#++
# NAME
#	mysql_table 5
# SUMMARY
#	Postfix MySQL client configuration
# SYNOPSIS
#	\fBpostmap -q "\fIstring\fB" mysql:/etc/postfix/\fIfilename\fR
#
#	\fBpostmap -q - mysql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
# DESCRIPTION
#	The Postfix mail system uses optional tables for address
#	rewriting or mail routing. These tables are usually in
#	\fBdbm\fR or \fBdb\fR format.
#
#	Alternatively, lookup tables can be specified as MySQL databases.
#	In order to use MySQL lookups, define a MySQL source as a lookup
#	table in main.cf, for example:
# .nf
#	    alias_maps = mysql:/etc/postfix/mysql-aliases.cf
# .fi
#
#	The file /etc/postfix/mysql-aliases.cf has the same format as
#	the Postfix main.cf file, and can specify the parameters
#	described below.
# LIST MEMBERSHIP
# .ad
# .fi
#	When using SQL to store lists such as $mynetworks,
#	$mydestination, $relay_domains, $local_recipient_maps,
#	etc., it is important to understand that the table must
#	store each list member as a separate key. The table lookup
#	verifies the *existence* of the key. See "Postfix lists
#	versus tables" in the DATABASE_README document for a
#	discussion.
#
#	Do NOT create tables that return the full list of domains
#	in $mydestination or $relay_domains etc., or IP addresses
#	in $mynetworks.
#
#	DO create tables with each matching item as a key and with
#	an arbitrary value. With SQL databases it is not uncommon to
#	return the key itself or a constant value.
# MYSQL PARAMETERS
# .ad
# .fi
# .IP "\fBhosts\fR"
#	The hosts that Postfix will try to connect to and query from.
#	Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP
#	connections (default).  Examples:
# .nf
#	    hosts = inet:host1.some.domain inet:host2.some.domain:port
#	    hosts = host1.some.domain host2.some.domain:port
#	    hosts = unix:/file/name
# .fi
#
#	The hosts are tried in random order, with all connections over
#	UNIX domain sockets being tried before those over TCP.	The
#	connections are automatically closed after being idle for about
#	1 minute, and are re-opened as necessary. Postfix versions 2.0
#	and earlier do not randomize the host order.
#
#	NOTE: if you specify localhost as a hostname (even if you
#	prefix it with \fIinet:\fR), MySQL will connect to the default
#	UNIX domain socket.  In order to instruct MySQL to connect to
#	localhost over TCP you have to specify
# .nf
#	    hosts = 127.0.0.1
# .fi
#
#	NOTE: if the \fBhosts\fR setting specifies one server, this client
#	assumes that the target is a load balancer and will reconnect
#	immediately after a single failure, instead of failing all
#	requests temporarily. With older versions of this client,
#	specify the same server twice.
# .IP "\fBuser\fR"
# .IP "\fBpassword\fR"
#	The user name and password to log into the mysql server.
#	Example:
# .nf
#	    user = someone
#	    password = some_password
# .fi
# .IP "\fBdbname\fR"
#	The database name on the servers. Example:
# .nf
#	    dbname = customer_database
# .fi
# .IP "\fBcharset (default: utf8mb4)\fR"
#	The default MySQL client character set; this also implies
#	the collation order.
#
#	This parameter is available with Postfix 3.9 and later.
#	With earlier Postfix versions, the default was chosen by
#	the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0,
#	\fBlatin1\fR historically).
# .IP "\fBidle_interval (default: 60)\fR"
#	The number of seconds after which an idle database connection
#	will be closed.
#
#	This feature is available in Postfix 3.9 and later.
# .IP "\fBretry_interval (default: 60)\fR"
#	The number of seconds that a database connection will be
#	skipped after an error.
#
#	NOTE: if the \fBhosts\fR setting specifies one server, this client
#	assumes that the target is a load balancer and will reconnect
#	immediately after a single failure, instead of failing all
#	requests temporarily. With older versions of this client,
#	specify the same server twice.
#
#	This feature is available in Postfix 3.9 and later.
