1MYSQL_TABLE(5) File Formats Manual MYSQL_TABLE(5)
2
6 mysql_table - Postfix MySQL client configuration
7
9 postmap -q "string" mysql:/etc/postfix/filename
10 postmap -q - mysql:/etc/postfix/filename <inputfile
12
14 The Postfix mail system uses optional tables for address rewriting or
15 mail routing. These tables are usually in dbm or db format.
16 Alternatively, lookup tables can be specified as MySQL databases. In
18 order to use MySQL lookups, define a MySQL source as a lookup table in
19 main.cf, for example:
20 alias_maps = mysql:/etc/postfix/mysql-aliases.cf
21 The file /etc/postfix/mysql-aliases.cf has the same format as the Post‐
23 fix main.cf file, and can specify the parameters described below.
24
26 When using SQL to store lists such as $mynetworks, $mydestination, $re‐
27 lay_domains, $local_recipient_maps, etc., it is important to understand
28 that the table must store each list member as a separate key. The table
29 lookup verifies the *existence* of the key. See "Postfix lists versus
30 tables" in the DATABASE_README document for a discussion.
31 Do NOT create tables that return the full list of domains in $mydesti‐
33 nation or $relay_domains etc., or IP addresses in $mynetworks.
34 DO create tables with each matching item as a key and with an arbitrary
36 value. With SQL databases it is not uncommon to return the key itself
37 or a constant value.
38
40 hosts The hosts that Postfix will try to connect to and query from.
41 Specify unix: for UNIX domain sockets, inet: for TCP connections
42 (default). Examples:
43 hosts = inet:host1.some.domain inet:host2.some.domain:port
44 hosts = host1.some.domain host2.some.domain:port
45 hosts = unix:/file/name
46 The hosts are tried in random order, with all connections over
48 UNIX domain sockets being tried before those over TCP. The con‐
49 nections are automatically closed after being idle for about 1
50 minute, and are re-opened as necessary. Postfix versions 2.0 and
51 earlier do not randomize the host order.
52 NOTE: if you specify localhost as a hostname (even if you prefix
54 it with inet:), MySQL will connect to the default UNIX domain
55 socket. In order to instruct MySQL to connect to localhost over
56 TCP you have to specify
57 hosts = 127.0.0.1
58 user
60 password
62 The user name and password to log into the mysql server. Exam‐
63 ple:
64 user = someone
65 password = some_password
66 dbname The database name on the servers. Example:
68 dbname = customer_database
69 query The SQL query template used to search the database, where %s is
71 a substitute for the address Postfix is trying to resolve, e.g.
72 query = SELECT replacement FROM aliases WHERE mailbox = '%s'
73 By default, every query must return a result set (instead of
75 storing its results in a table); with "require_result_set = no"
76 (Postfix 3.2 and later), the absence of a result set is treated
77 as "not found".
78 This parameter supports the following '%' expansions:
80 %% This is replaced by a literal '%' character.
82 %s This is replaced by the input key. SQL quoting is used
84 to make sure that the input key does not add unexpected
85 metacharacters.
86 %u When the input key is an address of the form user@domain,
88 %u is replaced by the SQL quoted local part of the ad‐
89 dress. Otherwise, %u is replaced by the entire search
90 string. If the localpart is empty, the query is sup‐
91 pressed and returns no results.
92 %d When the input key is an address of the form user@domain,
94 %d is replaced by the SQL quoted domain part of the ad‐
95 dress. Otherwise, the query is suppressed and returns no
96 results.
97 %[SUD] The upper-case equivalents of the above expansions behave
99 in the query parameter identically to their lower-case
100 counter-parts. With the result_format parameter (see be‐
101 low), they expand the input key rather than the result
102 value.
103 %[1-9] The patterns %1, %2, ... %9 are replaced by the corre‐
105 sponding most significant component of the input key's
106 domain. If the input key is user@mail.example.com, then
107 %1 is com, %2 is example and %3 is mail. If the input key
108 is unqualified or does not have enough domain components
109 to satisfy all the specified patterns, the query is sup‐
110 pressed and returns no results.
111 The domain parameter described below limits the input keys to
113 addresses in matching domains. When the domain parameter is
114 non-empty, SQL queries for unqualified addresses or addresses in
115 non-matching domains are suppressed and return no results.
