
+
+ if (msg_verbose)
+ msg_info("%s: %s: Searching with query %s",
+ myname, dict_sqlite->parser->name, vstring_str(query));
+
+ if (sqlite3_prepare_v2(dict_sqlite->db, vstring_str(query), -1,
+ &sql, &zErrMsg) != SQLITE_OK) {
+ msg_fatal("%s: %s: SQL prepare failed: %s\n",
+ myname, dict_sqlite->parser->name,
+ sqlite3_errmsg(dict_sqlite->db));
+ }
+
+ /*
+ * Retrieve and expand the result(s).
+ */
+ INIT_VSTR(result, 10);
+ while ((status = sqlite3_step(sql)) == SQLITE_ROW) {
+ if (db_common_expand(dict_sqlite->ctx, dict_sqlite->result_format,
+ (char *) sqlite3_column_text(sql, 0),
+ name, result, 0)
+ && dict_sqlite->expansion_limit > 0
+ && ++expansion > dict_sqlite->expansion_limit) {
+ msg_warn("%s: %s: Expansion limit exceeded for key: '%s'",
+ myname, dict_sqlite->parser->name, name);
+ dict_errno = DICT_ERR_RETRY;
+ break;
+ }
+ }
+
+ /* Fix 20100616 */
+ if (status != SQLITE_ROW && status != SQLITE_DONE) {
+ msg_warn("%s: %s: sql step for %s; %s\n",
+ myname, dict_sqlite->parser->name,
+ vstring_str(query), sqlite3_errmsg(dict_sqlite->db));
+ dict_errno = DICT_ERR_RETRY;
+ }
+
+ /*
+ * Clean up.
+ */
+ if (sqlite3_finalize(sql))
+ msg_fatal("%s: %s: SQL finalize for %s; %s\n",
+ myname, dict_sqlite->parser->name,
+ vstring_str(query), sqlite3_errmsg(dict_sqlite->db));
+
+ r = vstring_str(result);
+ return ((dict_errno == 0 && *r) ? r : 0);
+}
+
+/* sqlite_parse_config - parse sqlite configuration file */
+
+static void sqlite_parse_config(DICT_SQLITE *dict_sqlite, const char *sqlitecf)
+{
+ CFG_PARSER *p;
+ VSTRING *buf;
+
+ p = dict_sqlite->parser = cfg_parser_alloc(sqlitecf);
+ dict_sqlite->dbpath = cfg_get_str(p, "dbpath", "", 1, 0);
+ dict_sqlite->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
+
+ if ((dict_sqlite->query = cfg_get_str(p, "query", NULL, 0, 0)) == 0) {
+ buf = vstring_alloc(64);
+ db_common_sql_build_query(buf, p);
+ dict_sqlite->query = vstring_export(buf);
+ }
+ dict_sqlite->expansion_limit = cfg_get_int(p, "expansion_limit", 0, 0, 0);
+ dict_sqlite->ctx = 0;
+
+ (void) db_common_parse(&dict_sqlite->dict, &dict_sqlite->ctx, dict_sqlite->query, 1);
+ (void) db_common_parse(0, &dict_sqlite->ctx, dict_sqlite->result_format, 0);
+
+ db_common_parse_domain(p, dict_sqlite->ctx);
+
+ if (dict_sqlite->dict.flags & DICT_FLAG_FOLD_FIX)
+ dict_sqlite->dict.fold_buf = vstring_alloc(10);
+}
+
+/* dict_sqlite_open - open sqlite database */
+
+DICT *dict_sqlite_open(const char *name, int open_flags, int dict_flags)
+{
+ DICT_SQLITE *dict_sqlite;
+
+ /*
+ * Sanity checks.
+ */
+ if (open_flags != O_RDONLY)
+ msg_fatal("%s:%s map requires O_RDONLY access mode",
+ DICT_TYPE_SQLITE, name);
+
+ dict_sqlite = (DICT_SQLITE *) dict_alloc(DICT_TYPE_SQLITE, name,
+ sizeof(DICT_SQLITE));
+ dict_sqlite->dict.lookup = dict_sqlite_lookup;
+ dict_sqlite->dict.close = dict_sqlite_close;
+ dict_sqlite->dict.flags = dict_flags;
+ dict_sqlite->dict.flags |= DICT_FLAG_FIXED;
+ sqlite_parse_config(dict_sqlite, name);
+
+ if (sqlite3_open(dict_sqlite->dbpath, &dict_sqlite->db)) {
+ msg_fatal("Can't open database: %s\n", sqlite3_errmsg(dict_sqlite->db));
+ sqlite3_close(dict_sqlite->db);
+ }
+ return (DICT_DEBUG (&dict_sqlite->dict));
+}
+
+#endif
--- /dev/null
+#ifndef _DICT_SQLITE_H_INCLUDED_
+#define _DICT_SQLITE_H_INCLUDED_
+
+/*++
+/* NAME
+/* dict_sqlite 3h
+/* SUMMARY
+/* dictionary manager interface to sqlite databases
+/* SYNOPSIS
+/* #include <dict_sqlite.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * Utility library.
