| 192 |
- |
1 |
# ACCESS(5) ACCESS(5)
|
|
|
2 |
#
|
|
|
3 |
# NAME
|
|
|
4 |
# access - Postfix SMTP server access table
|
|
|
5 |
#
|
|
|
6 |
# SYNOPSIS
|
|
|
7 |
# postmap /etc/postfix/access
|
|
|
8 |
#
|
|
|
9 |
# postmap -q "string" /etc/postfix/access
|
|
|
10 |
#
|
|
|
11 |
# postmap -q - /etc/postfix/access <inputfile
|
|
|
12 |
#
|
|
|
13 |
# DESCRIPTION
|
|
|
14 |
# This document describes access control on remote SMTP
|
|
|
15 |
# client information: host names, network addresses, and
|
|
|
16 |
# envelope sender or recipient addresses; it is implemented
|
|
|
17 |
# by the Postfix SMTP server. See header_checks(5) or
|
|
|
18 |
# body_checks(5) for access control on the content of email
|
|
|
19 |
# messages.
|
|
|
20 |
#
|
|
|
21 |
# Normally, the access(5) table is specified as a text file
|
|
|
22 |
# that serves as input to the postmap(1) command. The
|
|
|
23 |
# result, an indexed file in dbm or db format, is used for
|
|
|
24 |
# fast searching by the mail system. Execute the command
|
|
|
25 |
# "postmap /etc/postfix/access" to rebuild an indexed file
|
|
|
26 |
# after changing the corresponding text file.
|
|
|
27 |
#
|
|
|
28 |
# When the table is provided via other means such as NIS,
|
|
|
29 |
# LDAP or SQL, the same lookups are done as for ordinary
|
|
|
30 |
# indexed files.
|
|
|
31 |
#
|
|
|
32 |
# Alternatively, the table can be provided as a regu-
|
|
|
33 |
# lar-expression map where patterns are given as regular
|
|
|
34 |
# expressions, or lookups can be directed to TCP-based
|
|
|
35 |
# server. In those cases, the lookups are done in a slightly
|
|
|
36 |
# different way as described below under "REGULAR EXPRESSION
|
|
|
37 |
# TABLES" or "TCP-BASED TABLES".
|
|
|
38 |
#
|
|
|
39 |
# CASE FOLDING
|
|
|
40 |
# The search string is folded to lowercase before database
|
|
|
41 |
# lookup. As of Postfix 2.3, the search string is not case
|
|
|
42 |
# folded with database types such as regexp: or pcre: whose
|
|
|
43 |
# lookup fields can match both upper and lower case.
|
|
|
44 |
#
|
|
|
45 |
# TABLE FORMAT
|
|
|
46 |
# The input format for the postmap(1) command is as follows:
|
|
|
47 |
#
|
|
|
48 |
# pattern action
|
|
|
49 |
# When pattern matches a mail address, domain or host
|
|
|
50 |
# address, perform the corresponding action.
|
|
|
51 |
#
|
|
|
52 |
# blank lines and comments
|
|
|
53 |
# Empty lines and whitespace-only lines are ignored,
|
|
|
54 |
# as are lines whose first non-whitespace character
|
|
|
55 |
# is a `#'.
|
|
|
56 |
#
|
|
|
57 |
# multi-line text
|
|
|
58 |
# A logical line starts with non-whitespace text. A
|
|
|
59 |
# line that starts with whitespace continues a logi-
|
|
|
60 |
# cal line.
|
|
|
61 |
#
|
|
|
62 |
# EMAIL ADDRESS PATTERNS
|
|
|
63 |
# With lookups from indexed files such as DB or DBM, or from
|
|
|
64 |
# networked tables such as NIS, LDAP or SQL, patterns are
|
|
|
65 |
# tried in the order as listed below:
|
|
|
66 |
#
|
|
|
67 |
# user@domain
|
|
|
68 |
# Matches the specified mail address.
|
|
|
69 |
#
|
|
|
70 |
# domain.tld
|
|
|
71 |
# Matches domain.tld as the domain part of an email
|
|
|
72 |
# address.
|
|
|
73 |
#
|
|
|
74 |
# The pattern domain.tld also matches subdomains, but
|
|
|
75 |
# only when the string smtpd_access_maps is listed in
|
|
|
76 |
# the Postfix parent_domain_matches_subdomains con-
|
|
|
77 |
# figuration setting.
|
|
