1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 5<link rel='stylesheet' type='text/css' href='postfix-doc.css'> 6<title> Postfix manual - cidr_table(5) </title> 7</head> <body> <pre> 8CIDR_TABLE(5) CIDR_TABLE(5) 9 10<b>NAME</b> 11 cidr_table - format of Postfix CIDR tables 12 13<b>SYNOPSIS</b> 14 <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> 15 16 <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> 17 18<b>DESCRIPTION</b> 19 The Postfix mail system uses optional lookup tables. These tables are 20 usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec- 21 ified in CIDR (Classless Inter-Domain Routing) form. In this case, each 22 input is compared against a list of patterns. When a match is found, 23 the corresponding result is returned and the search is terminated. 24 25 To find out what types of lookup tables your Postfix system supports 26 use the "<b>postconf -m</b>" command. 27 28 To test lookup tables, use the "<b>postmap -q</b>" command as described in the 29 SYNOPSIS above. 30 31<b>TABLE FORMAT</b> 32 The general form of a Postfix CIDR table is: 33 34 <i>pattern result</i> 35 When a search string matches the specified <i>pattern</i>, use the cor- 36 responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i> 37 or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). 38 39 <b>!</b><i>pattern result</i> 40 When a search string does not match the specified <i>pattern</i>, use 41 the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i> 42 <i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). 43 44 This feature is available in Postfix 3.2 and later. 45 46 <b>if</b> <i>pattern</i> 47 48 <b>endif</b> When a search string matches the specified <i>pattern</i>, match that 49 search string against the patterns between <b>if</b> and <b>endif</b>. The 50 <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see 51 ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. 52 53 Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. 54 55 This feature is available in Postfix 3.2 and later. 56 57 <b>if !</b><i>pattern</i> 58 59 <b>endif</b> When a search string does not match the specified <i>pattern</i>, match 60 that search string against the patterns between <b>if</b> and <b>endif</b>. 61 The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form 62 (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. 63 64 Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. 65 66 This feature is available in Postfix 3.2 and later. 67 68 blank lines and comments 69 Empty lines and whitespace-only lines are ignored, as are lines 70 whose first non-whitespace character is a `#'. 71 72 multi-line text 73 A logical line starts with non-whitespace text. A line that 74 starts with whitespace continues a logical line. 75 76<b>TABLE SEARCH ORDER</b> 77 Patterns are applied in the order as specified in the table, until a 78 pattern is found that matches the search string. 79 80<b>ADDRESS PATTERN SYNTAX</b> 81 Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i> 82 <i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i> 83 <i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the 84 <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i> 85 <i>work</i><b>_</b><i>address</i> part must be zero). 86 87 An IPv4 network address is a sequence of four decimal octets separated 88 by ".", and an IPv6 network address is a sequence of three to eight 89 hexadecimal octet pairs separated by ":" or "::", where the latter is 90 short-hand for a sequence of one or more all-zero octet pairs. The pat- 91 tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 92 address. IPv6 support is available in Postfix 2.2 and later. 93 94 Before comparisons are made, lookup keys and table entries are con- 95 verted from string to binary. Therefore, IPv6 patterns will be matched 96 regardless of leading zeros (a leading zero in an IPv4 address octet 97 indicates octal notation). 98 99 Note: address information may be enclosed inside "[]" but this form is 100 not required. 101 102<b>INLINE SPECIFICATION</b> 103 The contents of a table may be specified in the table name (Postfix 3.7 104 and later). The basic syntax is: 105 106 <a href="postconf.5.html">main.cf</a>: 107 <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b> 108 109 <a href="master.5.html">master.cf</a>: 110 <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b> 111 112 Postfix ignores whitespace after '{' and before '}', and writes each 113 <i>rule</i> as one text line to an in-memory file: 114 115 in-memory file: 116 rule-1 117 rule-2 118 .. 119 120 Postfix parses the result as if it is a file in /etc/postfix. 121 122 Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to 123 do <i>$name</i> expansion as it evaluates a parameter value. 124 125<b>EXAMPLE SMTPD ACCESS MAP</b> 126 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 127 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ... 128 129 /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>: 130 # Rule order matters. Put more specific allowlist entries 131 # before more general denylist entries. 132 192.168.1.1 OK 133 192.168.0.0/16 REJECT 134 2001:db8::1 OK 135 2001:db8::/32 REJECT 136 137<b>SEE ALSO</b> 138 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager 139 <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables 140 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables 141 142<b>README FILES</b> 143 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 144 145<b>HISTORY</b> 146 CIDR table support was introduced with Postfix version 2.1. 147 148<b>AUTHOR(S)</b> 149 The CIDR table lookup code was originally written by: 150 Jozsef Kadlecsik 151 KFKI Research Institute for Particle and Nuclear Physics 152 POB. 49 153 1525 Budapest, Hungary 154 155 Adopted and adapted by: 156 Wietse Venema 157 IBM T.J. Watson Research 158 P.O. Box 704 159 Yorktown Heights, NY 10598, USA 160 161 Wietse Venema 162 Google, Inc. 163 111 8th Avenue 164 New York, NY 10011, USA 165 166 CIDR_TABLE(5) 167</pre> </body> </html> 168