summaryrefslogtreecommitdiffstats
path: root/html/cidr_table.5.html
blob: 24c458e9296c49c7bc5fac2d7d313587f8b51c7e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - cidr_table(5) </title>
</head> <body> <pre>
CIDR_TABLE(5)                                                    CIDR_TABLE(5)

<b>NAME</b>
       cidr_table - format of Postfix CIDR tables

<b>SYNOPSIS</b>
       <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i>

       <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>

<b>DESCRIPTION</b>
       The  Postfix mail system uses optional lookup tables.  These tables are
       usually in <b>dbm</b> or <b>db</b> format.  Alternatively, lookup tables can be spec-
       ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
       input is compared against a list of patterns. When a  match  is  found,
       the corresponding result is returned and the search is terminated.

       To  find  out  what types of lookup tables your Postfix system supports
       use the "<b>postconf -m</b>" command.

       To test lookup tables, use the "<b>postmap -q</b>" command as described in the
       SYNOPSIS above.

<b>TABLE FORMAT</b>
       The general form of a Postfix CIDR table is:

       <i>pattern     result</i>
              When a search string matches the specified <i>pattern</i>, use the cor-
              responding <i>result</i> value. The <i>pattern</i> must be  in  <i>network/prefix</i>
              or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).

       <b>!</b><i>pattern     result</i>
              When  a  search string does not match the specified <i>pattern</i>, use
              the specified <i>result</i> value. The <i>pattern</i> must be in  <i>network/pre-</i>
              <i>fix</i>  or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).

              This feature is available in Postfix 3.2 and later.

       <b>if</b> <i>pattern</i>

       <b>endif</b>  When a search string matches the specified <i>pattern</i>,  match  that
              search  string  against  the patterns between <b>if</b> and <b>endif</b>.  The
              <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i>  form  (see
              ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.

              Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.

              This feature is available in Postfix 3.2 and later.

       <b>if !</b><i>pattern</i>

       <b>endif</b>  When a search string does not match the specified <i>pattern</i>, match
              that search string against the patterns between  <b>if</b>  and  <b>endif</b>.
              The  <i>pattern</i>  must  be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form
              (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.

              Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.

              This feature is available in Postfix 3.2 and later.

       blank lines and comments
              Empty lines and whitespace-only lines are ignored, as are  lines
              whose first non-whitespace character is a `#'.

       multi-line text
              A  logical  line  starts  with  non-whitespace text. A line that
              starts with whitespace continues a logical line.

<b>TABLE SEARCH ORDER</b>
       Patterns are applied in the order as specified in the  table,  until  a
       pattern is found that matches the search string.

<b>ADDRESS PATTERN SYNTAX</b>
       Postfix  CIDR  tables  are  pattern-based.  A  pattern is either a <i>net-</i>
       <i>work</i><b>_</b><i>address</i> which requires an exact match, or  a  <i>network</i><b>_</b><i>address/pre-</i>
       <i>fix</i><b>_</b><i>length</i>  where  the  <i>prefix</i><b>_</b><i>length</i>  part specifies the length of the
       <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i>
       <i>work</i><b>_</b><i>address</i> part must be zero).

       An  IPv4 network address is a sequence of four decimal octets separated
       by ".", and an IPv6 network address is a sequence  of  three  to  eight
       hexadecimal  octet  pairs separated by ":" or "::", where the latter is
       short-hand for a sequence of one or more all-zero octet pairs. The pat-
       tern  0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
       address.  IPv6 support is available in Postfix 2.2 and later.

       Before comparisons are made, lookup keys and  table  entries  are  con-
       verted  from string to binary. Therefore, IPv6 patterns will be matched
       regardless of leading zeros (a leading zero in an  IPv4  address  octet
       indicates octal notation).

       Note:  address information may be enclosed inside "[]" but this form is
       not required.

<b>INLINE SPECIFICATION</b>
       The contents of a table may be specified in the table name (Postfix 3.7
       and later).  The basic syntax is:

       <a href="postconf.5.html">main.cf</a>:
           <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b>

       <a href="master.5.html">master.cf</a>:
           <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b>

       Postfix  ignores  whitespace  after '{' and before '}', and writes each
       <i>rule</i> as one text line to an in-memory file:

       in-memory file:
           rule-1
           rule-2
           ..

       Postfix parses the result as if it is a file in /etc/postfix.

       Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from  trying  to
       do <i>$name</i> expansion as it evaluates a parameter value.

<b>EXAMPLE SMTPD ACCESS MAP</b>
       /etc/postfix/<a href="postconf.5.html">main.cf</a>:
           <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ...

       /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>:
           # Rule order matters. Put more specific allowlist entries
           # before more general denylist entries.
           192.168.1.1             OK
           192.168.0.0/16          REJECT
           2001:db8::1             OK
           2001:db8::/32           REJECT

<b>SEE ALSO</b>
       <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
       <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
       <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables

<b>README FILES</b>
       <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview

<b>HISTORY</b>
       CIDR table support was introduced with Postfix version 2.1.

<b>AUTHOR(S)</b>
       The CIDR table lookup code was originally written by:
       Jozsef Kadlecsik
       KFKI Research Institute for Particle and Nuclear Physics
       POB. 49
       1525 Budapest, Hungary

       Adopted and adapted by:
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

                                                                 CIDR_TABLE(5)
</pre> </body> </html>