|
78 |
#
|
|
|
79 |
# .domain.tld
|
|
|
80 |
# Matches subdomains of domain.tld, but only when the
|
|
|
81 |
# string smtpd_access_maps is not listed in the Post-
|
|
|
82 |
# fix parent_domain_matches_subdomains configuration
|
|
|
83 |
# setting.
|
|
|
84 |
#
|
|
|
85 |
# user@ Matches all mail addresses with the specified user
|
|
|
86 |
# part.
|
|
|
87 |
#
|
|
|
88 |
# Note: lookup of the null sender address is not possible
|
|
|
89 |
# with some types of lookup table. By default, Postfix uses
|
|
|
90 |
# <> as the lookup key for such addresses. The value is
|
|
|
91 |
# specified with the smtpd_null_access_lookup_key parameter
|
|
|
92 |
# in the Postfix main.cf file.
|
|
|
93 |
#
|
|
|
94 |
# EMAIL ADDRESS EXTENSION
|
|
|
95 |
# When a mail address localpart contains the optional recip-
|
|
|
96 |
# ient delimiter (e.g., user+foo@domain), the lookup order
|
|
|
97 |
# becomes: user+foo@domain, user@domain, domain, user+foo@,
|
|
|
98 |
# and user@.
|
|
|
99 |
#
|
|
|
100 |
# HOST NAME/ADDRESS PATTERNS
|
|
|
101 |
# With lookups from indexed files such as DB or DBM, or from
|
|
|
102 |
# networked tables such as NIS, LDAP or SQL, the following
|
|
|
103 |
# lookup patterns are examined in the order as listed:
|
|
|
104 |
#
|
|
|
105 |
# domain.tld
|
|
|
106 |
# Matches domain.tld.
|
|
|
107 |
#
|
|
|
108 |
# The pattern domain.tld also matches subdomains, but
|
|
|
109 |
# only when the string smtpd_access_maps is listed in
|
|
|
110 |
# the Postfix parent_domain_matches_subdomains con-
|
|
|
111 |
# figuration setting.
|
|
|
112 |
#
|
|
|
113 |
# .domain.tld
|
|
|
114 |
# Matches subdomains of domain.tld, but only when the
|
|
|
115 |
# string smtpd_access_maps is not listed in the Post-
|
|
|
116 |
# fix parent_domain_matches_subdomains configuration
|
|
|
117 |
# setting.
|
|
|
118 |
#
|
|
|
119 |
# net.work.addr.ess
|
|
|
120 |
#
|
|
|
121 |
# net.work.addr
|
|
|
122 |
#
|
|
|
123 |
# net.work
|
|
|
124 |
#
|
| 197 |
- |
125 |
# net Matches a remote IPv4 host address or network
|
|
|
126 |
# address range. Specify one to four decimal octets
|
|
|
127 |
# separated by ".". Do not specify "[]" , "/", lead-
|
|
|
128 |
# ing zeros, or hexadecimal forms.
|
| 192 |
- |
129 |
#
|
| 197 |
- |
130 |
# Network ranges are matched by repeatedly truncating
|
|
|
131 |
# the last ".octet" from a remote IPv4 host address
|
|
|
132 |
# string, until a match is found in the access table,
|
| 192 |
- |
133 |
# or until further truncation is not possible.
|
|
|
134 |
#
|
| 197 |
- |
135 |
# NOTE: use the cidr lookup table type to specify
|
| 192 |
- |
136 |
# network/netmask patterns. See cidr_table(5) for
|
|
|
137 |
# details.
|
|
|
138 |
#
|
|
|
139 |
# net:work:addr:ess
|
|
|
140 |
#
|
|
|
141 |
# net:work:addr
|
|
|
142 |
#
|
|
|
143 |
# net:work
|
|
|
144 |
#
|
| 197 |
- |
145 |
# net Matches a remote IPv6 host address or network
|
|
|
146 |
# address range. Specify three to eight hexadecimal
|
|
|
147 |
# octet pairs separated by ":", using the compressed
|
|
|
148 |
# form "::" for a sequence of zero-valued octet
|
|
|
149 |
# pairs. Do not specify "[]", "/", leading zeros, or
|
|
|
150 |
# non-compressed forms.
|
| 192 |
- |
151 |
#
|
| 197 |
- |
152 |
# A network range is matched by repeatedly truncating
|
|
|
153 |
# the last ":octetpair" from the compressed-form
|
|
|
154 |
# remote IPv6 host address string, until a match is
|
