.TH CIDR_TABLE 5 .ad .fi .SH NAME cidr_table \- format of Postfix CIDR tables .SH "SYNOPSIS" .na .nf \fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fR <\fIinputfile\fR .SH DESCRIPTION .ad .fi The Postfix mail system uses optional lookup tables. These tables are usually in \fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables can be specified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated. To find out what types of lookup tables your Postfix system supports use the "\fBpostconf -m\fR" command. To test lookup tables, use the "\fBpostmap -q\fR" command as described in the SYNOPSIS above. .SH "TABLE FORMAT" .na .nf .ad .fi The general form of a Postfix CIDR table is: .IP "\fInetwork_address\fB/\fInetwork_mask result\fR" When a search string matches the specified network block, use the corresponding \fIresult\fR value. Specify 0.0.0.0/0 to match every IPv4 address, and ::/0 to match every IPv6 address. An IPv4 network address is a sequence of four decimal octets separated by ".", and an IPv6 network address is a sequence of three to eight hexadecimal octet pairs separated by ":". Before comparisons are made, lookup keys and table entries are converted from string to binary. Therefore table entries will be matched regardless of redundant zero characters. Note: address information may be enclosed inside "[]" but this form is not required. IPv6 support is available in Postfix 2.2 and later. .IP "\fInetwork_address result\fR" When a search string matches the specified network address, use the corresponding \fIresult\fR value. .IP "blank lines and comments" Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. .IP "multi-line text" A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. .SH "TABLE SEARCH ORDER" .na .nf .ad .fi Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. .SH "EXAMPLE SMTPD ACCESS MAP" .na .nf .nf /etc/postfix/main.cf: smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... /etc/postfix/client.cidr: # Rule order matters. Put more specific whitelist entries # before more general blacklist entries. 192.168.1.1 OK 192.168.0.0/16 REJECT .fi .SH "SEE ALSO" .na .nf postmap(1), Postfix lookup table manager regexp_table(5), format of regular expression tables pcre_table(5), format of PCRE tables .SH "README FILES" .na .nf .ad .fi Use "\fBpostconf readme_directory\fR" or "\fBpostconf html_directory\fR" to locate this information. .na .nf DATABASE_README, Postfix lookup table overview .SH "HISTORY" .na .nf CIDR table support was introduced with Postfix version 2.1. .SH "AUTHOR(S)" .na .nf The CIDR table lookup code was originally written by: Jozsef Kadlecsik KFKI Research Institute for Particle and Nuclear Physics POB. 49 1525 Budapest, Hungary Adopted and adapted by: Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA