1ACCESS(5) File Formats Manual ACCESS(5)
2
6 access - Postfix SMTP server access table
7
9 postmap /etc/postfix/access
10 postmap -q "string" /etc/postfix/access
12 postmap -q - /etc/postfix/access <inputfile
14
16 This document describes access control on remote SMTP client informa‐
17 tion: host names, network addresses, and envelope sender or recipient
18 addresses; it is implemented by the Postfix SMTP server. See
19 header_checks(5) or body_checks(5) for access control on the content of
20 email messages.
21 Normally, the access(5) table is specified as a text file that serves
23 as input to the postmap(1) command. The result, an indexed file in dbm
24 or db format, is used for fast searching by the mail system. Execute
25 the command "postmap /etc/postfix/access" to rebuild an indexed file
26 after changing the corresponding text file.
27 When the table is provided via other means such as NIS, LDAP or SQL,
29 the same lookups are done as for ordinary indexed files.
30 Alternatively, the table can be provided as a regular-expression map
32 where patterns are given as regular expressions, or lookups can be
33 directed to TCP-based server. In those cases, the lookups are done in a
34 slightly different way as described below under "REGULAR EXPRESSION
35 TABLES" or "TCP-BASED TABLES".
36
38 The search string is folded to lowercase before database lookup. As of
39 Postfix 2.3, the search string is not case folded with database types
40 such as regexp: or pcre: whose lookup fields can match both upper and
41 lower case.
42
44 The input format for the postmap(1) command is as follows:
45 pattern action
47 When pattern matches a mail address, domain or host address,
48 perform the corresponding action.
49 blank lines and comments
51 Empty lines and whitespace-only lines are ignored, as are lines
52 whose first non-whitespace character is a `#'.
53 multi-line text
55 A logical line starts with non-whitespace text. A line that
56 starts with whitespace continues a logical line.
57
59 With lookups from indexed files such as DB or DBM, or from networked
60 tables such as NIS, LDAP or SQL, patterns are tried in the order as
61 listed below:
62 user@domain
64 Matches the specified mail address.
65 domain.tld
67 Matches domain.tld as the domain part of an email address.
68 The pattern domain.tld also matches subdomains, but only when
70 the string smtpd_access_maps is listed in the Postfix par‐
71 ent_domain_matches_subdomains configuration setting (note that
72 this is the default for some versions of Postfix). Otherwise,
73 specify .domain.tld (note the initial dot) in order to match
74 subdomains.
75 user@ Matches all mail addresses with the specified user part.
77 Note: lookup of the null sender address is not possible with some types
79 of lookup table. By default, Postfix uses <> as the lookup key for such
80 addresses. The value is specified with the smtpd_null_access_lookup_key
81 parameter in the Postfix main.cf file.
82
84 When a mail address localpart contains the optional recipient delimiter
85 (e.g., user+foo@domain), the lookup order becomes: user+foo@domain,
86 user@domain, domain, user+foo@, and user@.
87
89 With lookups from indexed files such as DB or DBM, or from networked
90 tables such as NIS, LDAP or SQL, the following lookup patterns are
91 examined in the order as listed:
92 domain.tld
94 Matches domain.tld.
95 The pattern domain.tld also matches subdomains, but only when
97 the string smtpd_access_maps is listed in the Postfix par‐
98 ent_domain_matches_subdomains configuration setting. Otherwise,
99 specify .domain.tld (note the initial dot) in order to match
100 subdomains.
101 net.work.addr.ess
103 net.work.addr
105 net.work
107 net Matches the specified IPv4 host address or subnetwork. An IPv4
109 host address is a sequence of four decimal octets separated by
110 ".".
111 Subnetworks are matched by repeatedly truncating the last
113 ".octet" from the remote IPv4 host address string until a match
114 is found in the access table, or until further truncation is not
115 possible.
116 NOTE 1: The access map lookup key must be in canonical form: do
118 not specify unnecessary null characters, and do not enclose net‐
119 work address information with "[]" characters.
120 NOTE 2: use the cidr lookup table type to specify network/net‐
122 mask patterns. See cidr_table(5) for details.
123 net:work:addr:ess
125 net:work:addr
127 net:work
129 net Matches the specified IPv6 host address or subnetwork. An IPv6
131 host address is a sequence of three to eight hexadecimal octet
132 pairs separated by ":".
133 Subnetworks are matched by repeatedly truncating the last
135 ":octetpair" from the remote IPv6 host address string until a
136 match is found in the access table, or until further truncation
137 is not possible.
138 NOTE 1: the truncation and comparison are done with the string
140 representation of the IPv6 host address. Thus, not all the ":"
141 subnetworks will be tried.
142 NOTE 2: The access map lookup key must be in canonical form: do
144 not specify unnecessary null characters, and do not enclose net‐
145 work address information with "[]" characters.
146 NOTE 3: use the cidr lookup table type to specify network/net‐
148 mask patterns. See cidr_table(5) for details.
149 IPv6 support is available in Postfix 2.2 and later.
151
153 OK Accept the address etc. that matches the pattern.
154 all-numerical
156 An all-numerical result is treated as OK. This format is gener‐
157 ated by address-based relay authorization schemes such as pop-
158 before-smtp.
159
161 Postfix version 2.3 and later support enhanced status codes as defined
162 in RFC 3463. When no code is specified at the beginning of the text
163 below, Postfix inserts a default enhanced status code of "5.7.1" in the
164 case of reject actions, and "4.7.1" in the case of defer actions. See
165 "ENHANCED STATUS CODES" below.
166 4NN text
168 5NN text
170 Reject the address etc. that matches the pattern, and respond
171 with the numerical three-digit code and text. 4NN means "try
172 again later", while 5NN means "do not try again".
173 The following responses have special meaning for the Postfix
175 SMTP server:
176 421 text (Postfix 2.3 and later)
178 521 text (Postfix 2.6 and later)
180 After responding with the numerical three-digit code and
181 text, disconnect immediately from the SMTP client. This
182 frees up SMTP server resources so that they can be made
183 available to another SMTP client.
184 Note: The "521" response should be used only with botnets
186 and other malware where interoperability is of no con‐
187 cern. The "send 521 and disconnect" behavior is NOT
188 defined in the SMTP standard.
189 REJECT optional text...
191 Reject the address etc. that matches the pattern. Reply with
192 "$access_map_reject_code optional text..." when the optional
193 text is specified, otherwise reply with a generic error response
194 message.
195 DEFER optional text...
197 Reject the address etc. that matches the pattern. Reply with
198 "$access_map_defer_code optional text..." when the optional text
199 is specified, otherwise reply with a generic error response mes‐
200 sage.
201 This feature is available in Postfix 2.6 and later.
203 DEFER_IF_REJECT optional text...
205 Defer the request if some later restriction would result in a
206 REJECT action. Reply with "$access_map_defer_code 4.7.1 optional
207 text..." when the optional text is specified, otherwise reply
208 with a generic error response message.
209 Prior to Postfix 2.6, the SMTP reply code is 450.
211 This feature is available in Postfix 2.1 and later.
213 DEFER_IF_PERMIT optional text...
215 Defer the request if some later restriction would result in a an
216 explicit or implicit PERMIT action. Reply with
217 "$access_map_defer_code 4.7.1 optional text..." when the
218 optional text is specified, otherwise reply with a generic error
219 response message.
220 Prior to Postfix 2.6, the SMTP reply code is 450.
222 This feature is available in Postfix 2.1 and later.
224
226 restriction...
227 Apply the named UCE restriction(s) (permit, reject,
228 reject_unauth_destination, and so on).
229 BCC user@domain
231 Send one copy of the message to the specified recipient.
232 If multiple BCC actions are specified within the same SMTP MAIL
234 transaction, only the last action will be used.
235 This feature is not part of the stable Postfix release.
237 DISCARD optional text...
239 Claim successful delivery and silently discard the message. Log
240 the optional text if specified, otherwise log a generic message.
241 Note: this action currently affects all recipients of the mes‐
243 sage. To discard only one recipient without discarding the
244 entire message, use the transport(5) table to direct mail to the
245 discard(8) service.
246 This feature is available in Postfix 2.0 and later.
248 DUNNO Pretend that the lookup key was not found. This prevents Postfix
250 from trying substrings of the lookup key (such as a subdomain
251 name, or a network address subnetwork).
252 This feature is available in Postfix 2.0 and later.
254 FILTER transport:destination
256 After the message is queued, send the entire message through the
257 specified external content filter. The transport name specifies
258 the first field of a mail delivery agent definition in mas‐
259 ter.cf; the syntax of the next-hop destination is described in
260 the manual page of the corresponding delivery agent. More
261 information about external content filters is in the Postfix
262 FILTER_README file.
263 Note 1: do not use $number regular expression substitutions for
265 transport or destination unless you know that the information
266 has a trusted origin.
267 Note 2: this action overrides the main.cf content_filter set‐
269 ting, and affects all recipients of the message. In the case
270 that multiple FILTER actions fire, only the last one is exe‐
271 cuted.
272 Note 3: the purpose of the FILTER command is to override message
274 routing. To override the recipient's transport but not the
275 next-hop destination, specify an empty filter destination (Post‐
276 fix 2.7 and later), or specify a transport:destination that
277 delivers through a different Postfix instance (Postfix 2.6 and
278 earlier). Other options are using the recipient-dependent trans‐
279 port_maps or the sender-dependent sender_dependent_default‐
280 _transport_maps features.
