Particulars of postfix/mysql interaction
- I've successfully configured Postfix to use MySQL for its virtualusertable
lookups with three tables: virtual_addresses, actual_addresses, and
address_link. These are joined back together via this query, which gets the
list of all the addresses that a virtual address should "resolve" to:
query = SELECT actual_addresses.actual_address
WHERE virtual_addresses.id = address_link.virtual_address_id
AND actual_addresses.id = address_link.actual_address_id
AND virtual_addresses.virtual_address = '%s'
This works great! But in my (possibly irrational) drive for normalization, I
would like to split the user and domain portions of the "virtual" side into
two separate tables. I see how I can structure the query using the the %u
and %d parameters. So, something like this:
SELECT actual_addresses.actual_address FROM
virtual_users, virtual_domains, address_link, actual_addresses
WHERE [Some funky joins]
AND virtual_users.virtual_user = '%u'
AND virtual_domains.virtual_domain = '%d'
BUT! The docs (http://www.postfix.org/mysql_table.5.html) say that if either
of those parameters are empty, the query is suppressed. OK, fair enough, but
then how does one handle "catch alls"? In the virtualusertable file as well
as with the original query, there are entries on the "left hand side" that
are simply @.... This would imply %u to be empty, thus no query
Can you specify multiple queries? I guess that would make sense, but it is
never explicitly stated.
I guess this would also be a good time to request additional examples in the
mysql_table(5) man page as, while the query parameters make sense, the
result_format doesn't really click.
Lead System Admin -- Senior Programmer
PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111
- On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
> they connect on port 465 :[...]
> 13:52:41.642644 IP 184.108.40.206.59879 > 220.127.116.11.465: S 1203166760:1203166760(0) win 16384
> <mss 1460,nop,nop,sackOK>
> Our master.cf config fort smtps is ;
> smtps inet n - n - - smtpd
> -o smtpd_proxy_filter=127.0.0.1:10025
> -o smtpd_tls_wrappermode=yes
> -o smtpd_use_tls=yes
> -o smtpd_tls_auth_only=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_sasl_security_options=noanonymous
> -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
> -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject
> Two questions :I'd say yes, because 465 means only that the transfer must be encrypted. But I
> - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
> authenticated) ?
may be wrong.
I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
I don't know whether that has impact to connecting clients. All I know is, that
I have no smtps set up, while providing TLS though.
Probably someone more TLS experienced can answer this.
> - why didn't I see anything in the log file (even with debub_peer_list = 18.104.22.168) ?If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
I don't know, I never used debug_peer_list (allthough sometimes I should).
Robert Felber (PGP: 896CF30B)