1CIDR_TABLE(5) File Formats Manual CIDR_TABLE(5)
2
3
4
6 cidr_table - format of Postfix CIDR tables
7
9 postmap -q "string" cidr:/etc/postfix/filename
10
11 postmap -q - cidr:/etc/postfix/filename <inputfile
12
14 The Postfix mail system uses optional lookup tables. These tables are
15 usually in dbm or db format. Alternatively, lookup tables can be spec‐
16 ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
17 input is compared against a list of patterns. When a match is found,
18 the corresponding result is returned and the search is terminated.
19
20 To find out what types of lookup tables your Postfix system supports
21 use the "postconf -m" command.
22
23 To test lookup tables, use the "postmap -q" command as described in the
24 SYNOPSIS above.
25
27 The general form of a Postfix CIDR table is:
28
29 pattern result
30 When a search string matches the specified pattern, use the cor‐
31 responding result value. The pattern must be in network/prefix
32 or network_address form (see ADDRESS PATTERN SYNTAX below).
33
34 !pattern result
35 When a search string does not match the specified pattern, use
36 the specified result value. The pattern must be in network/pre‐
37 fix or network_address form (see ADDRESS PATTERN SYNTAX below).
38
39 This feature is available in Postfix 3.2 and later.
40
41 if pattern
42
43 endif When a search string matches the specified pattern, match that
44 search string against the patterns between if and endif. The
45 pattern must be in network/prefix or network_address form (see
46 ADDRESS PATTERN SYNTAX below). The if..endif can nest.
47
48 Note: do not prepend whitespace to text between if..endif.
49
50 This feature is available in Postfix 3.2 and later.
51
52 if !pattern
53
54 endif When a search string does not match the specified pattern, match
55 that search string against the patterns between if and endif.
56 The pattern must be in network/prefix or network_address form
57 (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.
58
59 Note: do not prepend whitespace to text between if..endif.
60
61 This feature is available in Postfix 3.2 and later.
62
63 blank lines and comments
64 Empty lines and whitespace-only lines are ignored, as are lines
65 whose first non-whitespace character is a `#'.
66
67 multi-line text
68 A logical line starts with non-whitespace text. A line that
69 starts with whitespace continues a logical line.
70
72 Patterns are applied in the order as specified in the table, until a
73 pattern is found that matches the search string.
74
76 Postfix CIDR tables are pattern-based. A pattern is either a net‐
77 work_address which requires an exact match, or a network_address/pre‐
78 fix_length where the prefix_length part specifies the length of the
79 network_address prefix that must be matched (the other bits in the net‐
80 work_address part must be zero).
81
82 An IPv4 network address is a sequence of four decimal octets separated
83 by ".", and an IPv6 network address is a sequence of three to eight
84 hexadecimal octet pairs separated by ":" or "::", where the latter is
85 short-hand for a sequence of one or more all-zero octet pairs. The pat‐
86 tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
87 address. IPv6 support is available in Postfix 2.2 and later.
88
89 Before comparisons are made, lookup keys and table entries are con‐
90 verted from string to binary. Therefore, IPv6 patterns will be matched
91 regardless of leading zeros (a leading zero in an IPv4 address octet
92 indicates octal notation).
93
94 Note: address information may be enclosed inside "[]" but this form is
95 not required.
96
98 The contents of a table may be specified in the table name (Postfix 3.7
99 and later). The basic syntax is:
100
101 main.cf:
102 parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } ..
103
104 master.cf:
105 .. -o { parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. } ..
106
107 Postfix ignores whitespace after '{' and before '}', and writes each
108 rule as one text line to an in-memory file:
109
110 in-memory file:
111 rule-1
112 rule-2
113 ..
114
115 Postfix parses the result as if it is a file in /etc/postfix.
116
117 Note: if a rule contains $, specify $$ to keep Postfix from trying to
118 do $name expansion as it evaluates a parameter value.
119
121 /etc/postfix/main.cf:
122 smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
123
124 /etc/postfix/client.cidr:
125 # Rule order matters. Put more specific allowlist entries
126 # before more general denylist entries.
127 192.168.1.1 OK
128 192.168.0.0/16 REJECT
129 2001:db8::1 OK
130 2001:db8::/32 REJECT
131
133 postmap(1), Postfix lookup table manager
134 regexp_table(5), format of regular expression tables
135 pcre_table(5), format of PCRE tables
136
138 Use "postconf readme_directory" or "postconf html_directory" to locate
139 this information.
140 DATABASE_README, Postfix lookup table overview
141
143 CIDR table support was introduced with Postfix version 2.1.
144
146 The CIDR table lookup code was originally written by:
147 Jozsef Kadlecsik
148 KFKI Research Institute for Particle and Nuclear Physics
149 POB. 49
150 1525 Budapest, Hungary
151
152 Adopted and adapted by:
153 Wietse Venema
154 IBM T.J. Watson Research
155 P.O. Box 704
156 Yorktown Heights, NY 10598, USA
157
158 Wietse Venema
159 Google, Inc.
160 111 8th Avenue
161 New York, NY 10011, USA
162
163
164
165 CIDR_TABLE(5)