Loading ...
Sorry, an error occurred while loading the content.
 

Particulars of postfix/mysql interaction

Expand Messages
  • Joshua J. Kugler
    I ve successfully configured Postfix to use MySQL for its virtualusertable lookups with three tables: virtual_addresses, actual_addresses, and address_link.
    Message 1 of 36 , Jun 23, 2006
      I've successfully configured Postfix to use MySQL for its virtualusertable
      lookups with three tables: virtual_addresses, actual_addresses, and
      address_link. These are joined back together via this query, which gets the
      list of all the addresses that a virtual address should "resolve" to:

      query = SELECT actual_addresses.actual_address
      FROM virtual_addresses,actual_addresses,address_link
      WHERE virtual_addresses.id = address_link.virtual_address_id
      AND actual_addresses.id = address_link.actual_address_id
      AND virtual_addresses.virtual_address = '%s'

      This works great! But in my (possibly irrational) drive for normalization, I
      would like to split the user and domain portions of the "virtual" side into
      two separate tables. I see how I can structure the query using the the %u
      and %d parameters. So, something like this:

      SELECT actual_addresses.actual_address FROM
      virtual_users, virtual_domains, address_link, actual_addresses
      WHERE [Some funky joins]
      AND virtual_users.virtual_user = '%u'
      AND virtual_domains.virtual_domain = '%d'

      BUT! The docs (http://www.postfix.org/mysql_table.5.html) say that if either
      of those parameters are empty, the query is suppressed. OK, fair enough, but
      then how does one handle "catch alls"? In the virtualusertable file as well
      as with the original query, there are entries on the "left hand side" that
      are simply @.... This would imply %u to be empty, thus no query
      performed.

      Can you specify multiple queries? I guess that would make sense, but it is
      never explicitly stated.

      I guess this would also be a good time to request additional examples in the
      mysql_table(5) man page as, while the query parameters make sense, the
      result_format doesn't really click.

      j

      --
      Joshua Kugler
      Lead System Admin -- Senior Programmer
      http://www.eeinternet.com
      PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
      PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111
    • Robert Felber
      ... [...] ... I d say yes, because 465 means only that the transfer must be encrypted. But I may be wrong. I am no TLS/SSL/SASL/ expert, but it seems you have
      Message 36 of 36 , Jul 3, 2006
        On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
        > they connect on port 465 :
        >
        > 13:52:41.642644 IP 217.7.78.26.59879 > 130.104.4.1.465: S 1203166760:1203166760(0) win 16384
        > <mss 1460,nop,nop,sackOK>
        >
        > Our master.cf config fort smtps is ;
        >
        > smtps inet n - n - - smtpd
        > -o smtpd_proxy_filter=127.0.0.1:10025
        > -o smtpd_tls_wrappermode=yes
        > -o smtpd_use_tls=yes
        > -o smtpd_tls_auth_only=yes
        > -o smtpd_sasl_auth_enable=yes
        > -o smtpd_sasl_security_options=noanonymous
        > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
        > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

        [...]

        > Two questions :
        >
        > - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
        > authenticated) ?

        I'd say yes, because 465 means only that the transfer must be encrypted. But I
        may be wrong.
        I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
        I don't know whether that has impact to connecting clients. All I know is, that
        I have no smtps set up, while providing TLS though.
        Probably someone more TLS experienced can answer this.


        > - why didn't I see anything in the log file (even with debub_peer_list = 217.7.78.26) ?

        If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
        I don't know, I never used debug_peer_list (allthough sometimes I should).


        --
        Robert Felber (PGP: 896CF30B)
        Munich, Germany
      Your message has been successfully submitted and would be delivered to recipients shortly.