<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <title> Postfix manual - cidr_table(5) </title> </head> <body> <pre> CIDR_TABLE(5) CIDR_TABLE(5) <b>NAME</b> cidr_table - format of Postfix CIDR tables <b>SYNOPSIS</b> <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> <b>DESCRIPTION</b> The Postfix mail system uses optional lookup tables. These tables are usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec- ified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix system supports use the "<b>postconf -m</b>" command. To test lookup tables, use the "<b>postmap -q</b>" command as described in the SYNOPSIS above. <b>TABLE FORMAT</b> The general form of a Postfix CIDR table is: <i>pattern result</i> When a search string matches the specified <i>pattern</i>, use the cor- responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). <b>!</b><i>pattern result</i> When a search string does not match the specified <i>pattern</i>, use the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i> <i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). This feature is available in Postfix 3.2 and later. <b>if</b> <i>pattern</i> <b>endif</b> When a search string matches the specified <i>pattern</i>, match that search string against the patterns between <b>if</b> and <b>endif</b>. The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. This feature is available in Postfix 3.2 and later. <b>if !</b><i>pattern</i> <b>endif</b> When a search string does not match the specified <i>pattern</i>, match that search string against the patterns between <b>if</b> and <b>endif</b>. The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest. Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>. This feature is available in Postfix 3.2 and later. blank lines and comments Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. multi-line text A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. <b>TABLE SEARCH ORDER</b> Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. <b>ADDRESS PATTERN SYNTAX</b> Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i> <i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i> <i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i> <i>work</i><b>_</b><i>address</i> part must be zero). An IPv4 network address is a sequence of four decimal octets separated by ".", and an IPv6 network address is a sequence of three to eight hexadecimal octet pairs separated by ":" or "::", where the latter is short-hand for a sequence of one or more all-zero octet pairs. The pat- tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 address. IPv6 support is available in Postfix 2.2 and later. Before comparisons are made, lookup keys and table entries are con- verted from string to binary. Therefore, IPv6 patterns will be matched regardless of leading zeros (a leading zero in an IPv4 address octet indicates octal notation). Note: address information may be enclosed inside "[]" but this form is not required. <b>EXAMPLE SMTPD ACCESS MAP</b> /etc/postfix/<a href="postconf.5.html">main.cf</a>: <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ... /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>: # Rule order matters. Put more specific whitelist entries # before more general blacklist entries. 192.168.1.1 OK 192.168.0.0/16 REJECT 2001:db8::1 OK 2001:db8::/32 REJECT <b>SEE ALSO</b> <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables <b>README FILES</b> <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview <b>HISTORY</b> CIDR table support was introduced with Postfix version 2.1. <b>AUTHOR(S)</b> The CIDR table lookup code was originally written by: Jozsef Kadlecsik KFKI Research Institute for Particle and Nuclear Physics POB. 49 1525 Budapest, Hungary Adopted and adapted by: Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA Wietse Venema Google, Inc. 111 8th Avenue New York, NY 10011, USA CIDR_TABLE(5) </pre> </body> </html>