|
|
155 |
# found in the access table, or until further trunca-
|
|
|
156 |
# tion is not possible.
|
| 192 |
- |
157 |
#
|
| 197 |
- |
158 |
# NOTE: use the cidr lookup table type to specify
|
| 192 |
- |
159 |
# network/netmask patterns. See cidr_table(5) for
|
|
|
160 |
# details.
|
|
|
161 |
#
|
|
|
162 |
# IPv6 support is available in Postfix 2.2 and later.
|
|
|
163 |
#
|
|
|
164 |
# ACCEPT ACTIONS
|
|
|
165 |
# OK Accept the address etc. that matches the pattern.
|
|
|
166 |
#
|
|
|
167 |
# all-numerical
|
|
|
168 |
# An all-numerical result is treated as OK. This for-
|
| 197 |
- |
169 |
# mat is generated by address-based relay authoriza-
|
| 192 |
- |
170 |
# tion schemes such as pop-before-smtp.
|
|
|
171 |
#
|
|
|
172 |
# For other accept actions, see "OTHER ACTIONS" below.
|
|
|
173 |
#
|
|
|
174 |
# REJECT ACTIONS
|
| 197 |
- |
175 |
# Postfix version 2.3 and later support enhanced status
|
|
|
176 |
# codes as defined in RFC 3463. When no code is specified
|
|
|
177 |
# at the beginning of the text below, Postfix inserts a
|
|
|
178 |
# default enhanced status code of "5.7.1" in the case of
|
|
|
179 |
# reject actions, and "4.7.1" in the case of defer actions.
|
| 192 |
- |
180 |
# See "ENHANCED STATUS CODES" below.
|
|
|
181 |
#
|
|
|
182 |
# 4NN text
|
|
|
183 |
#
|
|
|
184 |
# 5NN text
|
| 197 |
- |
185 |
# Reject the address etc. that matches the pattern,
|
| 192 |
- |
186 |
# and respond with the numerical three-digit code and
|
| 197 |
- |
187 |
# text. 4NN means "try again later", while 5NN means
|
| 192 |
- |
188 |
# "do not try again".
|
|
|
189 |
#
|
| 197 |
- |
190 |
# The following responses have special meaning for
|
| 192 |
- |
191 |
# the Postfix SMTP server:
|
|
|
192 |
#
|
|
|
193 |
# 421 text (Postfix 2.3 and later)
|
|
|
194 |
#
|
|
|
195 |
# 521 text (Postfix 2.6 and later)
|
| 197 |
- |
196 |
# After responding with the numerical
|
|
|
197 |
# three-digit code and text, disconnect imme-
|
| 192 |
- |
198 |
# diately from the SMTP client. This frees up
|
| 197 |
- |
199 |
# SMTP server resources so that they can be
|
| 192 |
- |
200 |
# made available to another SMTP client.
|
|
|
201 |
#
|
|
|
202 |
# Note: The "521" response should be used only
|
| 197 |
- |
203 |
# with botnets and other malware where inter-
|
| 192 |
- |
204 |
# operability is of no concern. The "send 521
|
| 197 |
- |
205 |
# and disconnect" behavior is NOT defined in
|
| 192 |
- |
206 |
# the SMTP standard.
|
|
|
207 |
#
|
|
|
208 |
# REJECT optional text...
|
| 197 |
- |
209 |
# Reject the address etc. that matches the pattern.
|
|
|
210 |
# Reply with "$access_map_reject_code optional
|
|
|
211 |
# text..." when the optional text is specified, oth-
|
| 192 |
- |
212 |
# erwise reply with a generic error response message.
|
|
|
213 |
#
|
|
|
214 |
# DEFER optional text...
|
| 197 |
- |
215 |
# Reject the address etc. that matches the pattern.
|
|
|
216 |
# Reply with "$access_map_defer_code optional
|
|
|
217 |
# text..." when the optional text is specified, oth-
|
| 192 |
- |
218 |
# erwise reply with a generic error response message.
|
|
|
219 |
#
|
|
|
220 |
# This feature is available in Postfix 2.6 and later.
|
|
|
221 |
#
|
|
|
222 |
# DEFER_IF_REJECT optional text...
|
| 197 |
- |
223 |
# Defer the request if some later restriction would
|
|
|
224 |
# result in a REJECT action. Reply with
|
|
|
225 |