# .IP "\fBquery\fR"
#	The SQL query template used to search the database, where \fB%s\fR
#	is a substitute for the address Postfix is trying to resolve,
#	e.g.
# .nf
#	    query = SELECT replacement FROM aliases WHERE mailbox = '%s'
# .fi
#
#	By default, every query must return a result set (instead
#	of storing its results in a table); with "\fBrequire_result_set
#	= no\fR" (Postfix 3.2 and later), the absence of a result
#	set is treated as "not found".
#
#	This parameter supports the following '%' expansions:
# .RS
# .IP "\fB%%\fR"
#	This is replaced by a literal '%' character.
# .IP "\fB%s\fR"
#	This is replaced by the input key.
#	SQL quoting is used to make sure that the input key does not
#	add unexpected metacharacters.
# .IP "\fB%u\fR"
#	When the input key is an address of the form user@domain, \fB%u\fR
#	is replaced by the SQL quoted local part of the address.
#	Otherwise, \fB%u\fR is replaced by the entire search string.
#	If the localpart is empty, the query is suppressed and returns
#	no results.
# .IP "\fB%d\fR"
#	When the input key is an address of the form user@domain, \fB%d\fR
#	is replaced by the SQL quoted domain part of the address.
#	Otherwise, the query is suppressed and returns no results.
# .IP "\fB%[SUD]\fR"
#	The upper-case equivalents of the above expansions behave in the
#	\fBquery\fR parameter identically to their lower-case counter-parts.
#	With the \fBresult_format\fR parameter (see below), they expand the
#	input key rather than the result value.
# .IP "\fB%[1-9]\fR"
#	The patterns %1, %2, ... %9 are replaced by the corresponding
#	most significant component of the input key's domain. If the
#	input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
#	%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
#	unqualified or does not have enough domain components to satisfy
#	all the specified patterns, the query is suppressed and returns
#	no results.
# .RE
# .IP
#	The \fBdomain\fR parameter described below limits the input
#	keys to addresses in matching domains. When the \fBdomain\fR
#	parameter is non-empty, SQL queries for unqualified addresses
#	or addresses in non-matching domains are suppressed
#	and return no results.
#
#	This parameter is available with Postfix 2.2. In prior releases
#	the SQL query was built from the separate parameters:
#	\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and
#	\fBadditional_conditions\fR. The mapping from the old parameters
#	to the equivalent query is:
#
# .nf
#	    SELECT [\fBselect_field\fR]
#	    FROM [\fBtable\fR]
#	    WHERE [\fBwhere_field\fR] = '%s'
#	          [\fBadditional_conditions\fR]
# .fi
#
#	The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
#	With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
#	parameter is not specified.
#
#	NOTE: DO NOT put quotes around the query parameter.
# .IP "\fBresult_format (default: \fB%s\fR)\fR"
#	Format template applied to result attributes. Most commonly used
#	to append (or prepend) text to the result. This parameter supports
#	the following '%' expansions:
# .RS
# .IP "\fB%%\fR"
#	This is replaced by a literal '%' character.
# .IP "\fB%s\fR"
#	This is replaced by the value of the result attribute. When
#	result is empty it is skipped.
# .IP "\fB%u\fR
#	When the result attribute value is an address of the form
#	user@domain, \fB%u\fR is replaced by the local part of the
#	address. When the result has an empty localpart it is skipped.
# .IP "\fB%d\fR"
#	When a result attribute value is an address of the form
#	user@domain, \fB%d\fR is replaced by the domain part of
#	the attribute value. When the result is unqualified it
#	is skipped.
# .IP "\fB%[SUD1-9]\fR"
#	The upper-case and decimal digit expansions interpolate
#	the parts of the input key rather than the result. Their
#	behavior is identical to that described with \fBquery\fR,
#	and in fact because the input key is known in advance, queries
#	whose key does not contain all the information specified in
#	the result template are suppressed and return no results.
