cidr_table - format of Postfix CIDR tables
postmap -q "string" cidr:/etc/postfix/filename postmap -q - cidr:/etc/postfix/filename <inputfile
CIDR_TABLE(5) File Formats Manual CIDR_TABLE(5)
NAME
cidr_table - format of Postfix CIDR tables
SYNOPSIS
postmap -q "string" cidr:/etc/postfix/filename
postmap -q - cidr:/etc/postfix/filename <inputfile
DESCRIPTION
The Postfix mail system uses optional lookup tables. These tables are
usually in dbm or db format. Alternatively, lookup tables can be spec-
ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
input is compared against a list of patterns. When a match is found,
the corresponding result is returned and the search is terminated.
To find out what types of lookup tables your Postfix system supports
use the "postconf -m" command.
To test lookup tables, use the "postmap -q" command as described in the
SYNOPSIS above.
TABLE FORMAT
The general form of a Postfix CIDR table is:
pattern result
When a search string matches the specified pattern, use the cor-
responding result value. The pattern must be in network/prefix
or network_address form (see ADDRESS PATTERN SYNTAX below).
!pattern result
When a search string does not match the specified pattern, use
the specified result value. The pattern must be in network/pre-
fix or network_address form (see ADDRESS PATTERN SYNTAX below).
This feature is available in Postfix 3.2 and later.
if pattern
endif When a search string matches the specified pattern, match that
search string against the patterns between if and endif. The
pattern must be in network/prefix or network_address form (see
ADDRESS PATTERN SYNTAX below). The if..endif can nest.
Note: do not prepend whitespace to text between if..endif.
This feature is available in Postfix 3.2 and later.
if !pattern
endif When a search string does not match the specified pattern, match
that search string against the patterns between if and endif.
The pattern must be in network/prefix or network_address form
(see ADDRESS PATTERN SYNTAX below). The if..endif can nest.
Note: do not prepend whitespace to text between if..endif.
This feature is available in Postfix 3.2 and later.
blank lines and comments
Empty lines and whitespace-only lines are ignored, as are lines
whose first non-whitespace character is a `#'.
multi-line text
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
TABLE SEARCH ORDER
Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
ADDRESS PATTERN SYNTAX
Postfix CIDR tables are pattern-based. A pattern is either a net-
work_address which requires an exact match, or a network_address/pre-
fix_length where the prefix_length part specifies the length of the
network_address prefix that must be matched (the other bits in the net-
work_address part must be zero).
An IPv4 network address is a sequence of four decimal octets separated
by ".", and an IPv6 network address is a sequence of three to eight
hexadecimal octet pairs separated by ":" or "::", where the latter is
short-hand for a sequence of one or more all-zero octet pairs. The pat-
tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
address. IPv6 support is available in Postfix 2.2 and later.
Before comparisons are made, lookup keys and table entries are con-
verted from string to binary. Therefore, IPv6 patterns will be matched
regardless of leading zeros (a leading zero in an IPv4 address octet
indicates octal notation).
Note: address information may be enclosed inside "[]" but this form is
not required.
EXAMPLE SMTPD ACCESS MAP
/etc/postfix/main.cf:
smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
/etc/postfix/client.cidr:
# Rule order matters. Put more specific whitelist entries
# before more general blacklist entries.
192.168.1.1 OK
192.168.0.0/16 REJECT
2001:db8::1 OK
2001:db8::/32 REJECT
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------------+
|Availability | service/network/smtp/postfix |
+---------------+------------------------------+
|Stability | Volatile |
+---------------+------------------------------+
SEE ALSO
postmap(1), Postfix lookup table manager
regexp_table(5), format of regular expression tables
pcre_table(5), format of PCRE tables
README FILES
Use "postconf readme_directory" or "postconf html_directory" to locate
this information.
DATABASE_README, Postfix lookup table overview
HISTORY
CIDR table support was introduced with Postfix version 2.1.
AUTHOR(S)
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
Adopted and adapted by:
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://archive.mgm51.com/mirrors/postfix-
source/official/postfix-3.2.2.tar.gz.
Further information about this software can be found on the open source
community website at http://www.postfix.org.
CIDR_TABLE(5)