+# ACCESS(5) ACCESS(5)
+#
+# NAME
+# access - format of Postfix access table
+#
+# SYNOPSIS
+# postmap /etc/postfix/access
+#
+# postmap -q "string" /etc/postfix/access
+#
+# postmap -q - /etc/postfix/access <inputfile
+#
+# DESCRIPTION
+# The optional access table directs the Postfix SMTP server
+# to selectively reject or accept mail. Access can be
+# allowed or denied for specific host names, domain names,
+# networks, host network addresses or mail addresses.
+#
+# Normally, the access table is specified as a text file
+# that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
+# postmap /etc/postfix/access in order to rebuild the
+# indexed file after changing the access table.
+#
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
+# indexed files.
+#
+# Alternatively, the table can be provided as a regular-
+# expression map where patterns are given as regular expres-
+# sions, or lookups can be directed to TCP-based server. In
+# that case, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
+# and "TCP-BASED TABLES".
+#
+# TABLE FORMAT
+# The format of the access table is as follows:
+#
+# pattern action
+# When pattern matches a mail address, domain or host
+# address, perform the corresponding action.
+#
+# blank lines and comments
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
+# is a `#'.
+#
+# multi-line text
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
+# cal line.
+#
+# EMAIL ADDRESS PATTERNS
+# With lookups from indexed files such as DB or DBM, or from
+# networked tables such as NIS, LDAP or SQL, the following
+# lookup patterns are examined in the order as listed:
+#
+# user@domain
+# Matches the specified mail address.
+#
+# domain.tld
+# Matches domain.tld as the domain part of an email
+# address.
+#
+# The pattern domain.tld also matches subdomains, but
+# only when the string smtpd_access_maps is listed in
+# the Postfix parent_domain_matches_subdomains con-
+# figuration setting. Otherwise, specify .domain.tld
+# (note the initial dot) in order to match subdo-
+# mains.
+#
+# user@ Matches all mail addresses with the specified user
+# part.
+#
+# Note: lookup of the null sender address is not possible
+# with some types of lookup table. By default, Postfix uses
+# <> as the lookup key for such addresses. The value is
+# specified with the smtpd_null_access_lookup_key parameter
+# in the Postfix main.cf file.
+#
+# EMAIL ADDRESS EXTENSION
+# When a mail address localpart contains the optional recip-
+# ient delimiter (e.g., user+foo@domain), the lookup order
+# becomes: user+foo@domain, user@domain, domain, user+foo@,
+# and user@.
+#
+# HOST NAME/ADDRESS PATTERNS
+# With lookups from indexed files such as DB or DBM, or from
+# networked tables such as NIS, LDAP or SQL, the following
+# lookup patterns are examined in the order as listed:
+#
+# domain.tld
+# Matches domain.tld.
+#
+# The pattern domain.tld also matches subdomains, but
+# only when the string smtpd_access_maps is listed in
+# the Postfix parent_domain_matches_subdomains con-
+# figuration setting. Otherwise, specify .domain.tld
+# (note the initial dot) in order to match subdo-
+# mains.
+#
+# net.work.addr.ess
+#
+# net.work.addr
+#
+# net.work
+#
+# net Matches any host address in the specified network.
+# A network address is a sequence of one or more
+# octets separated by ".".
+#
+# NOTE: use the cidr lookup table type to specify
+# network/netmask patterns. See cidr_table(5) for
+# details.
+#
+# ACTIONS
+# [45]NN text
+# Reject the address etc. that matches the pattern,
+# and respond with the numerical code and text.
+#
+# REJECT
+#
+# REJECT optional text...
+# Reject the address etc. that matches the pattern.
+# Reply with $reject_code optional text... when the
+# optional text is specified, otherwise reply with a
+# generic error response message.
+#
+# DEFER_IF_REJECT
+#
+# DEFER_IF_REJECT optional text...
+# Defer the request if some later restriction would
+# result in a REJECT action. Reply with "450 optional
+# text... when the optional text is specified, other-
+# wise reply with a generic error response message.
+#
+# DEFER_IF_PERMIT
+#
+# DEFER_IF_PERMIT optional text...
+# Defer the request if some later restriction would
+# result in a PERMIT action (there is an implied PER-
+# MIT at the end of each restriction list). Reply
+# with "450 optional text... when the optional text
+# is specified, otherwise reply with a generic error
+# response message.
+#
+# OK Accept the address etc. that matches the pattern.
+#
+# all-numerical
+# An all-numerical result is treated as OK. This for-
+# mat is generated by address-based relay authoriza-
+# tion schemes.
+#
+# DUNNO Pretend that the lookup key was not found in this
+# table. This prevents Postfix from trying substrings
+# of the lookup key (such as a subdomain name, or a
+# network address subnetwork).
+#
+# HOLD
+#
+# HOLD optional text...
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
+# otherwise log a generic message.
+#
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
+# released with the postsuper(1) command.
+#
+# Note: this action currently affects all recipients
+# of the message.
+#
+# DISCARD
+#
+# DISCARD optional text...
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
+# erwise log a generic message.
+#
+# Note: this action currently affects all recipients
+# of the message.
+#
+# FILTER transport:destination
+# After the message is queued, send the entire mes-
+# sage through a content filter. More information
+# about content filters is in the Postfix FIL-
+# TER_README file.
+#
+# Note: this action overrides the main.cf con-
+# tent_filter setting, and currently affects all
+# recipients of the message.
+#
+# REDIRECT user@domain
+# After the message is queued, send the message to
+# the specified address instead of the intended
+# recipient(s).
+#
+# Note: this action overrides the FILTER action, and
+# currently affects all recipients of the message.
+#
+# restriction...
+# Apply the named UCE restriction(s) (permit, reject,
+# reject_unauth_destination, and so on).
+#
+# REGULAR EXPRESSION TABLES
+# This section describes how the table lookups change when
+# the table is given in the form of regular expressions. For
+# a description of regular expression lookup table syntax,
+# see regexp_table(5) or pcre_table(5).
+#
+# Each pattern is a regular expression that is applied to
+# the entire string being looked up. Depending on the appli-
+# cation, that string is an entire client hostname, an
+# entire client IP address, or an entire mail address. Thus,
+# no parent domain or parent network search is done,
+# user@domain mail addresses are not broken up into their
+# user@ and domain constituent parts, nor is user+foo broken
+# up into user and foo.
+#
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
+# string.
+#
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
+# the pattern can be interpolated as $1, $2 and so on.
+#
+# TCP-BASED TABLES
+# This section describes how the table lookups change when
+# lookups are directed to a TCP-based server. For a descrip-
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5).
+#
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
+# client hostname, an entire client IP address, or an entire
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
+# user+foo broken up into user and foo.
+#
+# Actions are the same as with indexed file lookups.
+#
+# BUGS
+# The table format does not understand quoting conventions.
+#
+# SEE ALSO
+# postmap(1) create lookup table
+# smtpd(8) smtp server
+# cidr_table(5) format of CIDR tables
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
+# tcp_table(5) TCP client/server table lookup protocol
+#
+# LICENSE
+# The Secure Mailer license must be distributed with this
+# software.
+#
+# AUTHOR(S)
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#
+# ACCESS(5)
projects / thirdparty / postfix.git / commitdiff