# .RE
# .IP
#	For example, using "result_format = smtp:[%s]" allows one
#	to use a mailHost attribute as the basis of a transport(5)
#	table. After applying the result format, multiple values
#	are concatenated as comma separated strings. The expansion_limit
#	and parameter explained below allows one to restrict the number
#	of values in the result, which is especially useful for maps that
#	must return at most one value.
#
#	The default value \fB%s\fR specifies that each result value should
#	be used as is.
#
#	This parameter is available with Postfix 2.2 and later.
#
#	NOTE: DO NOT put quotes around the result format!
# .IP "\fBdomain (default: no domain list)\fR"
#	This is a list of domain names, paths to files, or "type:table"
#	databases. When specified, only fully qualified search keys
#	with a *non-empty* localpart and a matching domain are
#	eligible for lookup: 'user' lookups, bare domain lookups
#	and "@domain" lookups are not performed. This can significantly
#	reduce the query load on the MySQL server.
# .nf
#	    domain = postfix.org, hash:/etc/postfix/searchdomains
# .fi
#
#	It is best not to use SQL to store the domains eligible
#	for SQL lookups.
#
#	This parameter is available with Postfix 2.2 and later.
#
#	NOTE: DO NOT define this parameter for local(8) aliases,
#	because the input keys are always unqualified.
# .IP "\fBexpansion_limit (default: 0)\fR"
#	A limit on the total number of result elements returned
#	(as a comma separated list) by a lookup against the map.
#	A setting of zero disables the limit. Lookups fail with a
#	temporary error if the limit is exceeded.  Setting the
#	limit to 1 ensures that lookups do not return multiple
#	values.
# .IP "\fBoption_file\fR"
#	Read options from the given file instead of the default my.cnf
#	location. This reads options from the \fB[client]\fR option
#	group, optionally followed by options from the group given
#	with \fBoption_group\fR.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBoption_group (default: Postfix >=3.2: client, <= 3.1: empty)\fR"
#	Read options from the given group of the mysql options file,
#	after reading options from the \fB[client]\fR group.
# .sp
#	Postfix 3.2 and later read \fB[client]\fR option group
#	settings by default. To disable this specify no \fBoption_file\fR
#	and specify "\fBoption_group =\fR" (i.e. an empty value).
# .sp
#	Postfix 3.1 and earlier don't read \fB[client]\fR option
#	group settings unless a non-empty \fBoption_file\fR or
#	\fBoption_group\fR value are specified. To enable this,
#	specify, for example, "\fBoption_group = client\fR".
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBrequire_result_set (default: yes)\fR"
#	If "\fByes\fR", require that every query returns a result
#	set.  If "\fBno\fR", treat the absence of a result set as
#	"not found".
# .sp
#	This parameter is available with Postfix 3.2 and later.
# TLS-RELATED SETTINGS
# .ad
# .fi
#	See https://dev.mysql.com/doc/c-api/en/mysql-options.html
#	or https://mariadb.com/kb/en/mysql_optionsv/ for details of
#	the underlying MYSQL_OPT_SSL_* features.
# .IP "\fBtls_cert_file\fR"
#	File containing client's X509 certificate.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_key_file\fR"
#	File containing the private key corresponding to \fBtls_cert_file\fR.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_CAfile\fR"
#	File containing X509 certificates for all of the Certification
#	Authorities the client will recognize.  Takes precedence over
#	\fBtls_CApath\fR.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_CApath\fR"
#	Directory containing X509 Certification Authority certificates
#	in separate individual files.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_ciphers\fR"
#	The list of permissible ciphers for SSL encryption.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_verify_cert (default: no)\fR"
