Home | History | Annotate | Line # | Download | only in proto 
      1 #++
      2 # NAME
      3 #	cidr_table 5
      4 # SUMMARY
      5 #	format of Postfix CIDR tables
      6 # SYNOPSIS
      7 #	\fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR
      8 #
      9 #	\fBpostmap -q - cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
     10 # DESCRIPTION
     11 #	The Postfix mail system uses optional lookup tables.
     12 #	These tables are usually in \fBlmdb:\fR, \fBcdb:\fR, \fBhash:\fR,
     13 #	or \fBdbm:\fR format.
     14 #
     15 #	Alternatively, lookup tables can be specified in CIDR
     16 #	(Classless Inter-Domain Routing) form. In this case, each
     17 #	input is compared against a list of patterns. When a match
     18 #	is found, the corresponding result is returned and the search
     19 #	is terminated.
     20 #
     21 #	To find out what types of lookup tables your Postfix system
     22 #	supports use the "\fBpostconf -m\fR" command.
     23 #
     24 #	To test lookup tables, use the "\fBpostmap -q\fR" command as
     25 #	described in the SYNOPSIS above.
     26 # TABLE FORMAT
     27 # .ad
     28 # .fi
     29 #	The general form of a Postfix CIDR table is:
     30 # .IP "\fIpattern     result\fR"
     31 #	When a search string matches the specified \fIpattern\fR, use
     32 #	the corresponding \fIresult\fR value. The \fIpattern\fR must be
     33 #	in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
     34 #	ADDRESS PATTERN SYNTAX below).
     35 # .IP "\fB!\fIpattern	result\fR"
     36 #	When a search string does not match the specified \fIpattern\fR,
     37 #	use the specified \fIresult\fR value. The \fIpattern\fR must
     38 #	be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
     39 #	ADDRESS PATTERN SYNTAX below).
     40 # .sp
     41 #	This feature is available in Postfix 3.2 and later.
     42 # .IP "\fBif \fIpattern\fR"
     43 # .IP "\fBendif\fR"
     44 #	When a search string matches the specified \fIpattern\fR, match
     45 #	that search string against the patterns between \fBif\fR and
     46 #	\fBendif\fR.  The \fIpattern\fR must be in \fInetwork/prefix\fR or
     47 #	\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
     48 #	\fBif\fR..\fBendif\fR can nest.
     49 # .sp
     50 #	Note: do not prepend whitespace to text between
     51 #	\fBif\fR..\fBendif\fR.
     52 # .sp
     53 #	This feature is available in Postfix 3.2 and later.
     54 # .IP "\fBif !\fIpattern\fR"
     55 # .IP "\fBendif\fR"
     56 #	When a search string does not match the specified \fIpattern\fR,
     57 #	match that search string against the patterns between \fBif\fR and
     58 #	\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or
     59 #	\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
     60 #	\fBif\fR..\fBendif\fR can nest.
     61 # .sp
     62 #	Note: do not prepend whitespace to text between
     63 #	\fBif\fR..\fBendif\fR.
     64 # .sp
     65 #	This feature is available in Postfix 3.2 and later.
     66 # .IP "blank lines and comments"
     67 #	Empty lines and whitespace-only lines are ignored, as
     68 #	are lines whose first non-whitespace character is a `#'.
     69 # .IP "multi-line text"
     70 #	A logical line starts with non-whitespace text. A line that
     71 #	starts with whitespace continues a logical line.
     72 # TABLE SEARCH ORDER
     73 # .ad
     74 # .fi
     75 #	Patterns are applied in the order as specified in the table, until a
     76 #	pattern is found that matches the search string.
     77 # ADDRESS PATTERN SYNTAX
     78 # .ad
     79 # .fi
     80 #	Postfix CIDR tables are pattern-based.	A pattern is either
     81 #	a \fInetwork_address\fR which requires an exact match, or a
     82 #	\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR
     83 #	part specifies the length of the \fInetwork_address\fR prefix
     84 #	that must be matched (the other bits in the \fInetwork_address\fR
     85 #	part must be zero).
     86 #
     87 #	An IPv4 network address is a sequence of four decimal octets
     88 #	separated by ".", and an IPv6 network address is a sequence
     89 #	of three to eight hexadecimal octet pairs separated by ":"
     90 #	or "::", where the latter is short-hand for a sequence of
     91 #	one or more all-zero octet pairs. The pattern 0.0.0.0/0
     92 #	matches every IPv4 address, and ::/0 matches every IPv6
     93 #	address.  IPv6 support is available in Postfix 2.2 and
     94 #	later.
     95 #
     96 #	Before comparisons are made, lookup keys and table entries
     97 #	are converted from string to binary. Therefore, IPv6 patterns
     98 #	will be matched regardless of leading zeros (a leading zero in
     99 #	an IPv4 address octet indicates octal notation).
    100 #
    101 #	Note: address information may be enclosed inside "[]" but
    102 #	this form is not required.
    103 # INLINE SPECIFICATION
    104 # .ad
    105 # .fi
    106 #	The contents of a table may be specified in the table name
    107 #	(Postfix 3.7 and later).
    108 #	The basic syntax is:
    109 #
    110 # .nf
    111 #	main.cf:
    112 #	    \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } ..\fR
    113 #
    114 #	master.cf:
    115 #	    \fB.. -o { \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } .. } ..\fR
    116 # .fi
    117 #
    118 #	Postfix recursively expands any \fI$parametername\fR instances
    119 #	in the above parameter value, ignores whitespace after '{'
    120 #	and before '}', and writes each \fIrule\fR as one text line to
    121 #	an in-memory file:
    122 #
    123 # .nf
    124 #	in-memory file:
    125 #	    rule-1
    126 #	    rule-2
    127 #	    ..
    128 # .fi
    129 #
    130 #	Postfix parses the result as if it is a file in /etc/postfix.
    131 #
    132 #	Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
    133 #	Postfix from trying to do \fI$name\fR expansion as it
    134 #	evaluates a parameter value.
    135 # EXAMPLE SMTPD ACCESS MAP
    136 # .nf
    137 #	/etc/postfix/main.cf:
    138 #	    smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
    139 #
    140 #	/etc/postfix/client.cidr:
    141 #	    # Rule order matters. Put more specific allowlist entries
    142 #	    # before more general denylist entries.
    143 #	    192.168.1.1             OK
    144 #	    192.168.0.0/16          REJECT
    145 #	    2001:db8::1             OK
    146 #	    2001:db8::/32           REJECT
    147 # .fi
    148 # SEE ALSO
    149 #	postmap(1), Postfix lookup table manager
    150 #	regexp_table(5), format of regular expression tables
    151 #	pcre_table(5), format of PCRE tables
    152 # README FILES
    153 # .ad
    154 # .fi
    155 #	Use "\fBpostconf readme_directory\fR" or
    156 #	"\fBpostconf html_directory\fR" to locate this information.
    157 # .na
    158 # .nf
    159 #	DATABASE_README, Postfix lookup table overview
    160 # HISTORY
    161 #	CIDR table support was introduced with Postfix version 2.1.
    162 # AUTHOR(S)
    163 #	The CIDR table lookup code was originally written by:
    164 #	Jozsef Kadlecsik
    165 #	KFKI Research Institute for Particle and Nuclear Physics
    166 #	POB. 49
    167 #	1525 Budapest, Hungary
    168 #
    169 #	Adopted and adapted by:
    170 #	Wietse Venema
    171 #	IBM T.J. Watson Research
    172 #	P.O. Box 704
    173 #	Yorktown Heights, NY 10598, USA
    174 #
    175 #	Wietse Venema
    176 #	Google, Inc.
    177 #	111 8th Avenue
    178 #	New York, NY 10011, USA
    179 #--
    180