1#++ 2# NAME 3# cidr_table 5 4# SUMMARY 5# format of Postfix CIDR tables 6# SYNOPSIS 7# \fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR 8# 9# \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR 10# DESCRIPTION 11# The Postfix mail system uses optional lookup tables. 12# These tables are usually in \fBdbm\fR or \fBdb\fR format. 13# Alternatively, lookup tables can be specified in CIDR 14# (Classless Inter-Domain Routing) form. In this case, each 15# input is compared against a list of patterns. When a match 16# is found, the corresponding result is returned and the search 17# is terminated. 18# 19# To find out what types of lookup tables your Postfix system 20# supports use the "\fBpostconf -m\fR" command. 21# 22# To test lookup tables, use the "\fBpostmap -q\fR" command as 23# described in the SYNOPSIS above. 24# TABLE FORMAT 25# .ad 26# .fi 27# The general form of a Postfix CIDR table is: 28# .IP "\fIpattern result\fR" 29# When a search string matches the specified \fIpattern\fR, use 30# the corresponding \fIresult\fR value. The \fIpattern\fR must be 31# in \fInetwork/prefix\fR or \fInetwork_address\fR form (see 32# ADDRESS PATTERN SYNTAX below). 33# .IP "\fB!\fIpattern result\fR" 34# When a search string does not match the specified \fIpattern\fR, 35# use the specified \fIresult\fR value. The \fIpattern\fR must 36# be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see 37# ADDRESS PATTERN SYNTAX below). 38# .sp 39# This feature is available in Postfix 3.2 and later. 40# .IP "\fBif \fIpattern\fR" 41# .IP "\fBendif\fR" 42# When a search string matches the specified \fIpattern\fR, match 43# that search string against the patterns between \fBif\fR and 44# \fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or 45# \fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The 46# \fBif\fR..\fBendif\fR can nest. 47# .sp 48# Note: do not prepend whitespace to text between 49# \fBif\fR..\fBendif\fR. 50# .sp 51# This feature is available in Postfix 3.2 and later. 52# .IP "\fBif !\fIpattern\fR" 53# .IP "\fBendif\fR" 54# When a search string does not match the specified \fIpattern\fR, 55# match that search string against the patterns between \fBif\fR and 56# \fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or 57# \fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The 58# \fBif\fR..\fBendif\fR can nest. 59# .sp 60# Note: do not prepend whitespace to text between 61# \fBif\fR..\fBendif\fR. 62# .sp 63# This feature is available in Postfix 3.2 and later. 64# .IP "blank lines and comments" 65# Empty lines and whitespace-only lines are ignored, as 66# are lines whose first non-whitespace character is a `#'. 67# .IP "multi-line text" 68# A logical line starts with non-whitespace text. A line that 69# starts with whitespace continues a logical line. 70# TABLE SEARCH ORDER 71# .ad 72# .fi 73# Patterns are applied in the order as specified in the table, until a 74# pattern is found that matches the search string. 75# ADDRESS PATTERN SYNTAX 76# .ad 77# .fi 78# Postfix CIDR tables are pattern-based. A pattern is either 79# a \fInetwork_address\fR which requires an exact match, or a 80# \fInetwork_address/prefix_length\fR where the \fIprefix_length\fR 81# part specifies the length of the \fInetwork_address\fR prefix 82# that must be matched (the other bits in the \fInetwork_address\fR 83# part must be zero). 84# 85# An IPv4 network address is a sequence of four decimal octets 86# separated by ".", and an IPv6 network address is a sequence 87# of three to eight hexadecimal octet pairs separated by ":" 88# or "::", where the latter is short-hand for a sequence of 89# one or more all-zero octet pairs. The pattern 0.0.0.0/0 90# matches every IPv4 address, and ::/0 matches every IPv6 91# address. IPv6 support is available in Postfix 2.2 and 92# later. 93# 94# Before comparisons are made, lookup keys and table entries 95# are converted from string to binary. Therefore, IPv6 patterns 96# will be matched regardless of leading zeros (a leading zero in 97# an IPv4 address octet indicates octal notation). 98# 99# Note: address information may be enclosed inside "[]" but 100# this form is not required. 101# EXAMPLE SMTPD ACCESS MAP 102# .nf 103# /etc/postfix/main.cf: 104# smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... 105# 106# /etc/postfix/client.cidr: 107# # Rule order matters. Put more specific whitelist entries 108# # before more general blacklist entries. 109# 192.168.1.1 OK 110# 192.168.0.0/16 REJECT 111# 2001:db8::1 OK 112# 2001:db8::/32 REJECT 113# .fi 114# SEE ALSO 115# postmap(1), Postfix lookup table manager 116# regexp_table(5), format of regular expression tables 117# pcre_table(5), format of PCRE tables 118# README FILES 119# .ad 120# .fi 121# Use "\fBpostconf readme_directory\fR" or 122# "\fBpostconf html_directory\fR" to locate this information. 123# .na 124# .nf 125# DATABASE_README, Postfix lookup table overview 126# HISTORY 127# CIDR table support was introduced with Postfix version 2.1. 128# AUTHOR(S) 129# The CIDR table lookup code was originally written by: 130# Jozsef Kadlecsik 131# KFKI Research Institute for Particle and Nuclear Physics 132# POB. 49 133# 1525 Budapest, Hungary 134# 135# Adopted and adapted by: 136# Wietse Venema 137# IBM T.J. Watson Research 138# P.O. Box 704 139# Yorktown Heights, NY 10598, USA 140# 141# Wietse Venema 142# Google, Inc. 143# 111 8th Avenue 144# New York, NY 10011, USA 145#-- 146