GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CIDR_TABLE(5) FreeBSD File Formats Manual CIDR_TABLE(5)

cidr_table - format of Postfix CIDR tables

postmap -q "string" cidr:$config_directory/filename
postmap -q - cidr:$config_directory/filename <inputfile


The Postfix mail system uses optional lookup tables. These tables are usually in dbm or db format. Alternatively, lookup tables can be specified in CIDR (Classless Inter-Domain Routing) form. In this case, each input is compared against a list of patterns. When a match is found, the corresponding result is returned and the search is terminated.

To find out what types of lookup tables your Postfix system supports use the "postconf -m" command.

To test lookup tables, use the "postmap -q" command as described in the SYNOPSIS above.


The general form of a Postfix CIDR table is:
pattern result
When a search string matches the specified pattern, use the corresponding result value. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below).
!pattern result
When a search string does not match the specified pattern, use the specified result value. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below).

This feature is available in Postfix 3.2 and later.

if pattern
endif
When a search string matches the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

Note: do not prepend whitespace to text between if..endif.

This feature is available in Postfix 3.2 and later.

if !pattern
endif
When a search string does not match the specified pattern, match that search string against the patterns between if and endif. The pattern must be in network/prefix or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

Note: do not prepend whitespace to text between if..endif.

This feature is available in Postfix 3.2 and later.

blank lines and comments
Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'.
multi-line text
A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line.


Patterns are applied in the order as specified in the table, until a pattern is
  found that matches the search string.


Postfix CIDR tables are pattern-based. A pattern is either a
  network_address which requires an exact match, or a
  network_address/prefix_length where the prefix_length part
  specifies the length of the network_address prefix that must be matched
  (the other bits in the network_address part must be zero).

An IPv4 network address is a sequence of four decimal octets separated by ".", and an IPv6 network address is a sequence of three to eight hexadecimal octet pairs separated by ":" or "::", where the latter is short-hand for a sequence of one or more all-zero octet pairs. The pattern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 address. IPv6 support is available in Postfix 2.2 and later.

Before comparisons are made, lookup keys and table entries are converted from string to binary. Therefore, IPv6 patterns will be matched regardless of leading zeros (a leading zero in an IPv4 address octet indicates octal notation).

Note: address information may be enclosed inside "[]" but this form is not required.


The contents of a table may be specified in the table name. The basic syntax is:

main.cf:
    parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } ..
master.cf:
    .. -o { parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. } ..

Postfix ignores whitespace after '{' and before '}', and writes each rule as one text line to an in-memory file:

in-memory file:
    rule-1
    rule-2
    ..

Postfix parses the result as if it is a file in /usr/local/etc/postfix.

Note: if a rule contains $, specify $$ to keep Postfix from trying to do $name expansion as it evaluates a parameter value.


/usr/local/etc/postfix/main.cf: smtpd_client_restrictions = ... cidr:$config_directory/client.cidr ... /usr/local/etc/postfix/client.cidr: # Rule order matters. Put more specific allowlist entries # before more general denylist entries. 192.168.1.1 OK 192.168.0.0/16 REJECT 2001:db8::1 OK 2001:db8::/32 REJECT

postmap(1), Postfix lookup table manager
regexp_table(5), format of regular expression tables
pcre_table(5), format of PCRE tables


Use "postconf readme_directory" or "postconf
  html_directory" to locate this information.
DATABASE_README, Postfix lookup table overview


CIDR table support was introduced with Postfix version 2.1.

The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
Adopted and adapted by:
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA

Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.