diff options
Diffstat (limited to 'html/cidr_table.5.html')
-rw-r--r-- | html/cidr_table.5.html | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/html/cidr_table.5.html b/html/cidr_table.5.html new file mode 100644 index 0000000..24c458e --- /dev/null +++ b/html/cidr_table.5.html @@ -0,0 +1,167 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> +<html> <head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel='stylesheet' type='text/css' href='postfix-doc.css'> +<title> Postfix manual - cidr_table(5) </title> +</head> <body> <pre> +CIDR_TABLE(5) CIDR_TABLE(5) + +<b>NAME</b> + cidr_table - format of Postfix CIDR tables + +<b>SYNOPSIS</b> + <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> + + <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> + +<b>DESCRIPTION</b> + The Postfix mail system uses optional lookup tables. These tables are + usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec- + ified in CIDR (Classless Inter-Domain Routing) form. In this case, each + input is compared against a list of patterns. When a match is found, + the corresponding result is returned and the search is terminated. + + To find out what types of lookup tables your Postfix system supports + use the "<b>postconf -m</b>" command. + + To test lookup tables, use the "<b>postmap -q</b>" command as described in the + SYNOPSIS above. + +<b>TABLE FORMAT</b> + The general form of a Postfix CIDR table is: + + <i>pattern result</i> + When a search string matches the specified <i>pattern</i>, use the cor- + responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i> + or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). + + <b>!</b><i>pattern result</i> + When a search string does not match the specified <i>pattern</i>, use + the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i> + <i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). + + This feature is available in Postfix 3.2 and later. + + <b>if</b> <i>pattern</i> + + <b>endif</b> When a search string matches the specified <i>pattern</i>, match that + search string against the patterns between <b>if</b> and <b>endif</b>. The + <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see + ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. + + Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. + + This feature is available in Postfix 3.2 and later. + + <b>if !</b><i>pattern</i> + + <b>endif</b> When a search string does not match the specified <i>pattern</i>, match + that search string against the patterns between <b>if</b> and <b>endif</b>. + The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form + (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. + + Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. + + This feature is available in Postfix 3.2 and later. + + blank lines and comments + Empty lines and whitespace-only lines are ignored, as are lines + whose first non-whitespace character is a `#'. + + multi-line text + A logical line starts with non-whitespace text. A line that + starts with whitespace continues a logical line. + +<b>TABLE SEARCH ORDER</b> + Patterns are applied in the order as specified in the table, until a + pattern is found that matches the search string. + +<b>ADDRESS PATTERN SYNTAX</b> + Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i> + <i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i> + <i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the + <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i> + <i>work</i><b>_</b><i>address</i> part must be zero). + + An IPv4 network address is a sequence of four decimal octets separated + by ".", and an IPv6 network address is a sequence of three to eight + hexadecimal octet pairs separated by ":" or "::", where the latter is + short-hand for a sequence of one or more all-zero octet pairs. The pat- + tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 + address. IPv6 support is available in Postfix 2.2 and later. + + Before comparisons are made, lookup keys and table entries are con- + verted from string to binary. Therefore, IPv6 patterns will be matched + regardless of leading zeros (a leading zero in an IPv4 address octet + indicates octal notation). + + Note: address information may be enclosed inside "[]" but this form is + not required. + +<b>INLINE SPECIFICATION</b> + The contents of a table may be specified in the table name (Postfix 3.7 + and later). The basic syntax is: + + <a href="postconf.5.html">main.cf</a>: + <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b> + + <a href="master.5.html">master.cf</a>: + <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b> + + Postfix ignores whitespace after '{' and before '}', and writes each + <i>rule</i> as one text line to an in-memory file: + + in-memory file: + rule-1 + rule-2 + .. + + Postfix parses the result as if it is a file in /etc/postfix. + + Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to + do <i>$name</i> expansion as it evaluates a parameter value. + +<b>EXAMPLE SMTPD ACCESS MAP</b> + /etc/postfix/<a href="postconf.5.html">main.cf</a>: + <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ... + + /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>: + # Rule order matters. Put more specific allowlist entries + # before more general denylist entries. + 192.168.1.1 OK + 192.168.0.0/16 REJECT + 2001:db8::1 OK + 2001:db8::/32 REJECT + +<b>SEE ALSO</b> + <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager + <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables + <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables + +<b>README FILES</b> + <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview + +<b>HISTORY</b> + CIDR table support was introduced with Postfix version 2.1. + +<b>AUTHOR(S)</b> + The CIDR table lookup code was originally written by: + Jozsef Kadlecsik + KFKI Research Institute for Particle and Nuclear Physics + POB. 49 + 1525 Budapest, Hungary + + Adopted and adapted by: + Wietse Venema + IBM T.J. Watson Research + P.O. Box 704 + Yorktown Heights, NY 10598, USA + + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + + CIDR_TABLE(5) +</pre> </body> </html> |