116 This parameter is available with Postfix 2.2. In prior releases
118 the SQL query was built from the separate parameters: se‐
119 lect_field, table, where_field and additional_conditions. The
120 mapping from the old parameters to the equivalent query is:
121 SELECT [select_field]
123 FROM [table]
124 WHERE [where_field] = '%s'
125 [additional_conditions]
126 The '%s' in the WHERE clause expands to the escaped search
128 string. With Postfix 2.2 these legacy parameters are used if
129 the query parameter is not specified.
130 NOTE: DO NOT put quotes around the query parameter.
132 result_format (default: %s)
134 Format template applied to result attributes. Most commonly used
135 to append (or prepend) text to the result. This parameter sup‐
136 ports the following '%' expansions:
137 %% This is replaced by a literal '%' character.
139 %s This is replaced by the value of the result attribute.
141 When result is empty it is skipped.
142 %u When the result attribute value is an address of the form
144 user@domain, %u is replaced by the local part of the ad‐
145 dress. When the result has an empty localpart it is
146 skipped.
147 %d When a result attribute value is an address of the form
149 user@domain, %d is replaced by the domain part of the at‐
150 tribute value. When the result is unqualified it is
151 skipped.
152 %[SUD1-9]
154 The upper-case and decimal digit expansions interpolate
155 the parts of the input key rather than the result. Their
156 behavior is identical to that described with query, and
157 in fact because the input key is known in advance,
158 queries whose key does not contain all the information
159 specified in the result template are suppressed and re‐
160 turn no results.
161 For example, using "result_format = smtp:[%s]" allows one to use
163 a mailHost attribute as the basis of a transport(5) table. After
164 applying the result format, multiple values are concatenated as
165 comma separated strings. The expansion_limit and parameter ex‐
166 plained below allows one to restrict the number of values in the
167 result, which is especially useful for maps that must return at
168 most one value.
169 The default value %s specifies that each result value should be
171 used as is.
172 This parameter is available with Postfix 2.2 and later.
174 NOTE: DO NOT put quotes around the result format!
176 domain (default: no domain list)
178 This is a list of domain names, paths to files, or "type:table"
179 databases. When specified, only fully qualified search keys with
180 a *non-empty* localpart and a matching domain are eligible for
181 lookup: 'user' lookups, bare domain lookups and "@domain"
182 lookups are not performed. This can significantly reduce the
183 query load on the MySQL server.
184 domain = postfix.org, hash:/etc/postfix/searchdomains
185 It is best not to use SQL to store the domains eligible for SQL
187 lookups.
188 This parameter is available with Postfix 2.2 and later.
190 NOTE: DO NOT define this parameter for local(8) aliases, because
192 the input keys are always unqualified.
193 expansion_limit (default: 0)
195 A limit on the total number of result elements returned (as a
196 comma separated list) by a lookup against the map. A setting of
197 zero disables the limit. Lookups fail with a temporary error if
198 the limit is exceeded. Setting the limit to 1 ensures that
199 lookups do not return multiple values.
200 option_file
202 Read options from the given file instead of the default my.cnf
203 location. This reads options from the [client] option group, op‐
204 tionally followed by options from the group given with op‐
205 tion_group.
206 This parameter is available with Postfix 2.11 and later.
208 option_group (default: Postfix >=3.2: client, <= 3.1: empty)
210 Read options from the given group of the mysql options file, af‐
211 ter reading options from the [client] group.
212 Postfix 3.2 and later read [client] option group settings by de‐
214 fault. To disable this specify no option_file and specify "op‐
215 tion_group =" (i.e. an empty value).
216 Postfix 3.1 and earlier don't read [client] option group set‐
218 tings unless a non-empty option_file or option_group value are
219 specified. To enable this, specify, for example, "option_group =
220 client".
221 This parameter is available with Postfix 2.11 and later.
223 require_result_set (default: yes)
225 If "yes", require that every query returns a result set. If
226 "no", treat the absence of a result set as "not found".
227 This parameter is available with Postfix 3.2 and later.
229 tls_cert_file
231 File containing client's X509 certificate.
232 This parameter is available with Postfix 2.11 and later.
234 tls_key_file
236 File containing the private key corresponding to tls_cert_file.
237 This parameter is available with Postfix 2.11 and later.
239 tls_CAfile
241 File containing certificates for all of the X509 Certification
242 Authorities the client will recognize. Takes precedence over
243 tls_CApath.
244 This parameter is available with Postfix 2.11 and later.
246 tls_CApath
248 Directory containing X509 Certification Authority certificates
249 in separate individual files.
250 This parameter is available with Postfix 2.11 and later.
252 tls_ciphers
254 The list of permissible ciphers for SSL encryption.
255 This parameter is available with Postfix 2.11 and later.
257 tls_verify_cert (default: no)
259 Verify that the server's name matches the common name in the
260 certificate.
261 This parameter is available with Postfix 2.11 and later.
263
265 Postfix 3.2 and later support calling a stored procedure instead of us‐
266 ing a SELECT statement in the query, e.g.
267 query = CALL lookup('%s')
269 The previously described '%' expansions can be used in the parameter(s)
271 to the stored procedure.
272 By default, every stored procedure call must return a result set, i.e.
274 every code path must execute a SELECT statement that returns a result
275 set (instead of storing its results in a table). With "require_re‐
276 sult_set = no", the absence of a result set is treated as "not found".
277 A stored procedure must not return multiple result sets. That is,
279 there must be no code path that executes multiple SELECT statements
280 that return a result (instead of storing their results in a table).
281 The following is an example of a stored procedure returning a single
283 result set:
284 CREATE [DEFINER=`user`@`host`] PROCEDURE
286 `lookup`(IN `param` VARCHAR(255))
287 READS SQL DATA
288 SQL SECURITY INVOKER
289 BEGIN
290 select goto from alias where address=param;
291 END
292
294 For compatibility with other Postfix lookup tables, MySQL parameters
295 can also be defined in main.cf. In order to do that, specify as MySQL
296 source a name that doesn't begin with a slash or a dot. The MySQL pa‐
297 rameters will then be accessible as the name you've given the source in
298 its definition, an underscore, and the name of the parameter. For ex‐
299 ample, if the map is specified as "mysql:mysqlname", the parameter
300 "hosts" would be defined in main.cf as "mysqlname_hosts".
301 Note: with this form, the passwords for the MySQL sources are written
303 in main.cf, which is normally world-readable. Support for this form
304 will be removed in a future Postfix version.
305
307 This section describes an interface that is deprecated as of Postfix
308 2.2. It is replaced by the more general query interface described
309 above. If the query parameter is defined, the legacy parameters de‐
310 scribed here ignored. Please migrate to the new interface as the
311 legacy interface may be removed in a future release.
312 The following parameters can be used to fill in a SELECT template
314 statement of the form:
315 SELECT [select_field]
317 FROM [table]
318 WHERE [where_field] = '%s'
319 [additional_conditions]
320 The specifier %s is replaced by the search string, and is escaped so if
322 it contains single quotes or other odd characters, it will not cause a
323 parse error, or worse, a security problem.
324 select_field
326 The SQL "select" parameter. Example:
327 select_field = forw_addr
328 table The SQL "select .. from" table name. Example:
330 table = mxaliases
331 where_field
333 The SQL "select .. where" parameter. Example:
334 where_field = alias
335 additional_conditions
337 Additional conditions to the SQL query. Example:
338 additional_conditions = AND status = 'paid'
339
341 postmap(1), Postfix lookup table maintenance
342 postconf(5), configuration parameters
343 ldap_table(5), LDAP lookup tables
344 pgsql_table(5), PostgreSQL lookup tables
345 sqlite_table(5), SQLite lookup tables
346
348 Use "postconf readme_directory" or "postconf html_directory" to locate
349 this information.
350 DATABASE_README, Postfix lookup table overview
351 MYSQL_README, Postfix MYSQL client guide
352
354 The Secure Mailer license must be distributed with this software.
355
357 MySQL support was introduced with Postfix version 1.0.
358
360 Original implementation by:
361 Scott Cotton, Joshua Marcus
362 IC Group, Inc.
363 Further enhancements by:
365 Liviu Daia
366 Institute of Mathematics of the Romanian Academy
367 P.O. BOX 1-764
368 RO-014700 Bucharest, ROMANIA
369 Stored-procedure support by John Fawcett.
371 Wietse Venema
373 Google, Inc.
374 111 8th Avenue
375 New York, NY 10011, USA
376 MYSQL_TABLE(5)