]>
Commit | Line | Data |
---|---|---|
3796e3d5 MT |
1 | # ACCESS(5) ACCESS(5) |
2 | # | |
3 | # NAME | |
4 | # access - Postfix access table format | |
5 | # | |
6 | # SYNOPSIS | |
7 | # postmap /etc/postfix/access | |
8 | # | |
9 | # postmap -q "string" /etc/postfix/access | |
10 | # | |
11 | # postmap -q - /etc/postfix/access <inputfile | |
12 | # | |
13 | # DESCRIPTION | |
14 | # The optional access(5) table directs the Postfix SMTP | |
15 | # server to selectively reject or accept mail. Access can be | |
16 | # allowed or denied for specific host names, domain names, | |
17 | # networks, host addresses or mail addresses. | |
18 | # | |
19 | # For an example, see the EXAMPLE section at the end of this | |
20 | # manual page. | |
21 | # | |
22 | # Normally, the access(5) table is specified as a text file | |
23 | # that serves as input to the postmap(1) command. The | |
24 | # result, an indexed file in dbm or db format, is used for | |
25 | # fast searching by the mail system. Execute the command | |
26 | # "postmap /etc/postfix/access" in order to rebuild the | |
27 | # indexed file after changing the access table. | |
28 | # | |
29 | # When the table is provided via other means such as NIS, | |
30 | # LDAP or SQL, the same lookups are done as for ordinary | |
31 | # indexed files. | |
32 | # | |
33 | # Alternatively, the table can be provided as a regular- | |
34 | # expression map where patterns are given as regular expres- | |
35 | # sions, or lookups can be directed to TCP-based server. In | |
36 | # that case, the lookups are done in a slightly different | |
37 | # way as described below under "REGULAR EXPRESSION TABLES" | |
38 | # and "TCP-BASED TABLES". | |
39 | # | |
40 | # TABLE FORMAT | |
41 | # The input format for the postmap(1) command is as follows: | |
42 | # | |
43 | # pattern action | |
44 | # When pattern matches a mail address, domain or host | |
45 | # address, perform the corresponding action. | |
46 | # | |
47 | # blank lines and comments | |
48 | # Empty lines and whitespace-only lines are ignored, | |
49 | # as are lines whose first non-whitespace character | |
50 | # is a `#'. | |
51 | # | |
52 | # multi-line text | |
53 | # A logical line starts with non-whitespace text. A | |
54 | # line that starts with whitespace continues a logi- | |
55 | # cal line. | |
56 | # | |
57 | # EMAIL ADDRESS PATTERNS | |
58 | # With lookups from indexed files such as DB or DBM, or from | |
59 | # networked tables such as NIS, LDAP or SQL, patterns are | |
60 | # tried in the order as listed below: | |
61 | # | |
62 | # user@domain | |
63 | # Matches the specified mail address. | |
64 | # | |
65 | # domain.tld | |
66 | # Matches domain.tld as the domain part of an email | |
67 | # address. | |
68 | # | |
69 | # The pattern domain.tld also matches subdomains, but | |
70 | # only when the string smtpd_access_maps is listed in | |
71 | # the Postfix parent_domain_matches_subdomains con- | |
72 | # figuration setting (note that this is the default | |
73 | # for some versions of Postfix). Otherwise, specify | |
74 | # .domain.tld (note the initial dot) in order to | |
75 | # match subdomains. | |
76 | # | |
77 | # user@ Matches all mail addresses with the specified user | |
78 | # part. | |
79 | # | |
80 | # Note: lookup of the null sender address is not possible | |
81 | # with some types of lookup table. By default, Postfix uses | |
82 | # <> as the lookup key for such addresses. The value is | |
83 | # specified with the smtpd_null_access_lookup_key parameter | |
84 | # in the Postfix main.cf file. | |
85 | # | |
86 | # EMAIL ADDRESS EXTENSION | |
87 | # When a mail address localpart contains the optional recip- | |
88 | # ient delimiter (e.g., user+foo@domain), the lookup order | |
89 | # becomes: user+foo@domain, user@domain, domain, user+foo@, | |
90 | # and user@. | |
91 | # | |
92 | # HOST NAME/ADDRESS PATTERNS | |
93 | # With lookups from indexed files such as DB or DBM, or from | |
94 | # networked tables such as NIS, LDAP or SQL, the following | |
95 | # lookup patterns are examined in the order as listed: | |
96 | # | |
97 | # domain.tld | |
98 | # Matches domain.tld. | |
99 | # | |
100 | # The pattern domain.tld also matches subdomains, but | |
101 | # only when the string smtpd_access_maps is listed in | |
102 | # the Postfix parent_domain_matches_subdomains con- | |
103 | # figuration setting. Otherwise, specify .domain.tld | |
104 | # (note the initial dot) in order to match subdo- | |
105 | # mains. | |
106 | # | |
107 | # net.work.addr.ess | |
108 | # | |
109 | # net.work.addr | |
110 | # | |
111 | # net.work | |
112 | # | |
113 | # net Matches the specified IPv4 host address or subnet- | |
114 | # work. An IPv4 host address is a sequence of four | |
115 | # decimal octets separated by ".". | |
116 | # | |
117 | # Subnetworks are matched by repeatedly truncating | |
118 | # the last ".octet" from the remote IPv4 host address | |
119 | # string until a match is found in the access table, | |
120 | # or until further truncation is not possible. | |
121 | # | |
122 | # NOTE 1: The information in the access map should be | |
123 | # in canonical form, with unnecessary null characters | |
124 | # eliminated. Address information must not be | |
125 | # enclosed with "[]" characters. | |
126 | # | |
127 | # NOTE 2: use the cidr lookup table type to specify | |
128 | # network/netmask patterns. See cidr_table(5) for | |
129 | # details. | |
130 | # | |
131 | # net:work:addr:ess | |
132 | # | |
133 | # net:work:addr | |
134 | # | |
135 | # net:work | |
136 | # | |
137 | # net Matches the specified IPv6 host address or subnet- | |
138 | # work. An IPv6 host address is a sequence of three | |
139 | # to eight hexadecimal octet pairs separated by ":". | |
140 | # | |
141 | # Subnetworks are matched by repeatedly truncating | |
142 | # the last ":octetpair" from the remote IPv6 host | |
143 | # address string until a match is found in the access | |
144 | # table, or until further truncation is not possible. | |
145 | # | |
146 | # NOTE 1: the truncation and comparison are done with | |
147 | # the string representation of the IPv6 host address. | |
148 | # Thus, not all the ":" subnetworks will be tried. | |
149 | # | |
150 | # NOTE 2: The information in the access map should be | |
151 | # in canonical form, with unnecessary null characters | |
152 | # eliminated. Address information must not be | |
153 | # enclosed with "[]" characters. | |
154 | # | |
155 | # NOTE 3: use the cidr lookup table type to specify | |
156 | # network/netmask patterns. See cidr_table(5) for | |
157 | # details. | |
158 | # | |
159 | # IPv6 support is available in Postfix 2.2 and later. | |
160 | # | |
161 | # ACCEPT ACTIONS | |
162 | # OK Accept the address etc. that matches the pattern. | |
163 | # | |
164 | # all-numerical | |
165 | # An all-numerical result is treated as OK. This for- | |
166 | # mat is generated by address-based relay authoriza- | |
167 | # tion schemes. | |
168 | # | |
169 | # REJECT ACTIONS | |
170 | # 4NN text | |
171 | # | |
172 | # 5NN text | |
173 | # Reject the address etc. that matches the pattern, | |
174 | # and respond with the numerical three-digit code and | |
175 | # text. 4NN means "try again later", while 5NN means | |
176 | # "do not try again". | |
177 | # | |
178 | # REJECT optional text... | |
179 | # Reject the address etc. that matches the pattern. | |
180 | # Reply with $reject_code optional text... when the | |
181 | # optional text is specified, otherwise reply with a | |
182 | # generic error response message. | |
183 | # | |
184 | # DEFER_IF_REJECT optional text... | |
185 | # Defer the request if some later restriction would | |
186 | # result in a REJECT action. Reply with "450 optional | |
187 | # text... when the optional text is specified, other- | |
188 | # wise reply with a generic error response message. | |
189 | # | |
190 | # This feature is available in Postfix 2.1 and later. | |