#	Verify that the server's name matches the common name in the
#	certificate.
# .sp
#	This parameter is available with Postfix 2.11 and later.
# USING MYSQL STORED PROCEDURES
# .ad
# .fi
#	Postfix 3.2 and later support calling a stored procedure
#	instead of using a SELECT statement in the query, e.g.
#
# .nf
#	    \fBquery\fR = CALL lookup('%s')
# .fi
#
#	The previously described '%' expansions can be used in the
#	parameter(s) to the stored procedure.
#
#	By default, every stored procedure call must return a result
#	set, i.e. every code path must execute a SELECT statement
#	that returns a result set (instead of storing its results
#	in a table). With "\fBrequire_result_set = no\fR", the
#	absence of a result set is treated as "not found".
#
#	A stored procedure must not return multiple result sets.
#	That is, there must be no code path that executes multiple
#	SELECT statements that return a result (instead of storing
#	their results in a table).
#
#	The following is an example of a stored procedure returning
#	a single result set:
#
# .nf
#	CREATE [DEFINER=`user`@`host`] PROCEDURE
#	`lookup`(IN `param` VARCHAR(255))
#	    READS SQL DATA
#	    SQL SECURITY INVOKER
#	    BEGIN
#	        select goto from alias where address=param;
#	    END
# .fi
# OBSOLETE MAIN.CF PARAMETERS
# .ad
# .fi
#	For compatibility with other Postfix lookup tables, MySQL
#	parameters can also be defined in main.cf.  In order to do that,
#	specify as MySQL source a name that doesn't begin with a slash
#	or a dot.  The MySQL parameters will then be accessible as the
#	name you've given the source in its definition, an underscore,
#	and the name of the parameter.	For example, if the map is
#	specified as "mysql:\fImysqlname\fR", the parameter "hosts"
#	would be defined in main.cf as "\fImysqlname\fR_hosts".
#
#	Note: with this form, the passwords for the MySQL sources are
#	written in main.cf, which is normally world-readable.  Support
#	for this form will be removed in a future Postfix version.
# OBSOLETE QUERY INTERFACE
# .ad
# .fi
#	This section describes an interface that is deprecated as
#	of Postfix 2.2. It is replaced by the more general \fBquery\fR
#	interface described above. If the \fBquery\fR parameter
#	is defined, the legacy parameters described here ignored.
#	Please migrate to the new interface as the legacy interface
#	may be removed in a future release.
#
#	The following parameters can be used to fill in a
#	SELECT template statement of the form:
#
# .nf
#	    SELECT [\fBselect_field\fR]
#	    FROM [\fBtable\fR]
#	    WHERE [\fBwhere_field\fR] = '%s'
#	          [\fBadditional_conditions\fR]
# .fi
#
#	The specifier %s is replaced by the search string, and is
#	escaped so if it contains single quotes or other odd characters,
#	it will not cause a parse error, or worse, a security problem.
# .IP "\fBselect_field\fR"
#	The SQL "select" parameter. Example:
# .nf
#	    \fBselect_field\fR = forw_addr
# .fi
# .IP "\fBtable\fR"
#	The SQL "select .. from" table name. Example:
# .nf
#	    \fBtable\fR = mxaliases
# .fi
# .IP "\fBwhere_field\fR
#	The SQL "select .. where" parameter. Example:
# .nf
#	    \fBwhere_field\fR = alias
# .fi
# .IP "\fBadditional_conditions\fR
#	Additional conditions to the SQL query. Example:
# .nf
#	    \fBadditional_conditions\fR = AND status = 'paid'
# .fi
# SEE ALSO
#	postmap(1), Postfix lookup table maintenance
#	postconf(5), configuration parameters
#	ldap_table(5), LDAP lookup tables
#	pgsql_table(5), PostgreSQL lookup tables
#	sqlite_table(5), SQLite lookup tables
# README FILES
# .ad
# .fi
#	Use "\fBpostconf readme_directory\fR" or
#	"\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
#	DATABASE_README, Postfix lookup table overview
#	MYSQL_README, Postfix MYSQL client guide
# LICENSE
# .ad
# .fi
#	The Secure Mailer license must be distributed with this software.
# HISTORY
#	MySQL support was introduced with Postfix version 1.0.
# AUTHOR(S)
#	Original implementation by:
#	Scott Cotton, Joshua Marcus
#	IC Group, Inc.
#
#	Further enhancements by:
#	Liviu Daia
#	Institute of Mathematics of the Romanian Academy
#	P.O. BOX 1-764
#	RO-014700 Bucharest, ROMANIA
#
#	Stored-procedure support by John Fawcett.
#
#	Wietse Venema
#	Google, Inc.
#	111 8th Avenue
#	New York, NY 10011, USA
#--