# "$access_map_defer_code 4.7.1 optional text..."
|
|
|
226 |
# when the optional text is specified, otherwise
|
| 192 |
- |
227 |
# reply with a generic error response message.
|
|
|
228 |
#
|
|
|
229 |
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
|
|
230 |
#
|
|
|
231 |
# This feature is available in Postfix 2.1 and later.
|
|
|
232 |
#
|
|
|
233 |
# DEFER_IF_PERMIT optional text...
|
| 197 |
- |
234 |
# Defer the request if some later restriction would
|
|
|
235 |
# result in a an explicit or implicit PERMIT action.
|
|
|
236 |
# Reply with "$access_map_defer_code 4.7.1 optional
|
|
|
237 |
# text..." when the optional text is specified, oth-
|
| 192 |
- |
238 |
# erwise reply with a generic error response message.
|
|
|
239 |
#
|
|
|
240 |
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
|
|
241 |
#
|
|
|
242 |
# This feature is available in Postfix 2.1 and later.
|
|
|
243 |
#
|
|
|
244 |
# For other reject actions, see "OTHER ACTIONS" below.
|
|
|
245 |
#
|
|
|
246 |
# OTHER ACTIONS
|
|
|
247 |
# restriction...
|
|
|
248 |
# Apply the named UCE restriction(s) (permit, reject,
|
|
|
249 |
# reject_unauth_destination, and so on).
|
|
|
250 |
#
|
|
|
251 |
# BCC user@domain
|
| 197 |
- |
252 |
# Send one copy of the message to the specified
|
| 192 |
- |
253 |
# recipient.
|
|
|
254 |
#
|
| 197 |
- |
255 |
# If multiple BCC actions are specified within the
|
|
|
256 |
# same SMTP MAIL transaction, with Postfix 3.0 only
|
| 192 |
- |
257 |
# the last action will be used.
|
|
|
258 |
#
|
|
|
259 |
# This feature is available in Postfix 3.0 and later.
|
|
|
260 |
#
|
|
|
261 |
# DISCARD optional text...
|
| 197 |
- |
262 |
# Claim successful delivery and silently discard the
|
|
|
263 |
# message. Log the optional text if specified, oth-
|
| 192 |
- |
264 |
# erwise log a generic message.
|
|
|
265 |
#
|
| 197 |
- |
266 |
# Note: this action currently affects all recipients
|
|
|
267 |
# of the message. To discard only one recipient
|
|
|
268 |
# without discarding the entire message, use the
|
| 192 |
- |
269 |
# transport(5) table to direct mail to the discard(8)
|
|
|
270 |
# service.
|
|
|
271 |
#
|
|
|
272 |
# This feature is available in Postfix 2.0 and later.
|
|
|
273 |
#
|
| 197 |
- |
274 |
# DUNNO Pretend that the lookup key was not found. This
|
|
|
275 |
# prevents Postfix from trying substrings of the
|
|
|
276 |
# lookup key (such as a subdomain name, or a network
|
| 192 |
- |
277 |
# address subnetwork).
|
|
|
278 |
#
|
|
|
279 |
# This feature is available in Postfix 2.0 and later.
|
|
|
280 |
#
|
|
|
281 |
# FILTER transport:destination
|
| 197 |
- |
282 |
# After the message is queued, send the entire mes-
|
| 192 |
- |
283 |
# sage through the specified external content filter.
|
| 197 |
- |
284 |
# The transport name specifies the first field of a
|
|
|
285 |
# mail delivery agent definition in master.cf; the
|
|
|
286 |
# syntax of the next-hop destination is described in
|
| 192 |
- |
287 |
# the manual page of the corresponding delivery
|
| 197 |
- |
288 |
# agent. More information about external content
|
| 192 |
- |
289 |
# filters is in the Postfix FILTER_README file.
|
|
|
290 |
#
|
| 197 |
- |
291 |
# Note 1: do not use $number regular expression sub-
|
|
|
292 |
# stitutions for transport or destination unless you
|
| 192 |
- |
293 |
# know that the information has a trusted origin.
|
|
|
294 |
#
|
| 197 |
- |
295 |
# Note 2: this action overrides the main.cf con-
|
|
|
296 |
# tent_filter setting, and affects all recipients of
|
|
|
297 |
# the message. In the case that multiple FILTER
|
| 192 |
- |
298 |
# actions fire, only the last one is executed.
|
|
|
299 |
#
|
| 197 |
- |
300 |
# Note 3: the purpose of the FILTER command is to
|
|
|
301 |
# override message routing. To override the recipi-
|
|
|
302 |
# ent's transport but not the next-hop destination,
|
|
|
303 |
# specify an empty filter destination (Postfix 2.7
|
| 192 |
- |
304 |
# and later), or specify a transport:destination that
|
| 197 |
- |
305 |
# delivers through a different Postfix instance
|
|
|
306 |
# (Postfix 2.6 and earlier). Other options are using
|
|
|
307 |
# the recipient-dependent transport_maps or the sen-
|
| 192 |
- |
308 |
# der-dependent sender_dependent_default_transport-
|
|
|
309 |
# _maps features.
|
|
|
310 |
#
|
|
|
311 |
# This feature is available in Postfix 2.0 and later.
|
|
|
312 |
#
|
|
|
313 |
# HOLD optional text...
|
| 197 |
- |
314 |
# Place the message on the hold queue, where it will
|
|
|
315 |
# sit until someone either deletes it or releases it
|
|
|
316 |
# for delivery. Log the optional text if specified,
|
| 192 |
- |
317 |
# otherwise log a generic message.
|
|
|
318 |
#
|
| 197 |
- |
319 |
# Mail that is placed on hold can be examined with
|
|
|
320 |
# the postcat(1) command, and can be destroyed or
|
| 192 |
- |
321 |
# released with the postsuper(1) command.
|
|
|
322 |
#
|
| 197 |
- |
323 |
# Note: use "postsuper -r" to release mail that was
|
|
|
324 |
# kept on hold for a significant fraction of $maxi-
|
| 192 |
- |
325 |
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
| 197 |
- |
326 |
# longer. Use "postsuper -H" only for mail that will
|
| 192 |
- |
327 |
# not expire within a few delivery attempts.
|
|
|
328 |
#
|
| 197 |
- |
329 |
# Note: this action currently affects all recipients
|
| 192 |
- |
330 |
# of the message.
|
|
|
331 |
#
|
|
|
332 |
# This feature is available in Postfix 2.0 and later.
|
|
|
333 |
#
|
|
|
334 |
# PREPEND headername: headervalue
|
| 197 |
- |
335 |
# Prepend the specified message header to the mes-
|
|
|
336 |
# sage. When more than one PREPEND action executes,
|
|
|
337 |
# the first prepended header appears before the sec-
|
| 192 |
- |
338 |
# ond etc. prepended header.
|
|
|
339 |
#
|
| 197 |
- |
340 |
# Note: this action must execute before the message
|
|
|
341 |
# content is received; it cannot execute in the con-
|
| 192 |
- |
342 |
# text of smtpd_end_of_data_restrictions.
|
|
|
343 |
#
|
|
|
344 |
# This feature is available in Postfix 2.1 and later.
|
|
|
345 |
#
|
|
|
346 |
# REDIRECT user@domain
|
| 197 |
- |
347 |
# After the message is queued, send the message to
|
| 192 |
- |
348 |
# the specified address instead of the intended
|
|
|
349 |
# recipient(s). When multiple REDIRECT actions fire,
|
|
|
350 |
# only the last one takes effect.
|
|
|
351 |
#
|
| 197 |
- |
352 |
# Note: this action overrides the FILTER action, and
|
|
|
353 |
# currently overrides all recipients of the message.
|
| 192 |
- |
354 |
#
|
|
|
355 |
# This feature is available in Postfix 2.1 and later.
|
|
|
356 |
#
|
|
|
357 |
# INFO optional text...
|
|
|
358 |
# Log an informational record with the optional text,
|
| 197 |
- |
359 |
# together with client information and if available,
|
|