191 | # | |
192 | # DEFER_IF_PERMIT optional text... | |
193 | # Defer the request if some later restriction would | |
194 | # result in a an explicit or implicit PERMIT action. | |
195 | # Reply with "450 optional text... when the optional | |
196 | # text is specified, otherwise reply with a generic | |
197 | # error response message. | |
198 | # | |
199 | # This feature is available in Postfix 2.1 and later. | |
200 | # | |
201 | # OTHER ACTIONS | |
202 | # restriction... | |
203 | # Apply the named UCE restriction(s) (permit, reject, | |
204 | # reject_unauth_destination, and so on). | |
205 | # | |
206 | # DISCARD optional text... | |
207 | # Claim successful delivery and silently discard the | |
208 | # message. Log the optional text if specified, oth- | |
209 | # erwise log a generic message. | |
210 | # | |
211 | # Note: this action currently affects all recipients | |
212 | # of the message. | |
213 | # | |
214 | # This feature is available in Postfix 2.0 and later. | |
215 | # | |
216 | # DUNNO Pretend that the lookup key was not found. This | |
217 | # prevents Postfix from trying substrings of the | |
218 | # lookup key (such as a subdomain name, or a network | |
219 | # address subnetwork). | |
220 | # | |
221 | # This feature is available in Postfix 2.0 and later. | |
222 | # | |
223 | # FILTER transport:destination | |
224 | # After the message is queued, send the entire mes- | |
225 | # sage through the specified external content filter. | |
226 | # The transport:destination syntax is described in | |
227 | # the transport(5) manual page. More information | |
228 | # about external content filters is in the Postfix | |
229 | # FILTER_README file. | |
230 | # | |
231 | # Note: this action overrides the main.cf con- | |
232 | # tent_filter setting, and currently affects all | |
233 | # recipients of the message. | |
234 | # | |
235 | # This feature is available in Postfix 2.0 and later. | |
236 | # | |
237 | # HOLD optional text... | |
238 | # Place the message on the hold queue, where it will | |
239 | # sit until someone either deletes it or releases it | |
240 | # for delivery. Log the optional text if specified, | |
241 | # otherwise log a generic message. | |
242 | # | |
243 | # Mail that is placed on hold can be examined with | |
244 | # the postcat(1) command, and can be destroyed or | |
245 | # released with the postsuper(1) command. | |
246 | # | |
247 | # Note: use "postsuper -r" to release mail that was | |
248 | # kept on hold for a significant fraction of $maxi- | |
249 | # mal_queue_lifetime or $bounce_queue_lifetime, or | |
250 | # longer. | |
251 | # | |
252 | # Note: this action currently affects all recipients | |
253 | # of the message. | |
254 | # | |
255 | # This feature is available in Postfix 2.0 and later. | |
256 | # | |
257 | # PREPEND headername: headervalue | |
258 | # Prepend the specified message header to the mes- | |
259 | # sage. When this action is used multiple times, the | |
260 | # first prepended header appears before the second | |
261 | # etc. prepended header. | |
262 | # | |
263 | # Note: this action does not support multi-line mes- | |
264 | # sage headers. | |
265 | # | |
266 | # Note: this action must be used before the message | |
267 | # content is received; it cannot be used in | |
268 | # smtpd_end_of_data_restrictions. | |
269 | # | |
270 | # This feature is available in Postfix 2.1 and later. | |
271 | # | |
272 | # REDIRECT user@domain | |
273 | # After the message is queued, send the message to | |
274 | # the specified address instead of the intended | |
275 | # recipient(s). | |
276 | # | |
277 | # Note: this action overrides the FILTER action, and | |
278 | # currently affects all recipients of the message. | |
279 | # | |
280 | # This feature is available in Postfix 2.1 and later. | |
281 | # | |
282 | # WARN optional text... | |
283 | # Log a warning with the optional text, together with | |
284 | # client information and if available, with helo, | |
285 | # sender, recipient and protocol information. | |
286 | # | |
287 | # This feature is available in Postfix 2.1 and later. | |
288 | # | |
289 | # REGULAR EXPRESSION TABLES | |
290 | # This section describes how the table lookups change when | |
291 | # the table is given in the form of regular expressions. For | |
292 | # a description of regular expression lookup table syntax, | |
293 | # see regexp_table(5) or pcre_table(5). | |
294 | # | |
295 | # Each pattern is a regular expression that is applied to | |
296 | # the entire string being looked up. Depending on the appli- | |
297 | # cation, that string is an entire client hostname, an | |
298 | # entire client IP address, or an entire mail address. Thus, | |
299 | # no parent domain or parent network search is done, | |
300 | # user@domain mail addresses are not broken up into their | |
301 | # user@ and domain constituent parts, nor is user+foo broken | |
302 | # up into user and foo. | |
303 | # | |
304 | # Patterns are applied in the order as specified in the ta- | |
305 | # ble, until a pattern is found that matches the search | |
306 | # string. | |
307 | # | |
308 | # Actions are the same as with indexed file lookups, with | |
309 | # the additional feature that parenthesized substrings from | |
310 | # the pattern can be interpolated as $1, $2 and so on. | |
311 | # | |
312 | # TCP-BASED TABLES | |
313 | # This section describes how the table lookups change when | |
314 | # lookups are directed to a TCP-based server. For a descrip- | |
315 | # tion of the TCP client/server lookup protocol, see tcp_ta- | |
316 | # ble(5). This feature is not available up to and including | |
317 | # Postfix version 2.2. | |
318 | # | |
319 | # Each lookup operation uses the entire query string once. | |
320 | # Depending on the application, that string is an entire | |
321 | # client hostname, an entire client IP address, or an entire | |
322 | # mail address. Thus, no parent domain or parent network | |
323 | # search is done, user@domain mail addresses are not broken | |
324 | # up into their user@ and domain constituent parts, nor is | |
325 | # user+foo broken up into user and foo. | |
326 | # | |
327 | # Actions are the same as with indexed file lookups. | |
328 | # | |
329 | # EXAMPLE | |
330 | # The following example uses an indexed file, so that the | |
331 | # order of table entries does not matter. The example per- | |
332 | # mits access by the client at address 1.2.3.4 but rejects | |
333 | # all other clients in 1.2.3.0/24. Instead of hash lookup | |
334 | # tables, some systems use dbm. Use the command "postconf | |
335 | # -m" to find out what lookup tables Postfix supports on | |
336 | # your system. | |
337 | # | |
338 | # /etc/postfix/main.cf: | |
339 | # smtpd_client_restrictions = | |
340 | # check_client_access hash:/etc/postfix/access | |
341 | # | |
342 | # /etc/postfix/access: | |
343 | # 1.2.3 REJECT | |
344 | # 1.2.3.4 OK | |
345 | # | |
346 | # Execute the command "postmap /etc/postfix/access" after | |
347 | # editing the file. | |
348 | # | |
349 | # BUGS | |
350 | # The table format does not understand quoting conventions. | |
351 | # | |
352 | # SEE ALSO | |
353 | # postmap(1), Postfix lookup table manager | |
354 | # smtpd(8), SMTP server | |
355 | # postconf(5), configuration parameters | |
356 | # transport(5), transport:nexthop syntax | |
357 | # | |
358 | # README FILES | |
359 | # Use "postconf readme_directory" or "postconf html_direc- | |
360 | # tory" to locate this information. | |
361 | # SMTPD_ACCESS_README, built-in SMTP server access control | |
362 | # DATABASE_README, Postfix lookup table overview | |
363 | # | |
364 | # LICENSE | |
365 | # The Secure Mailer license must be distributed with this | |
366 | # software. | |
367 | # | |
368 | # AUTHOR(S) | |
369 | # Wietse Venema | |
370 | # IBM T.J. Watson Research | |
371 | # P.O. Box 704 | |
372 | # Yorktown Heights, NY 10598, USA | |
373 | # | |
374 | # ACCESS(5) |