1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3<html> <head> 4<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 5<title> Postfix manual - cidr_table(5) </title> 6</head> <body> <pre> 7CIDR_TABLE(5) CIDR_TABLE(5) 8 9<b>NAME</b> 10 cidr_table - format of Postfix CIDR tables 11 12<b>SYNOPSIS</b> 13 <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> 14 15 <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> 16 17<b>DESCRIPTION</b> 18 The Postfix mail system uses optional lookup tables. These tables are 19 usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec- 20 ified in CIDR (Classless Inter-Domain Routing) form. In this case, each 21 input is compared against a list of patterns. When a match is found, 22 the corresponding result is returned and the search is terminated. 23 24 To find out what types of lookup tables your Postfix system supports 25 use the "<b>postconf -m</b>" command. 26 27 To test lookup tables, use the "<b>postmap -q</b>" command as described in the 28 SYNOPSIS above. 29 30<b>TABLE FORMAT</b> 31 The general form of a Postfix CIDR table is: 32 33 <i>pattern result</i> 34 When a search string matches the specified <i>pattern</i>, use the cor- 35 responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i> 36 or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). 37 38 <b>!</b><i>pattern result</i> 39 When a search string does not match the specified <i>pattern</i>, use 40 the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i> 41 <i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). 42 43 This feature is available in Postfix 3.2 and later. 44 45 <b>if</b> <i>pattern</i> 46 47 <b>endif</b> When a search string matches the specified <i>pattern</i>, match that 48 search string against the patterns between <b>if</b> and <b>endif</b>. The 49 <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see 50 ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. 51 52 Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. 53 54 This feature is available in Postfix 3.2 and later. 55 56 <b>if !</b><i>pattern</i> 57 58 <b>endif</b> When a search string does not match the specified <i>pattern</i>, match 59 that search string against the patterns between <b>if</b> and <b>endif</b>. 60 The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form 61 (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. 62 63 Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. 64 65 This feature is available in Postfix 3.2 and later. 66 67 blank lines and comments 68 Empty lines and whitespace-only lines are ignored, as are lines 69 whose first non-whitespace character is a `#'. 70 71 multi-line text 72 A logical line starts with non-whitespace text. A line that 73 starts with whitespace continues a logical line. 74 75<b>TABLE SEARCH ORDER</b> 76 Patterns are applied in the order as specified in the table, until a 77 pattern is found that matches the search string. 78 79<b>ADDRESS PATTERN SYNTAX</b> 80 Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i> 81 <i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i> 82 <i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the 83 <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i> 84 <i>work</i><b>_</b><i>address</i> part must be zero). 85 86 An IPv4 network address is a sequence of four decimal octets separated 87 by ".", and an IPv6 network address is a sequence of three to eight 88 hexadecimal octet pairs separated by ":" or "::", where the latter is 89 short-hand for a sequence of one or more all-zero octet pairs. The pat- 90 tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 91 address. IPv6 support is available in Postfix 2.2 and later. 92 93 Before comparisons are made, lookup keys and table entries are con- 94 verted from string to binary. Therefore, IPv6 patterns will be matched 95 regardless of leading zeros (a leading zero in an IPv4 address octet 96 indicates octal notation). 97 98 Note: address information may be enclosed inside "[]" but this form is 99 not required. 100 101<b>EXAMPLE SMTPD ACCESS MAP</b> 102 /etc/postfix/<a href="postconf.5.html">main.cf</a>: 103 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ... 104 105 /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>: 106 # Rule order matters. Put more specific whitelist entries 107 # before more general blacklist entries. 108 192.168.1.1 OK 109 192.168.0.0/16 REJECT 110 2001:db8::1 OK 111 2001:db8::/32 REJECT 112 113<b>SEE ALSO</b> 114 <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager 115 <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables 116 <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables 117 118<b>README FILES</b> 119 <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview 120 121<b>HISTORY</b> 122 CIDR table support was introduced with Postfix version 2.1. 123 124<b>AUTHOR(S)</b> 125 The CIDR table lookup code was originally written by: 126 Jozsef Kadlecsik 127 KFKI Research Institute for Particle and Nuclear Physics 128 POB. 49 129 1525 Budapest, Hungary 130 131 Adopted and adapted by: 132 Wietse Venema 133 IBM T.J. Watson Research 134 P.O. Box 704 135 Yorktown Heights, NY 10598, USA 136 137 Wietse Venema 138 Google, Inc. 139 111 8th Avenue 140 New York, NY 10011, USA 141 142 CIDR_TABLE(5) 143</pre> </body> </html> 144