+ */
+#include <dict.h>
+
+ /*
+ * External interface.
+ */
+#define DICT_TYPE_SQLITE "sqlite"
+
+extern DICT *dict_sqlite_open(const char *, int, int);
+
+
+/* AUTHOR(S)
+/* Axel Steiner
+/* ast@treibsand.com
+/*--*/
+
+#endif
#include <dict_ldap.h>
#include <dict_mysql.h>
#include <dict_pgsql.h>
+#include <dict_sqlite.h>
#include <mail_dict.h>
typedef struct {
#endif
#ifdef HAS_PGSQL
DICT_TYPE_PGSQL, dict_pgsql_open,
+#endif
+#ifdef HAS_SQLITE
+ DICT_TYPE_SQLITE, dict_sqlite_open,
#endif
0,
};
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20100615"
+#define MAIL_RELEASE_DATE "20100617"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT
#define MASTER_FLAG_LOCAL_ONLY (1<<4) /* no remote clients */
#define MASTER_THROTTLED(f) ((f)->flags & MASTER_FLAG_THROTTLE)
+#define MASTER_MARKED_FOR_DELETION(f) ((f)->flags & MASTER_FLAG_MARK)
#define MASTER_LIMIT_OK(limit, count) ((limit) == 0 || ((count) < (limit)))
(char *) &pid, sizeof(pid))) == 0)
msg_panic("master_reap: unknown pid: %d", pid);
serv = proc->serv;
+
+#define MASTER_KILL_SIGNAL SIGTERM
+#define MASTER_SENT_SIGNAL(serv, status) \
+ (MASTER_MARKED_FOR_DELETION(serv) \
+ && WTERMSIG(status) == MASTER_KILL_SIGNAL)
+
if (!NORMAL_EXIT_STATUS(status)) {
if (WIFEXITED(status))
msg_warn("process %s pid %d exit status %d",
serv->path, pid, WEXITSTATUS(status));
- if (WIFSIGNALED(status))
+ if (WIFSIGNALED(status) && !MASTER_SENT_SIGNAL(serv, status))
msg_warn("process %s pid %d killed by signal %d",
serv->path, pid, WTERMSIG(status));
- }
- if (!NORMAL_EXIT_STATUS(status) && proc->use_count == 0
- && (serv->flags & MASTER_FLAG_THROTTLE) == 0) {
- msg_warn("%s: bad command startup -- throttling", serv->path);
- master_throttle(serv);
+ /* master_delete_children() throttles first, then kills. */
+ if (proc->use_count == 0
+ && (serv->flags & MASTER_FLAG_THROTTLE) == 0) {
+ msg_warn("%s: bad command startup -- throttling", serv->path);
+ master_throttle(serv);
+ }
}
master_delete_child(proc);
}
for (info = list = binhash_list(master_child_table); *info; info++) {
proc = (MASTER_PROC *) info[0]->value;
if (proc->serv == serv)
- (void) kill(proc->pid, SIGTERM);
+ (void) kill(proc->pid, MASTER_KILL_SIGNAL);
}
while (serv->total_proc > 0)
master_reap_child();
/* .IP \fBsdbm\fR
/* An indexed file type based on hashing.
/* This is available on systems with support for SDBM databases.
+/* .IP "\fBsqlite\fR (read-only)"
+/* Perform lookups from SQLite database files. This is described
+/* in \fBsqlite_table\fR(5).
/* .IP "\fBstatic\fR (read-only)"
/* A table that always returns its name as lookup result. For example,
/* \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
/* pcre_table(5), Associate PCRE pattern with value
/* pgsql_table(5), Postfix PostgreSQL client
/* regexp_table(5), Associate POSIX regexp pattern with value
+/* slite_table(5), Postfix SQLite database driver
/* tcp_table(5), Postfix client-server table lookup
/*
/* Daemon processes:
* negative length parameters).
*/
new_len = bp->len + (bp->len > incr ? bp->len : incr);
- if (new_len < 0)
+ if (new_len <= bp->len)
msg_fatal("vstring_extend: length overflow");
bp->data = (unsigned char *) myrealloc((char *) bp->data, new_len);
bp->len = new_len;
projects / thirdparty / postfix.git / commitdiff
