From: Giorgio Ravera <giorgio.ravera@gmail.com>
Date: Wed, 27 Mar 2019 20:42:21 +0000 (+0100)
Subject: First commit - migrated to MySQL
X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=3ca0327a025976cbaeae046c70dd856ab12d570b;p=postfix.git

First commit - migrated to MySQL
---

3ca0327a025976cbaeae046c70dd856ab12d570b
diff --git a/bounce.cf b/bounce.cf
new file mode 100644
index 0000000..293dfb9
--- /dev/null
+++ b/bounce.cf
@@ -0,0 +1,105 @@
+#
+# The failure template is used when mail is returned to the sender;
+# either the destination rejected the message, or the destination
+# could not be reached before the message expired in the queue.
+#
+
+failure_template = <<EOF
+Charset: us-ascii
+From: MAILER-DAEMON (Mail Delivery System)
+Subject: Undelivered Mail Returned to Sender
+Postmaster-Subject: Postmaster Copy: Undelivered Mail
+
+This is the mail system at host $myhostname.
+
+I'm sorry to have to inform you that your message could not
+be delivered to one or more recipients. It's attached below.
+
+For further assistance, please send mail to giorgio@giorgioravera.it
+
+If you do so, please include this problem report. You can
+delete your own text from the attached returned message.
+
+                   The mail system
+EOF
+
+
+#
+# The delay template is used when mail is delayed. Note a neat trick:
+# the default template displays the delay_warning_time value as hours
+# by appending the _hours suffix to the parameter name; it displays
+# the maximal_queue_lifetime value as days by appending the _days
+# suffix.
+#
+# Other suffixes are: _seconds, _minutes, _weeks. There are no other
+# main.cf parameters that have this special behavior.
+#
+# You need to adjust these suffixes (and the surrounding text) if
+# you have very different settings for these time parameters.
+#
+
+delay_template = <<EOF
+Charset: us-ascii
+From: MAILER-DAEMON (Mail Delivery System)
+Subject: Delayed Mail (still being retried)
+Postmaster-Subject: Postmaster Warning: Delayed Mail
+
+This is the mail system at host $myhostname.
+
+####################################################################
+# THIS IS A WARNING ONLY.  YOU DO NOT NEED TO RESEND YOUR MESSAGE. #
+####################################################################
+
+Your message could not be delivered for more than $delay_warning_time_hours hour(s).
+It will be retried until it is $maximal_queue_lifetime_days day(s) old.
+
+For further assistance, please send mail to giorgio@giorgioravera.it
+
+If you do so, please include this problem report. You can
+delete your own text from the attached returned message.
+
+                   The mail system
+EOF
+
+
+#
+# The success template is used when mail is delivered to mailbox,
+# when an alias or list is expanded, or when mail is delivered to a
+# system that does not announce DSN support. It is an error to specify
+# a Postmaster-Subject: here.
+#
+
+success_template = <<EOF
+Charset: us-ascii
+From: MAILER-DAEMON (Mail Delivery System)
+Subject: Successful Mail Delivery Report
+
+This is the mail system at host $myhostname.
+
+Your message was successfully delivered to the destination(s)
+listed below. If the message was delivered to mailbox you will
+receive no further notifications. Otherwise you may still receive
+notifications of mail delivery errors from other systems.
+
+                   The mail system
+EOF
+
+
+#
+# The verify template is used for address verification (sendmail -bv
+# address...). or for verbose mail delivery (sendmail -v address...).
+# It is an error to specify a Postmaster-Subject: here.
+#
+
+verify_template = <<EOF
+Charset: us-ascii
+From: MAILER-DAEMON (Mail Delivery System)
+Subject: Mail Delivery Status Report
+
+This is the mail system at host $myhostname.
+
+Enclosed is the mail delivery report that you requested.
