Provided by: postfix_3.9.0-3_amd64 bug

NAME

       cidr_table - format of Postfix CIDR tables

SYNOPSIS

       postmap -q "string" cidr:/etc/postfix/filename

       postmap -q - cidr:/etc/postfix/filename <inputfile

DESCRIPTION

       The  Postfix  mail system uses optional lookup tables.  These tables are usually in dbm or
       db format.  Alternatively, lookup tables can be specified in CIDR (Classless  Inter-Domain
       Routing)  form.  In  this  case, each input is compared against a list of patterns. When a
       match is found, the corresponding result is returned and the search is terminated.

       To find out what types of lookup tables your Postfix system supports use the "postconf -m"
       command.

       To test lookup tables, use the "postmap -q" command as described in the SYNOPSIS above.

TABLE FORMAT

       The general form of a Postfix CIDR table is:

       pattern     result
              When  a  search  string matches the specified pattern, use the corresponding result
              value. The pattern must be in network/prefix or network_address form  (see  ADDRESS
              PATTERN SYNTAX below).

       !pattern     result
              When a search string does not match the specified pattern, use the specified result
              value. The pattern must be in network/prefix or network_address form  (see  ADDRESS
              PATTERN SYNTAX below).

              This feature is available in Postfix 3.2 and later.

       if pattern

       endif  When  a  search  string  matches  the  specified  pattern, match that search string
              against the patterns between if and endif.  The pattern must be  in  network/prefix
              or network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

              Note: do not prepend whitespace to text between if..endif.

              This feature is available in Postfix 3.2 and later.

       if !pattern

       endif  When a search string does not match the specified pattern, match that search string
              against the patterns between if and endif. The pattern must be in network/prefix or
              network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

              Note: do not prepend whitespace to text between if..endif.

              This feature is available in Postfix 3.2 and later.

       blank lines and comments
              Empty  lines  and  whitespace-only  lines  are  ignored,  as  are lines whose first
              non-whitespace character is a `#'.

       multi-line text
              A logical line starts with non-whitespace text. A line that starts with  whitespace
              continues a logical line.

TABLE SEARCH ORDER

       Patterns are applied in the order as specified in the table, until a pattern is found that
       matches the search string.

ADDRESS PATTERN SYNTAX

       Postfix CIDR tables are  pattern-based.  A  pattern  is  either  a  network_address  which
       requires  an  exact match, or a network_address/prefix_length where the prefix_length part
       specifies the length of the network_address prefix that must be matched (the other bits in
       the network_address part must be zero).

       An IPv4 network address is a sequence of four decimal octets separated by ".", and an IPv6
       network address is a sequence of three to eight hexadecimal octet pairs separated  by  ":"
       or  "::",  where  the  latter  is  short-hand for a sequence of one or more all-zero octet
       pairs. The pattern 0.0.0.0/0 matches every IPv4  address,  and  ::/0  matches  every  IPv6
       address.  IPv6 support is available in Postfix 2.2 and later.

       Before  comparisons  are  made, lookup keys and table entries are converted from string to
       binary. Therefore, IPv6 patterns will be matched regardless of leading  zeros  (a  leading
       zero in an IPv4 address octet indicates octal notation).

       Note: address information may be enclosed inside "[]" but this form is not required.

INLINE SPECIFICATION

       The  contents  of a table may be specified in the table name (Postfix 3.7 and later).  The
       basic syntax is:

       main.cf:
           parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } ..

       master.cf:
           .. -o { parameter = .. cidr:{ { rule-1 }, { rule-2 } .. } .. } ..

       Postfix ignores whitespace after '{' and before '}', and writes each rule as one text line
       to an in-memory file:

       in-memory file:
           rule-1
           rule-2
           ..

       Postfix parses the result as if it is a file in /etc/postfix.

       Note:  if  a rule contains $, specify $$ to keep Postfix from trying to do $name expansion
       as it evaluates a parameter value.

EXAMPLE SMTPD ACCESS MAP

       /etc/postfix/main.cf:
           smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...

       /etc/postfix/client.cidr:
           # Rule order matters. Put more specific allowlist entries
           # before more general denylist entries.
           192.168.1.1             OK
           192.168.0.0/16          REJECT
           2001:db8::1             OK
           2001:db8::/32           REJECT

SEE ALSO

       postmap(1), Postfix lookup table manager
       regexp_table(5), format of regular expression tables
       pcre_table(5), format of PCRE tables

README FILES

       Use "postconf readme_directory" or "postconf html_directory" to locate this information.
       DATABASE_README, Postfix lookup table overview

HISTORY

       CIDR table support was introduced with Postfix version 2.1.

AUTHOR(S)

       The CIDR table lookup code was originally written by:
       Jozsef Kadlecsik
       KFKI Research Institute for Particle and Nuclear Physics
       POB. 49
       1525 Budapest, Hungary

       Adopted and adapted by:
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

                                                                                    CIDR_TABLE(5)