281 This feature is available in Postfix 2.0 and later.
283 HOLD optional text...
285 Place the message on the hold queue, where it will sit until
286 someone either deletes it or releases it for delivery. Log the
287 optional text if specified, otherwise log a generic message.
288 Mail that is placed on hold can be examined with the postcat(1)
290 command, and can be destroyed or released with the postsuper(1)
291 command.
292 Note: use "postsuper -r" to release mail that was kept on hold
294 for a significant fraction of $maximal_queue_lifetime or
295 $bounce_queue_lifetime, or longer. Use "postsuper -H" only for
296 mail that will not expire within a few delivery attempts.
297 Note: this action currently affects all recipients of the mes‐
299 sage.
300 This feature is available in Postfix 2.0 and later.
302 PREPEND headername: headervalue
304 Prepend the specified message header to the message. When more
305 than one PREPEND action executes, the first prepended header
306 appears before the second etc. prepended header.
307 Note: this action must execute before the message content is
309 received; it cannot execute in the context of
310 smtpd_end_of_data_restrictions.
311 This feature is available in Postfix 2.1 and later.
313 REDIRECT user@domain
315 After the message is queued, send the message to the specified
316 address instead of the intended recipient(s).
317 Note: this action overrides the FILTER action, and currently
319 affects all recipients of the message.
320 This feature is available in Postfix 2.1 and later.
322 WARN optional text...
324 Log a warning with the optional text, together with client
325 information and if available, with helo, sender, recipient and
326 protocol information.
327 This feature is available in Postfix 2.1 and later.
329
331 Postfix version 2.3 and later support enhanced status codes as defined
332 in RFC 3463. When an enhanced status code is specified in an access
333 table, it is subject to modification. The following transformations are
334 needed when the same access table is used for client, helo, sender, or
335 recipient access restrictions; they happen regardless of whether Post‐
336 fix replies to a MAIL FROM, RCPT TO or other SMTP command.
337 · When a sender address matches a REJECT action, the Postfix SMTP
339 server will transform a recipient DSN status (e.g., 4.1.1-4.1.6)
340 into the corresponding sender DSN status, and vice versa.
341 · When non-address information matches a REJECT action (such as
343 the HELO command argument or the client hostname/address), the
344 Postfix SMTP server will transform a sender or recipient DSN
345 status into a generic non-address DSN status (e.g., 4.0.0).
346
348 This section describes how the table lookups change when the table is
349 given in the form of regular expressions. For a description of regular
350 expression lookup table syntax, see regexp_table(5) or pcre_table(5).
351 Each pattern is a regular expression that is applied to the entire
353 string being looked up. Depending on the application, that string is an
354 entire client hostname, an entire client IP address, or an entire mail
355 address. Thus, no parent domain or parent network search is done,
356 user@domain mail addresses are not broken up into their user@ and
357 domain constituent parts, nor is user+foo broken up into user and foo.
358 Patterns are applied in the order as specified in the table, until a
360 pattern is found that matches the search string.
361 Actions are the same as with indexed file lookups, with the additional
363 feature that parenthesized substrings from the pattern can be interpo‐
364 lated as $1, $2 and so on.
365
367 This section describes how the table lookups change when lookups are
368 directed to a TCP-based server. For a description of the TCP
369 client/server lookup protocol, see tcp_table(5). This feature is not
370 available up to and including Postfix version 2.4.
371 Each lookup operation uses the entire query string once. Depending on
373 the application, that string is an entire client hostname, an entire
374 client IP address, or an entire mail address. Thus, no parent domain
375 or parent network search is done, user@domain mail addresses are not
376 broken up into their user@ and domain constituent parts, nor is
377 user+foo broken up into user and foo.
378 Actions are the same as with indexed file lookups.
380
382 The following example uses an indexed file, so that the order of table
383 entries does not matter. The example permits access by the client at
384 address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of
385 hash lookup tables, some systems use dbm. Use the command "postconf
386 -m" to find out what lookup tables Postfix supports on your system.
387 /etc/postfix/main.cf:
389 smtpd_client_restrictions =
390 check_client_access hash:/etc/postfix/access
391 /etc/postfix/access:
393 1.2.3 REJECT
394 1.2.3.4 OK
395 Execute the command "postmap /etc/postfix/access" after editing the
397 file.
398
400 The table format does not understand quoting conventions.
401
403 postmap(1), Postfix lookup table manager
404 smtpd(8), SMTP server
405 postconf(5), configuration parameters
406 transport(5), transport:nexthop syntax
407
409 Use "postconf readme_directory" or "postconf html_directory" to locate
410 this information.
411 SMTPD_ACCESS_README, built-in SMTP server access control
412 DATABASE_README, Postfix lookup table overview
413
415 The Secure Mailer license must be distributed with this software.
416
418 Wietse Venema
419 IBM T.J. Watson Research
420 P.O. Box 704
421 Yorktown Heights, NY 10598, USA
422 ACCESS(5)