diff options
Diffstat (limited to '')
-rw-r--r-- | man/man5/cidr_table.5 | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/man/man5/cidr_table.5 b/man/man5/cidr_table.5 new file mode 100644 index 0000000..fae30fb --- /dev/null +++ b/man/man5/cidr_table.5 @@ -0,0 +1,166 @@ +.TH CIDR_TABLE 5 +.ad +.fi +.SH NAME +cidr_table +\- +format of Postfix CIDR tables +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional lookup tables. +These tables are usually in \fBdbm\fR or \fBdb\fR format. +Alternatively, lookup tables can be specified in CIDR +(Classless Inter\-Domain Routing) form. In this case, each +input is compared against a list of patterns. When a match +is found, the corresponding result is returned and the search +is terminated. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command as +described in the SYNOPSIS above. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The general form of a Postfix CIDR table is: +.IP "\fIpattern result\fR" +When a search string matches the specified \fIpattern\fR, use +the corresponding \fIresult\fR value. The \fIpattern\fR must be +in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.IP "\fB!\fIpattern result\fR" +When a search string does not match the specified \fIpattern\fR, +use the specified \fIresult\fR value. The \fIpattern\fR must +be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif \fIpattern\fR" +.IP "\fBendif\fR" +When a search string matches the specified \fIpattern\fR, match +that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif !\fIpattern\fR" +.IP "\fBendif\fR" +When a search string does not match the specified \fIpattern\fR, +match that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. +.SH "ADDRESS PATTERN SYNTAX" +.na +.nf +.ad +.fi +Postfix CIDR tables are pattern\-based. A pattern is either +a \fInetwork_address\fR which requires an exact match, or a +\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR +part specifies the length of the \fInetwork_address\fR prefix +that must be matched (the other bits in the \fInetwork_address\fR +part must be zero). + +An IPv4 network address is a sequence of four decimal octets +separated by ".", and an IPv6 network address is a sequence +of three to eight hexadecimal octet pairs separated by ":" +or "::", where the latter is short\-hand for a sequence of +one or more all\-zero octet pairs. The pattern 0.0.0.0/0 +matches every IPv4 address, and ::/0 matches every IPv6 +address. IPv6 support is available in Postfix 2.2 and +later. + +Before comparisons are made, lookup keys and table entries +are converted from string to binary. Therefore, IPv6 patterns +will be matched regardless of leading zeros (a leading zero in +an IPv4 address octet indicates octal notation). + +Note: address information may be enclosed inside "[]" but +this form is not required. +.SH "EXAMPLE SMTPD ACCESS MAP" +.na +.nf +.nf +/etc/postfix/main.cf: + smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... + +/etc/postfix/client.cidr: + # Rule order matters. Put more specific whitelist entries + # before more general blacklist entries. + 192.168.1.1 OK + 192.168.0.0/16 REJECT + 2001:db8::1 OK + 2001:db8::/32 REJECT +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +regexp_table(5), format of regular expression tables +pcre_table(5), format of PCRE tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH HISTORY +.ad +.fi +CIDR table support was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +The CIDR table lookup code was originally written by: +Jozsef Kadlecsik +KFKI Research Institute for Particle and Nuclear Physics +POB. 49 +1525 Budapest, Hungary + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA |