NAME
cidr_table - format of Postfix CIDR tablesSYNOPSIS
postmap -q "string" cidr:/etc/postfix/filename postmap -q - cidr:/etc/postfix/filename <inputfile
DESCRIPTION
The Postfix mail system uses optional lookup tables. These tables are usually in dbm or db format. Alternatively, lookup tables can be specified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated.
TABLE FORMAT
The general form of a Postfix CIDR table is:
- pattern result
- When a search string matches the specified pattern, use the corresponding result value. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below).
- !pattern result
- When a search string does not match the specified pattern, use the specified result value. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). This feature is available in Postfix 3.2 and later.
- if pattern
- endif
- When a search string matches the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if.. endif can nest. Note: do not prepend whitespace to text between if..endif. This feature is available in Postfix 3.2 and later.
- if !pattern
- endif
- When a search string does not match the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest. Note: do not prepend whitespace to text between if..endif. This feature is available in Postfix 3.2 and later.
- blank lines and comments
- Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'.
- multi-line text
- A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line.
TABLE SEARCH ORDER
Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string.
ADDRESS PATTERN SYNTAX
Postfix CIDR tables are pattern-based. A pattern is either a network_address which requires an exact match, or a network_address/prefix_length where the prefix_length part specifies the length of the network_address prefix that must be matched (the other bits in the network_address part must be zero).
INLINE SPECIFICATION
The contents of a table may be specified in the table name (Postfix 3.7 and later). The basic syntax is:
main.cf: parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. master.cf: .. -o { parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. } ..
in-memory file: rule-1 rule-2 ..
EXAMPLE SMTPD ACCESS MAP
/etc/postfix/main.cf: smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... /etc/postfix/client.cidr: # Rule order matters. Put more specific allowlist entries # before more general denylist entries. 192.168.1.1 OK 192.168.0.0/16 REJECT 2001:db8::1 OK 2001:db8::/32 REJECT
SEE ALSO
postmap(1), Postfix lookup table manager regexp_table(5), format of regular expression tables pcre_table(5), format of PCRE tables
README FILES
Use " postconf readme_directory" or " postconf html_directory" to locate this information.
DATABASE_README, Postfix lookup table overview
HISTORY
CIDR table support was introduced with Postfix version 2.1.
AUTHOR(S)
The CIDR table lookup code was originally written by: Jozsef Kadlecsik KFKI Research Institute for Particle and Nuclear Physics POB. 49 1525 Budapest, Hungary Adopted and adapted by: Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA Wietse Venema Google, Inc. 111 8th Avenue New York, NY 10011, USA