+
+                   The mail system
+EOF
+
diff --git a/main.cf b/main.cf
new file mode 100644
index 0000000..0612a50
--- /dev/null
+++ b/main.cf
@@ -0,0 +1,170 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+biff = yes
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
+# Map applied to sender and recipent
+canonical_maps = mysql:/etc/postfix/mysql/canonical_maps.cf
+# Map applied to recipent only
+#recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
+# Map applied to sender only
+#sender_canonical_maps = hash:/etc/postfix/sender_canonical
+#recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
+recipient_bcc_maps = mysql:/etc/postfix/mysql/recipient_bcc_maps.cf
+#sender_bcc_maps = hash:/etc/postfix/sender_bcc
+sender_bcc_maps = mysql:/etc/postfix/mysql/sender_bcc_maps.cf
+
+# Mailbox Virtuali -> non le uso perché non possono funzionare con procmail
+#virtual_transport = virtual
+#virtual_mailbox_limit = 0
+#virtual_mailbox_base = /var/mail
+#virtual_minimum_uid = 1000
+##virtual_uid_maps = static:8
+#virtual_uid_maps = hash:/etc/postfix/virtual_uid
+##virtual_gid_maps = static:8
+#virtual_mailbox_domains = /etc/postfix/virtual_domains
+#virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
+
+# Alias Virtuali
+#virtual_alias_domains = /etc/postfix/virtual_domains
+virtual_alias_domains = mysql:/etc/postfix/mysql/virtual_alias_domains.cf
+#virtual_alias_maps = hash:/etc/postfix/virtual_alias
+virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
+#transport_maps = hash:/etc/postfix/transport
+transport_maps = mysql:/etc/postfix/mysql/transport_maps.cf
+
+myhostname = mail.giorgioravera.it
+mydomain = giorgioravera.it
+myorigin = localhost.localdomain
+mydestination = localhost, localhost.localdomain
+#relay_domains = /etc/postfix/ml-domains
+relay_domains = mysql:/etc/postfix/mysql/relay_domains.cf
+mynetworks = 127.0.0.0/8, 192.168.0.0/24, 192.168.2.0/24
+inet_protocols = all
+mailbox_command = /usr/bin/procmail -a "$EXTENSION"
+mailbox_size_limit = 512000000
+message_size_limit = 20480000
+recipient_delimiter = +
+content_filter = amavis:[127.0.0.1]:10024
+#content_filter = spamassassin
+mailman_destination_recipient_limit = 1
+
+# Evita header X-Original-To
+enable_original_recipient = no
+# Evita header Delivered-To
+prepend_delivered_header =
+
+2bounce_notice_recipient = postmaster@giorgioravera.it
+address_verify_sender = postmaster@giorgioravera.it
+bounce_notice_recipient = postmaster@giorgioravera.it
+delay_notice_recipient = postmaster@giorgioravera.it
+error_notice_recipient = postmaster@giorgioravera.it
+bounce_template_file = /etc/postfix/bounce.cf
+
+disable_vrfy_command = yes
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU Linux)
+
+# SMTPD Auth
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_tls_security_options = noanonymous
+broken_sasl_auth_clients = yes
+smtpd_sasl_authenticated_header = no
+
+# SMTPD SSL
+smtpd_use_tls = yes
+#smtpd_tls_protocols = !SSLv2
+#smtpd_tls_key_file = /etc/ssl/giorgioravera.it/certs/mail.giorgioravera.it.key
+#smtpd_tls_cert_file = /etc/ssl/giorgioravera.it/certs/mail.giorgioravera.it.crt
+#smtpd_tls_CAfile = /etc/ssl/giorgioravera.it/ca.crt
+smtpd_tls_cert_file = /etc/letsencrypt/live/server.giorgioravera.it/fullchain.pem
+smtpd_tls_key_file = /etc/letsencrypt/live/server.giorgioravera.it/privkey.pem
+#smtpd_tls_loglevel = 2
+smtpd_tls_received_header = no
+smtpd_tls_session_cache_timeout = 3600s
+tls_random_source = dev:/dev/urandom
+
+# SMTPD Restrictions 
+# Allow connections from trusted networks only.
+smtpd_client_restrictions = permit_mynetworks,
+	permit_sasl_authenticated, 
+	reject_unauth_pipelining,
+	reject_unknown_client_hostname,
+	reject_rbl_client zen.spamhaus.org,
+#	reject_rbl_client dnsbl.sorbs.net,
+#	reject
+smtpd_delay_reject = yes
+smtpd_helo_required = yes
+# Don't talk to mail systems that don't know their own hostname.
+smtpd_helo_restrictions = reject_invalid_helo_hostname,
+	reject_non_fqdn_helo_hostname,
+	reject_unknown_helo_hostname
+# Don't accept mail from domains that don't exist.
+smtpd_sender_restrictions = reject_unknown_sender_domain,
+	reject_non_fqdn_sender,
+	reject_unknown_sender_domain
+# Don't accept mail from unlisted sender
+smtpd_reject_unlisted_sender = yes
+# Relay control (Postfix 2.10 and later): local clients and
+# authenticated clients may specify any destination domain.
+smtpd_relay_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination
+# Spam control: exclude local clients and authenticated clients
+# from DNSBL lookups.
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated, 
+	# reject_unauth_destination is not needed here if the mail
+	# relay policy is specified under smtpd_relay_restrictions
+	# (available with Postfix 2.10 and later).
+	reject_unauth_destination,
+	reject_non_fqdn_recipient,
+	reject_unknown_recipient_domain,
+	reject_rbl_client sbl.spamhaus.org,
+	reject_rbl_client cbl.abuseat.org,
+	reject_rbl_client dul.dnsbl.sorbs.net,
+	reject_rhsbl_helo dbl.spamhaus.org,
+	reject_rhsbl_sender dbl.spamhaus.org
+
+smtpd_error_sleep_time = 1s
+smtpd_soft_error_limit = 10
+smtpd_hard_error_limit = 20
+
+# SMTP Client
+smtp_use_tls = yes
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous
+#smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_passwd
+smtp_sasl_password_maps = mysql:/etc/postfix/mysql/smtp_sasl_passwd_maps.cf
+#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+smtp_tls_policy_maps = mysql:/etc/postfix/mysql/smtp_tls_policy_maps.cf
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+sender_dependent_relayhost_maps = mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
+#smtp_sasl_mechanism_filter = plain login
+#relayhost = [smtp.gmail.com]:587
+relayhost = [smtp.eu.sparkpostmail.com]:587
+
+# Blocchi generici
+#invalid_hostname_reject_code = 554
+#multi_recipient_bounce_reject_code = 554
+#non_fqdn_reject_code = 554
+#relay_domains_reject_code = 554
+#unknown_address_reject_code = 554
+#unknown_client_reject_code = 554
+#unknown_hostname_reject_code = 554
+#unknown_local_recipient_reject_code = 554
+#unknown_relay_recipient_reject_code = 554
+##unknown_sender_reject_code = 554
+#unknown_virtual_alias_reject_code = 554
+#unknown_virtual_mailbox_reject_code = 554
+#unverified_recipient_reject_code = 554
+#unverified_sender_reject_code = 554
diff --git a/master.cf b/master.cf
new file mode 100644
index 0000000..0c368de
--- /dev/null
+++ b/master.cf
@@ -0,0 +1,160 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+#smtp      inet  n       -       -       -       1       postscreen
+#smtpd     pass  -       -       -       -       -       smtpd
+#dnsblog   unix  -       -       -       -       0       dnsblog
+#tlsproxy  unix  -       -       -       -       0       tlsproxy
+smtp       inet  n       -       y       -       -       smtpd
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+submission inet  n       -       y       -       -       smtpd
+    -o syslog_name=postfix/submission
+    -o smtpd_tls_security_level=encrypt
+    -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       -       -       -       qmqpd
+smtps      inet  n       -       y       -       -       smtpd
+    -o syslog_name=postfix/smtps
+    -o smtpd_tls_wrappermode=yes
+    -o smtpd_sasl_auth_enable=yes
+pickup     unix  n       -       y       60      1       pickup
+    -o content_filter=
+    -o receive_override_options=no_header_body_checks
+cleanup    unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr     unix  -       -       y       1000?   1       tlsmgr
+rewrite    unix  -       -       y       -       -       trivial-rewrite
+bounce     unix  -       -       y       -       0       bounce
+defer      unix  -       -       y       -       0       bounce
+trace      unix  -       -       y       -       0       bounce
+verify     unix  -       -       y       -       1       verify
+flush      unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp       unix  -       -       y       -       -       smtp
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+relay      unix  -       -       y       -       -       smtp
+showq      unix  n       -       y       -       -       showq
+error      unix  -       -       y       -       -       error
+retry      unix  -       -       y       -       -       error
+discard    unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp       unix  -       -       y       -       -       lmtp
+anvil      unix  -       -       y       -       1       anvil
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+scache     unix  -       -       y       -       1       scache
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix	-	n	n	-	2	pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}
+
+# Configurazione SpamAssassin
+tlsmgr     unix  -       -       y       1000?   1       tlsmgr
+scache     unix  -       -       y       -       1       scache
+discard    unix  -       -       y       -       -       discard
+retry      unix  -       -       y       -       -       error
+spamassassin unix -     n       n       -       -       pipe
+  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+
+# Configurazione Amavis
+amavis     unix  -       -       y       -       2       smtp
+    -o smtp_data_done_timeout=1200
+    -o smtp_send_xforward_command=yes
+    -o disable_dns_lookups=yes
+
+127.0.0.1:10025 inet n   -       y       -       -       smtpd
+    -o content_filter=
+    -o local_recipient_maps=
+    -o relay_recipient_maps=
+    -o smtpd_restriction_classes=
+    -o smtpd_delay_reject=no
+    -o smtpd_client_restrictions=permit_mynetworks,reject
+    -o smtpd_helo_restrictions=
+    -o smtpd_sender_restrictions=
+    -o smtpd_recipient_restrictions=permit_mynetworks,reject
+    -o smtpd_data_restrictions=reject_unauth_pipelining
+    -o smtpd_end_of_data_restrictions=
+    -o mynetworks=127.0.0.0/8
+    -o strict_rfc821_envelopes=yes
+    -o smtpd_error_sleep_time=0
+    -o smtpd_soft_error_limit=1001
+    -o smtpd_hard_error_limit=1000
+    -o smtpd_client_connection_count_limit=0
+    -o smtpd_client_connection_rate_limit=0
+    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
diff --git a/mysql/canonical_maps.cf b/mysql/canonical_maps.cf
new file mode 100644
index 0000000..ee938e4
--- /dev/null
+++ b/mysql/canonical_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT address FROM canonical_maps WHERE user='%s' AND status='ENABLE'
diff --git a/mysql/recipient_bcc_maps.cf b/mysql/recipient_bcc_maps.cf
new file mode 100644
index 0000000..3aff76d
--- /dev/null
+++ b/mysql/recipient_bcc_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT destination FROM recipient_bcc_maps WHERE address='%s' AND status='ENABLE'
diff --git a/mysql/relay_domains.cf b/mysql/relay_domains.cf
new file mode 100644
index 0000000..ef3ca99
--- /dev/null
+++ b/mysql/relay_domains.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT domain FROM domains WHERE domain='%s' AND type='RELAY' AND status='ENABLE'
diff --git a/mysql/sender_bcc_maps.cf b/mysql/sender_bcc_maps.cf
new file mode 100644
index 0000000..7d61833
--- /dev/null
+++ b/mysql/sender_bcc_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT destination FROM sender_bcc_maps WHERE address='%s' AND status='ENABLE'
diff --git a/mysql/sender_dependent_relayhost_maps.cf b/mysql/sender_dependent_relayhost_maps.cf
new file mode 100644
index 0000000..4239f78
--- /dev/null
+++ b/mysql/sender_dependent_relayhost_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT relay_host FROM emails WHERE address='%s' AND status='ENABLE'
diff --git a/mysql/smtp_sasl_passwd_maps.cf b/mysql/smtp_sasl_passwd_maps.cf
new file mode 100644
index 0000000..3f5395a
--- /dev/null
+++ b/mysql/smtp_sasl_passwd_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT password FROM relay_host WHERE relay_host='%s' AND status='ENABLE'
diff --git a/mysql/smtp_tls_policy_maps.cf b/mysql/smtp_tls_policy_maps.cf
new file mode 100644
index 0000000..962ab51
--- /dev/null
+++ b/mysql/smtp_tls_policy_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT tls_policy FROM relay_host WHERE relay_host='%s' AND status='ENABLE'
diff --git a/mysql/transport_maps.cf b/mysql/transport_maps.cf
new file mode 100644
index 0000000..ea395c6
--- /dev/null
+++ b/mysql/transport_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT transport FROM domains WHERE domain='%s' AND status='ENABLE'
diff --git a/mysql/virtual_alias_domains.cf b/mysql/virtual_alias_domains.cf
new file mode 100644
index 0000000..67eafb9
--- /dev/null
+++ b/mysql/virtual_alias_domains.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT domain FROM domains WHERE domain='%s' AND type='LOCAL' AND status='ENABLE'
diff --git a/mysql/virtual_alias_maps.cf b/mysql/virtual_alias_maps.cf
new file mode 100644
index 0000000..cd63ab7
--- /dev/null
+++ b/mysql/virtual_alias_maps.cf
@@ -0,0 +1,5 @@
+user = postfix
+password = mAxUdGJLsYtz4Wso
+hosts = 127.0.0.1
+dbname = postfix
+query = SELECT destination FROM emails WHERE address='%s' AND status='ENABLE'