1.\" $OpenBSD: table.5,v 1.14 2024/05/02 18:14:33 op Exp $ 2.\" 3.\" Copyright (c) 2013 Eric Faurot <eric@openbsd.org> 4.\" Copyright (c) 2013 Gilles Chehade <gilles@poolp.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.\" 19.Dd $Mdocdate: May 2 2024 $ 20.Dt TABLE 5 21.Os 22.Sh NAME 23.Nm table 24.Nd format description for smtpd tables 25.Sh DESCRIPTION 26This manual page documents the file format for the various tables used in the 27.Xr smtpd 8 28mail daemon. 29.Pp 30The format described here applies to tables as defined in 31.Xr smtpd.conf 5 . 32.Sh TABLE TYPES 33There are two types of tables: lists and mappings. 34A list consists of a series of values, 35while a mapping consists of a series of keys and their associated values. 36The following illustrates how to declare them as static tables: 37.Bd -literal -offset indent 38table mylist { value1, value2, value3 } 39table mymapping { key1 = value1, key2 = value2, key3 = value3 } 40.Ed 41.Pp 42When using a 43.Ql file 44table, a list will be written with each value on a line by itself. 45.Bd -literal -offset indent 46value1 47value2 48value3 49.Ed 50.Pp 51A mapping will be written with each key and value on a line, 52whitespace and an optional colon separating both columns: 53.Bd -literal -offset indent 54key1: value1 55key2 value2 56key3 value3 57.Ed 58.Pp 59Blank lines, leading and trailing spaces and tabs are ignored. 60Lines whose first non-space character is a hash mark 61.Pq Sq # 62are comments and are ignored. 63To force the parsing of a file table as a list rather than a mapping, use 64this special comment: 65.Pp 66.Dl # @list 67.Pp 68A file table can be converted to a Berkeley database using the 69.Xr makemap 8 70utility with no syntax change. 71.Pp 72Tables using a 73.Ql file 74or Berkeley DB backend will be referenced as follows: 75.Bd -unfilled -offset indent 76.Ic table Ar name Cm file : Ns Pa /path/to/file 77.Ic table Ar name Cm db : Ns Pa /path/to/file.db 78.Ed 79.Ss Aliasing tables 80Aliasing tables are mappings that associate a recipient to one or many 81destinations. 82They can be used in two contexts: primary domain aliases and virtual domain 83mapping. 84.Bd -unfilled -offset indent 85.Ic action Ar name method Cm alias Pf < table Ns > 86.Ic action Ar name method Cm virtual Pf < table Ns > 87.Ed 88.Pp 89In a primary domain context, the key is the user part of the recipient address, 90whilst the value is one or many recipients as described in 91.Xr aliases 5 : 92.Bd -literal -offset indent 93user1 otheruser 94user2 otheruser1,otheruser2 95user3 otheruser@example.com 96.Ed 97.Pp 98In a virtual domain context, the key is either a user part, a full email 99address or a catch-all, following selection rules described in 100.Xr smtpd.conf 5 , 101and the value is one or many recipients as described in 102.Xr aliases 5 : 103.Bd -literal -offset indent 104user1 otheruser 105user2@example.org otheruser1,otheruser2 106@example.org otheruser@example.com 107@ catchall@example.com 108.Ed 109.Pp 110The following directive shares the same table format, 111but with a different meaning. 112Here, the user is allowed to send mail from the listed addresses: 113.Bd -unfilled -offset indent 114.Ic listen on Ar interface Cm auth Oo Ar ... Oc Cm senders Pf < Ar table Ns > 115.Ed 116.Ss Domain tables 117Domain tables are simple lists of domains or hosts. 118.Bd -unfilled -offset indent 119.Ic match Cm for domain Pf < table Ns > Cm action Ar name 120.Ic match Cm helo Pf < table Ns > Oo Ar ... Oc Cm action Ar name 121.Ed 122.Pp 123In that context, the list of domains will be matched against the recipient 124domain or against the HELO name advertised by the sending host, 125respectively. 126For 127.Ql static , 128.Ql file 129and 130.Xr dbopen 3 131backends, a wildcard may be used so the domain table may contain: 132.Bd -literal -offset indent 133example.org 134*.example.org 135.Ed 136.Ss Credentials tables 137Credentials tables are mappings of credentials. 138They can be used in two contexts: 139.Bd -unfilled -offset indent 140.Ic listen on Ar interface Cm tls Oo Ar ... Oc Cm auth Pf < Ar table Ns > 141.Ic action Ar name Cm relay host Ar relay-url Cm auth Pf < Ar table Ns > 142.Ed 143.Pp 144In a listener context, the credentials are a mapping of username and encrypted 145passwords: 146.Bd -literal -offset indent 147user1 $2b$10$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe 148user2 $2b$10$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK 149.Ed 150.Pp 151The passwords are to be encrypted using the 152.Xr smtpctl 8 153encrypt subcommand. 154.Pp 155In a relay context, the credentials are a mapping of labels and 156username:password pairs: 157.Bd -literal -offset indent 158label1 user:password 159.Ed 160.Pp 161The label must be unique and is used as a selector for the proper credentials 162when multiple credentials are valid for a single destination. 163The password is not encrypted as it must be provided to the remote host. 164.Ss Netaddr tables 165Netaddr tables are lists of IPv4 and IPv6 network addresses. 166They can only be used in the following context: 167.Pp 168.D1 Ic match Cm from src Pf < Ar table Ns > Cm action Ar name 169.Pp 170When used as a "from source", the address of a client is compared to the list 171of addresses in the table until a match is found. 172.Pp 173A netaddr table can contain exact addresses or netmasks, and looks as follow: 174.Bd -literal -offset indent 175192.168.1.1 176[::1] 177192.168.1.0/24 178.Ed 179.Pp 180IPv6 addresses must be enclosed in square brackets. 181.Ss Userinfo tables 182Userinfo tables are used in rule context to specify an alternate userbase, 183mapping virtual users to local system users by UID, GID and home directory. 184.Pp 185.D1 Ic action Ar name method Cm userbase Pf < Ar table Ns > 186.Pp 187A userinfo table looks as follows: 188.Bd -literal -offset indent 189joe 1000:100:/home/virtual/joe 190jack 1000:100:/home/virtual/jack 191.Ed 192.Pp 193In this example, both joe and jack are virtual users mapped to the local 194system user with UID 1000 and GID 100, but different home directories. 195These directories may contain a 196.Xr forward 5 197file. 198This can be used in conjunction with an alias table 199that maps an email address or the domain part to the desired virtual 200username. 201For example: 202.Bd -literal -offset indent 203joe@example.org joe 204jack@example.com jack 205.Ed 206.Ss Source tables 207Source tables are lists of IPv4 and IPv6 addresses. 208They can only be used in the following context: 209.Pp 210.D1 Ic action Ar name Cm relay src Pf < Ar table Ns > 211.Pp 212Successive queries to the source table will return the elements one by one. 213.Pp 214A source table looks as follow: 215.Bd -literal -offset indent 216192.168.1.2 217192.168.1.3 218[::1] 219[::2] 220.Ed 221.Pp 222IPv6 address must be enclosed in square brackets. 223.Ss Mailaddr tables 224Mailaddr tables are lists of email addresses. 225They can be used in the following contexts: 226.Bd -unfilled -offset indent 227.Ic match Cm mail\-from Pf < Ar table Ns > Cm action Ar name 228.Ic match Cm rcpt\-to Pf < Ar table Ns > Cm action Ar name 229.Ed 230.Pp 231A mailaddr entry is used to match an email address against a username, 232a domain or a full email address. 233A "*" wildcard may be used in part of the domain name. 234.Pp 235A mailaddr table looks as follow: 236.Bd -literal -offset indent 237user 238@domain 239user@domain 240user@*.domain 241.Ed 242.Ss Addrname tables 243Addrname tables are used to map IP addresses to hostnames. 244They can be used in both listen context and relay context: 245.Bd -unfilled -offset indent 246.Ic listen on Ar interface Cm hostnames Pf < Ar table Ns > 247.Ic action Ar name Cm relay helo\-src Pf < Ar table Ns > 248.Ed 249.Pp 250In listen context, the table is used to look up the server name to advertise 251depending on the local address of the socket on which a connection is accepted. 252In relay context, the table is used to determine the hostname for the HELO 253sequence of the SMTP protocol, depending on the local address used for the 254outgoing connection. 255.Pp 256The format is a mapping from inet4 or inet6 addresses to hostnames: 257.Bd -literal -offset indent 258[::1] localhost 259127.0.0.1 localhost 26088.190.23.165 www.opensmtpd.org 261.Ed 262.Pp 263IPv6 addresses must be enclosed in square brackets. 264.Sh SEE ALSO 265.Xr smtpd.conf 5 , 266.Xr makemap 8 , 267.Xr smtpd 8 268