diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:56 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:18:56 +0000 |
commit | b7c15c31519dc44c1f691e0466badd556ffe9423 (patch) | |
tree | f944572f288bab482a615e09af627d9a2b6727d8 /man/man5/cidr_table.5 | |
parent | Initial commit. (diff) | |
download | postfix-b7c15c31519dc44c1f691e0466badd556ffe9423.tar.xz postfix-b7c15c31519dc44c1f691e0466badd556ffe9423.zip |
Adding upstream version 3.7.10.upstream/3.7.10
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/man5/cidr_table.5')
-rw-r--r-- | man/man5/cidr_table.5 | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/man/man5/cidr_table.5 b/man/man5/cidr_table.5 new file mode 100644 index 0000000..6722123 --- /dev/null +++ b/man/man5/cidr_table.5 @@ -0,0 +1,199 @@ +.TH CIDR_TABLE 5 +.ad +.fi +.SH NAME +cidr_table +\- +format of Postfix CIDR tables +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional lookup tables. +These tables are usually in \fBdbm\fR or \fBdb\fR format. +Alternatively, lookup tables can be specified in CIDR +(Classless Inter\-Domain Routing) form. In this case, each +input is compared against a list of patterns. When a match +is found, the corresponding result is returned and the search +is terminated. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command as +described in the SYNOPSIS above. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The general form of a Postfix CIDR table is: +.IP "\fIpattern result\fR" +When a search string matches the specified \fIpattern\fR, use +the corresponding \fIresult\fR value. The \fIpattern\fR must be +in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.IP "\fB!\fIpattern result\fR" +When a search string does not match the specified \fIpattern\fR, +use the specified \fIresult\fR value. The \fIpattern\fR must +be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif \fIpattern\fR" +.IP "\fBendif\fR" +When a search string matches the specified \fIpattern\fR, match +that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif !\fIpattern\fR" +.IP "\fBendif\fR" +When a search string does not match the specified \fIpattern\fR, +match that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. +.SH "ADDRESS PATTERN SYNTAX" +.na +.nf +.ad +.fi +Postfix CIDR tables are pattern\-based. A pattern is either +a \fInetwork_address\fR which requires an exact match, or a +\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR +part specifies the length of the \fInetwork_address\fR prefix +that must be matched (the other bits in the \fInetwork_address\fR +part must be zero). + +An IPv4 network address is a sequence of four decimal octets +separated by ".", and an IPv6 network address is a sequence +of three to eight hexadecimal octet pairs separated by ":" +or "::", where the latter is short\-hand for a sequence of +one or more all\-zero octet pairs. The pattern 0.0.0.0/0 +matches every IPv4 address, and ::/0 matches every IPv6 +address. IPv6 support is available in Postfix 2.2 and +later. + +Before comparisons are made, lookup keys and table entries +are converted from string to binary. Therefore, IPv6 patterns +will be matched regardless of leading zeros (a leading zero in +an IPv4 address octet indicates octal notation). + +Note: address information may be enclosed inside "[]" but +this form is not required. +.SH "INLINE SPECIFICATION" +.na +.nf +.ad +.fi +The contents of a table may be specified in the table name +(Postfix 3.7 and later). +The basic syntax is: + +.nf +main.cf: + \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR + +master.cf: + \fB.. \-o { \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR +.fi + +Postfix ignores whitespace after '{' and before '}', and +writes each \fIrule\fR as one text line to an in\-memory +file: + +.nf +in\-memory file: + rule\-1 + rule\-2 + .. +.fi + +Postfix parses the result as if it is a file in /etc/postfix. + +Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep +Postfix from trying to do \fI$name\fR expansion as it +evaluates a parameter value. +.SH "EXAMPLE SMTPD ACCESS MAP" +.na +.nf +.nf +/etc/postfix/main.cf: + smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... + +/etc/postfix/client.cidr: + # Rule order matters. Put more specific allowlist entries + # before more general denylist entries. + 192.168.1.1 OK + 192.168.0.0/16 REJECT + 2001:db8::1 OK + 2001:db8::/32 REJECT +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +regexp_table(5), format of regular expression tables +pcre_table(5), format of PCRE tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH HISTORY +.ad +.fi +CIDR table support was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +The CIDR table lookup code was originally written by: +Jozsef Kadlecsik +KFKI Research Institute for Particle and Nuclear Physics +POB. 49 +1525 Budapest, Hungary + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA |