168 lines
8 KiB
HTML
168 lines
8 KiB
HTML
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
"https://www.w3.org/TR/html4/loose.dtd">
|
|
<html> <head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
|
|
<title> Postfix manual - cidr_table(5) </title>
|
|
</head> <body> <pre>
|
|
CIDR_TABLE(5) CIDR_TABLE(5)
|
|
|
|
<b><a name="name">NAME</a></b>
|
|
cidr_table - format of Postfix CIDR tables
|
|
|
|
<b><a name="synopsis">SYNOPSIS</a></b>
|
|
<b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i>
|
|
|
|
<b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
|
|
|
|
<b><a name="description">DESCRIPTION</a></b>
|
|
The Postfix mail system uses optional lookup tables. These tables are
|
|
usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec-
|
|
ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
|
|
input is compared against a list of patterns. When a match is found,
|
|
the corresponding result is returned and the search is terminated.
|
|
|
|
To find out what types of lookup tables your Postfix system supports
|
|
use the "<b>postconf -m</b>" command.
|
|
|
|
To test lookup tables, use the "<b>postmap -q</b>" command as described in the
|
|
SYNOPSIS above.
|
|
|
|
<b><a name="table_format">TABLE FORMAT</a></b>
|
|
The general form of a Postfix CIDR table is:
|
|
|
|
<i>pattern result</i>
|
|
When a search string matches the specified <i>pattern</i>, use the cor-
|
|
responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i>
|
|
or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).
|
|
|
|
<b>!</b><i>pattern result</i>
|
|
When a search string does not match the specified <i>pattern</i>, use
|
|
the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i>
|
|
<i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).
|
|
|
|
This feature is available in Postfix 3.2 and later.
|
|
|
|
<b>if</b> <i>pattern</i>
|
|
|
|
<b>endif</b> When a search string matches the specified <i>pattern</i>, match that
|
|
search string against the patterns between <b>if</b> and <b>endif</b>. The
|
|
<i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see
|
|
ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.
|
|
|
|
Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.
|
|
|
|
This feature is available in Postfix 3.2 and later.
|
|
|
|
<b>if !</b><i>pattern</i>
|
|
|
|
<b>endif</b> When a search string does not match the specified <i>pattern</i>, match
|
|
that search string against the patterns between <b>if</b> and <b>endif</b>.
|
|
The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form
|
|
(see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.
|
|
|
|
Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.
|
|
|
|
This feature is available in Postfix 3.2 and later.
|
|
|
|
blank lines and comments
|
|
Empty lines and whitespace-only lines are ignored, as are lines
|
|
whose first non-whitespace character is a `#'.
|
|
|
|
multi-line text
|
|
A logical line starts with non-whitespace text. A line that
|
|
starts with whitespace continues a logical line.
|
|
|
|
<b><a name="table_search_order">TABLE SEARCH ORDER</a></b>
|
|
Patterns are applied in the order as specified in the table, until a
|
|
pattern is found that matches the search string.
|
|
|
|
<b><a name="address_pattern_syntax">ADDRESS PATTERN SYNTAX</a></b>
|
|
Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i>
|
|
<i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i>
|
|
<i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the
|
|
<i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i>
|
|
<i>work</i><b>_</b><i>address</i> part must be zero).
|
|
|
|
An IPv4 network address is a sequence of four decimal octets separated
|
|
by ".", and an IPv6 network address is a sequence of three to eight
|
|
hexadecimal octet pairs separated by ":" or "::", where the latter is
|
|
short-hand for a sequence of one or more all-zero octet pairs. The pat-
|
|
tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
|
|
address. IPv6 support is available in Postfix 2.2 and later.
|
|
|
|
Before comparisons are made, lookup keys and table entries are con-
|
|
verted from string to binary. Therefore, IPv6 patterns will be matched
|
|
regardless of leading zeros (a leading zero in an IPv4 address octet
|
|
indicates octal notation).
|
|
|
|
Note: address information may be enclosed inside "[]" but this form is
|
|
not required.
|
|
|
|
<b><a name="inline_specification">INLINE SPECIFICATION</a></b>
|
|
The contents of a table may be specified in the table name (Postfix 3.7
|
|
and later). The basic syntax is:
|
|
|
|
<a href="postconf.5.html">main.cf</a>:
|
|
<i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b>
|
|
|
|
<a href="master.5.html">master.cf</a>:
|
|
<b>.. -o {</b> <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b>
|
|
|
|
Postfix recursively expands any <i>$parametername</i> instances in the above
|
|
parameter value, ignores whitespace after '{' and before '}', and
|
|
writes each <i>rule</i> as one text line to an in-memory file:
|
|
|
|
in-memory file:
|
|
rule-1
|
|
rule-2
|
|
..
|
|
|
|
Postfix parses the result as if it is a file in /etc/postfix.
|
|
|
|
Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to
|
|
do <i>$name</i> expansion as it evaluates a parameter value.
|
|
|
|
<b><a name="example_smtpd_access_map">EXAMPLE SMTPD ACCESS MAP</a></b>
|
|
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
|
|
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ...
|
|
|
|
/etc/postfix/client.<a href="cidr_table.5.html">cidr</a>:
|
|
# Rule order matters. Put more specific allowlist entries
|
|
# before more general denylist entries.
|
|
192.168.1.1 OK
|
|
192.168.0.0/16 REJECT
|
|
2001:db8::1 OK
|
|
2001:db8::/32 REJECT
|
|
|
|
<b><a name="see_also">SEE ALSO</a></b>
|
|
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
|
|
<a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
|
|
<a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
|
|
|
|
<b><a name="readme_files">README FILES</a></b>
|
|
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
|
|
|
|
<b><a name="history">HISTORY</a></b>
|
|
CIDR table support was introduced with Postfix version 2.1.
|
|
|
|
<b>AUTHOR(S)</b>
|
|
The CIDR table lookup code was originally written by:
|
|
Jozsef Kadlecsik
|
|
KFKI Research Institute for Particle and Nuclear Physics
|
|
POB. 49
|
|
1525 Budapest, Hungary
|
|
|
|
Adopted and adapted by:
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
Wietse Venema
|
|
Google, Inc.
|
|
111 8th Avenue
|
|
New York, NY 10011, USA
|
|
|
|
CIDR_TABLE(5)
|
|
</pre> </body> </html>
|