unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Page:
Section:
Apropos / Subsearch:
optional field

ACCESS(5)                     File Formats Manual                    ACCESS(5)



NAME
       access - format of Postfix access table

SYNOPSIS
       postmap /etc/postfix/access

       postmap -q "string" /etc/postfix/access

       postmap -q - /etc/postfix/access <&lt;inputfile

DESCRIPTION
       The  optional  access  table  directs the Postfix SMTP server to selec-
       tively reject or accept mail. Access can be allowed or denied for  spe-
       cific  host  names,  domain  names, networks, host network addresses or
       mail addresses.

       Normally, the access table is specified as a text file that  serves  as
       input to the postmap(1) command.  The result, an indexed file in dbm or
       db format, is used for fast searching by the mail system.  Execute  the
       command  postmap  /etc/postfix/access  in  order to rebuild the indexed
       file after changing the access table.

       When the table is provided via other means such as NIS,  LDAP  or  SQL,
       the same lookups are done as for ordinary indexed files.

       Alternatively,  the  table  can be provided as a regular-expression map
       where patterns are given as regular  expressions.  In  that  case,  the
       lookups are done in a slightly different way as described below.

TABLE FORMAT
       The input format for the postmap(1) command is as follows:

       pattern action
              When  pattern  matches  a  mail address, domain or host address,
              perform the corresponding action.

       blank lines and comments
              Empty lines and whitespace-only lines are ignored, as are  lines
              whose first non-whitespace character is a `#'.

       multi-line text
              A  logical  line  starts  with  non-whitespace text. A line that
              starts with whitespace continues a logical line.

EMAIL ADDRESS PATTERNS
       With lookups from indexed files such as DB or DBM,  or  from  networked
       tables  such  as  NIS,  LDAP or SQL, patterns are tried in the order as
       listed below:

       user@domain
              Matches the specified mail address.

       domain.tld
              Matches domain.tld as the domain part of an email address.

              The pattern domain.tld also matches subdomains,  but  only  when
              the  string  smtpd_access_maps  is  listed  in  the Postfix par-
              ent_domain_matches_subdomains configuration setting.  Otherwise,
              specify  .domain.tld  (note  the  initial dot) in order to match
              subdomains.

       user@  Matches all mail addresses with the specified user part.

       Note: lookup of the null sender address is not possible with some types
       of lookup table. By default, Postfix uses <&lt;>&gt; as the lookup key for such
       addresses. The value is specified with the smtpd_null_access_lookup_key
       parameter in the Postfix main.cf file.

ADDRESS EXTENSION
       When a mail address localpart contains the optional recipient delimiter
       (e.g., user+foo@domain), the  lookup  order  becomes:  user+foo@domain,
       user@domain, domain, user+foo@, and user@.

HOST NAME/ADDRESS PATTERNS
       With  lookups  from  indexed files such as DB or DBM, or from networked
       tables such as NIS, LDAP or SQL,  the  following  lookup  patterns  are
       examined in the order as listed:

       domain.tld
              Matches domain.tld.

              The  pattern  domain.tld  also matches subdomains, but only when
              the string smtpd_access_maps  is  listed  in  the  Postfix  par-
              ent_domain_matches_subdomains configuration setting.  Otherwise,
              specify .domain.tld (note the initial dot)  in  order  to  match
              subdomains.

       net.work.addr.ess

       net.work.addr

       net.work

       net    Matches  any  host  address  in the specified network. A network
              address is a sequence of one or more octets separated by ".".

              Note: CIDR notation  (network/netmask)  is  not  supported  with
              lookups  from indexed files such as DB or DBM, or from networked
              tables such as NIS, LDAP or SQL.

ACTIONS
       [45]NN text
              Reject the address etc. that matches the  pattern,  and  respond
              with the numerical code and text.

       REJECT

       REJECT optional text...
              Reject  the  address  etc.  that matches the pattern. Reply with
              $reject_code optional text... when the optional text  is  speci-
              fied, otherwise reply with a generic error response message.

       OK     Accept the address etc. that matches the pattern.

       all-numerical
              An  all-numerical result is treated as OK. This format is gener-
              ated by address-based relay authorization schemes.

       DUNNO  Pretend that the lookup key was not found in  this  table.  This
              prevents  Postfix from trying substrings of the lookup key (such
              as a subdomain name, or a network address subnetwork).

       HOLD

       HOLD optional text...
              Place the message on the hold queue, where  it  will  sit  until
              someone  either deletes it or releases it for delivery.  Log the
              optional text if specified, otherwise log a generic message.

              Mail that is placed on hold can be examined with the  postcat(1)
              command,  and can be destroyed or released with the postsuper(1)
              command.

              Note: this action currently affects all recipients of  the  mes-
              sage.

       DISCARD

       DISCARD optional text...
              Claim successful delivery and silently discard the message.  Log
              the optional text if specified, otherwise log a generic message.

              Note: this action currently affects all recipients of  the  mes-
              sage.

       FILTER transport:destination
              After  the  message is queued, send the entire message through a
              content filter.  More information about content  filters  is  in
              the Postfix FILTER_README file.

              Note:  this action overrides the main.cf content_filter setting,
              and currently affects all recipients of the message.

       restriction...
              Apply   the   named   UCE   restriction(s)   (permit,    reject,
              reject_unauth_destination, and so on).

REGULAR EXPRESSION TABLES
       This  section  describes how the table lookups change when the table is
       given in the form of regular expressions. For a description of  regular
       expression lookup table syntax, see regexp_table(5) or pcre_table(5).

       Each  pattern  is  a  regular  expression that is applied to the entire
       string being looked up. Depending on the application, that string is an
       entire  client hostname, an entire client IP address, or an entire mail
       address. Thus, no parent domain  or  parent  network  search  is  done,
       user@domain  mail  addresses  are  not  broken  up into their user@ and
       domain constituent parts, nor is user+foo broken up into user and foo.

       Patterns are applied in the order as specified in the  table,  until  a
       pattern is found that matches the search string.

       Actions  are the same as with indexed file lookups, with the additional
       feature that parenthesized substrings from the pattern can be  interpo-
       lated as $1, $2 and so on.

BUGS
       The table format does not understand quoting conventions.

SEE ALSO
       postmap(1) create mapping table
       smtpd(8) smtp server
       pcre_table(5) format of PCRE tables
       regexp_table(5) format of POSIX regular expression tables

LICENSE
       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA



                                                                     ACCESS(5)