diff options
Diffstat (limited to '')
-rw-r--r-- | proto/cidr_table | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/proto/cidr_table b/proto/cidr_table new file mode 100644 index 0000000..9eed9ce --- /dev/null +++ b/proto/cidr_table @@ -0,0 +1,176 @@ +#++ +# NAME +# cidr_table 5 +# SUMMARY +# format of Postfix CIDR tables +# SYNOPSIS +# \fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR +# +# \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +# DESCRIPTION +# The Postfix mail system uses optional lookup tables. +# These tables are usually in \fBdbm\fR or \fBdb\fR format. +# Alternatively, lookup tables can be specified in CIDR +# (Classless Inter-Domain Routing) form. In this case, each +# input is compared against a list of patterns. When a match +# is found, the corresponding result is returned and the search +# is terminated. +# +# To find out what types of lookup tables your Postfix system +# supports use the "\fBpostconf -m\fR" command. +# +# To test lookup tables, use the "\fBpostmap -q\fR" command as +# described in the SYNOPSIS above. +# TABLE FORMAT +# .ad +# .fi +# The general form of a Postfix CIDR table is: +# .IP "\fIpattern result\fR" +# When a search string matches the specified \fIpattern\fR, use +# the corresponding \fIresult\fR value. The \fIpattern\fR must be +# in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +# ADDRESS PATTERN SYNTAX below). +# .IP "\fB!\fIpattern result\fR" +# When a search string does not match the specified \fIpattern\fR, +# use the specified \fIresult\fR value. The \fIpattern\fR must +# be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +# ADDRESS PATTERN SYNTAX below). +# .sp +# This feature is available in Postfix 3.2 and later. +# .IP "\fBif \fIpattern\fR" +# .IP "\fBendif\fR" +# When a search string matches the specified \fIpattern\fR, match +# that search string against the patterns between \fBif\fR and +# \fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +# \fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +# \fBif\fR..\fBendif\fR can nest. +# .sp +# Note: do not prepend whitespace to text between +# \fBif\fR..\fBendif\fR. +# .sp +# This feature is available in Postfix 3.2 and later. +# .IP "\fBif !\fIpattern\fR" +# .IP "\fBendif\fR" +# When a search string does not match the specified \fIpattern\fR, +# match that search string against the patterns between \fBif\fR and +# \fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +# \fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +# \fBif\fR..\fBendif\fR can nest. +# .sp +# Note: do not prepend whitespace to text between +# \fBif\fR..\fBendif\fR. +# .sp +# This feature is available in Postfix 3.2 and later. +# .IP "blank lines and comments" +# Empty lines and whitespace-only lines are ignored, as +# are lines whose first non-whitespace character is a `#'. +# .IP "multi-line text" +# A logical line starts with non-whitespace text. A line that +# starts with whitespace continues a logical line. +# TABLE SEARCH ORDER +# .ad +# .fi +# Patterns are applied in the order as specified in the table, until a +# pattern is found that matches the search string. +# ADDRESS PATTERN SYNTAX +# .ad +# .fi +# Postfix CIDR tables are pattern-based. A pattern is either +# a \fInetwork_address\fR which requires an exact match, or a +# \fInetwork_address/prefix_length\fR where the \fIprefix_length\fR +# part specifies the length of the \fInetwork_address\fR prefix +# that must be matched (the other bits in the \fInetwork_address\fR +# part must be zero). +# +# An IPv4 network address is a sequence of four decimal octets +# separated by ".", and an IPv6 network address is a sequence +# of three to eight hexadecimal octet pairs separated by ":" +# or "::", where the latter is short-hand for a sequence of +# one or more all-zero octet pairs. The pattern 0.0.0.0/0 +# matches every IPv4 address, and ::/0 matches every IPv6 +# address. IPv6 support is available in Postfix 2.2 and +# later. +# +# Before comparisons are made, lookup keys and table entries +# are converted from string to binary. Therefore, IPv6 patterns +# will be matched regardless of leading zeros (a leading zero in +# an IPv4 address octet indicates octal notation). +# +# Note: address information may be enclosed inside "[]" but +# this form is not required. +# INLINE SPECIFICATION +# .ad +# .fi +# The contents of a table may be specified in the table name +# (Postfix 3.7 and later). +# The basic syntax is: +# +# .nf +# main.cf: +# \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } ..\fR +# +# master.cf: +# \fB.. -o { \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } .. } ..\fR +# .fi +# +# Postfix ignores whitespace after '{' and before '}', and +# writes each \fIrule\fR as one text line to an in-memory +# file: +# +# .nf +# in-memory file: +# rule-1 +# rule-2 +# .. +# .fi +# +# Postfix parses the result as if it is a file in /etc/postfix. +# +# Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep +# Postfix from trying to do \fI$name\fR expansion as it +# evaluates a parameter value. +# EXAMPLE SMTPD ACCESS MAP +# .nf +# /etc/postfix/main.cf: +# smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... +# +# /etc/postfix/client.cidr: +# # Rule order matters. Put more specific allowlist entries +# # before more general denylist entries. +# 192.168.1.1 OK +# 192.168.0.0/16 REJECT +# 2001:db8::1 OK +# 2001:db8::/32 REJECT +# .fi +# SEE ALSO +# postmap(1), Postfix lookup table manager +# regexp_table(5), format of regular expression tables +# pcre_table(5), format of PCRE tables +# README FILES +# .ad +# .fi +# Use "\fBpostconf readme_directory\fR" or +# "\fBpostconf html_directory\fR" to locate this information. +# .na +# .nf +# DATABASE_README, Postfix lookup table overview +# HISTORY +# CIDR table support was introduced with Postfix version 2.1. +# AUTHOR(S) +# The CIDR table lookup code was originally written by: +# Jozsef Kadlecsik +# KFKI Research Institute for Particle and Nuclear Physics +# POB. 49 +# 1525 Budapest, Hungary +# +# Adopted and adapted by: +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +# +# Wietse Venema +# Google, Inc. +# 111 8th Avenue +# New York, NY 10011, USA +#-- |