|
360 |
# with helo, sender, recipient and protocol informa-
|
| 192 |
- |
361 |
# tion.
|
|
|
362 |
#
|
|
|
363 |
# This feature is available in Postfix 3.0 and later.
|
|
|
364 |
#
|
|
|
365 |
# WARN optional text...
|
|
|
366 |
# Log a warning with the optional text, together with
|
| 197 |
- |
367 |
# client information and if available, with helo,
|
| 192 |
- |
368 |
# sender, recipient and protocol information.
|
|
|
369 |
#
|
|
|
370 |
# This feature is available in Postfix 2.1 and later.
|
|
|
371 |
#
|
|
|
372 |
# ENHANCED STATUS CODES
|
| 197 |
- |
373 |
# Postfix version 2.3 and later support enhanced status
|
|
|
374 |
# codes as defined in RFC 3463. When an enhanced status
|
|
|
375 |
# code is specified in an access table, it is subject to
|
|
|
376 |
# modification. The following transformations are needed
|
|
|
377 |
# when the same access table is used for client, helo,
|
|
|
378 |
# sender, or recipient access restrictions; they happen
|
| 192 |
- |
379 |
# regardless of whether Postfix replies to a MAIL FROM, RCPT
|
|
|
380 |
# TO or other SMTP command.
|
|
|
381 |
#
|
| 197 |
- |
382 |
# o When a sender address matches a REJECT action, the
|
|
|
383 |
# Postfix SMTP server will transform a recipient DSN
|
|
|
384 |
# status (e.g., 4.1.1-4.1.6) into the corresponding
|
| 192 |
- |
385 |
# sender DSN status, and vice versa.
|
|
|
386 |
#
|
| 197 |
- |
387 |
# o When non-address information matches a REJECT
|
|
|
388 |
# action (such as the HELO command argument or the
|
|
|
389 |
# client hostname/address), the Postfix SMTP server
|
|
|
390 |
# will transform a sender or recipient DSN status
|
|
|
391 |
# into a generic non-address DSN status (e.g.,
|
| 192 |
- |
392 |
# 4.0.0).
|
|
|
393 |
#
|
|
|
394 |
# REGULAR EXPRESSION TABLES
|
| 197 |
- |
395 |
# This section describes how the table lookups change when
|
| 192 |
- |
396 |
# the table is given in the form of regular expressions. For
|
| 197 |
- |
397 |
# a description of regular expression lookup table syntax,
|
| 192 |
- |
398 |
# see regexp_table(5) or pcre_table(5).
|
|
|
399 |
#
|
| 197 |
- |
400 |
# Each pattern is a regular expression that is applied to
|
| 192 |
- |
401 |
# the entire string being looked up. Depending on the appli-
|
| 197 |
- |
402 |
# cation, that string is an entire client hostname, an
|
| 192 |
- |
403 |
# entire client IP address, or an entire mail address. Thus,
|
|
|
404 |
# no parent domain or parent network search is done,
|
| 197 |
- |
405 |
# user@domain mail addresses are not broken up into their
|
| 192 |
- |
406 |
# user@ and domain constituent parts, nor is user+foo broken
|
|
|
407 |
# up into user and foo.
|
|
|
408 |
#
|
| 197 |
- |
409 |
# Patterns are applied in the order as specified in the ta-
|
|
|
410 |
# ble, until a pattern is found that matches the search
|
| 192 |
- |
411 |
# string.
|
|
|
412 |
#
|
| 197 |
- |
413 |
# Actions are the same as with indexed file lookups, with
|
|
|
414 |
# the additional feature that parenthesized substrings from
|
| 192 |
- |
415 |
# the pattern can be interpolated as $1, $2 and so on.
|
|
|
416 |
#
|
|
|
417 |
# TCP-BASED TABLES
|
| 197 |
- |
418 |
# This section describes how the table lookups change when
|
| 192 |
- |
419 |
# lookups are directed to a TCP-based server. For a descrip-
|
|
|
420 |
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
|
|
421 |
# ble(5). This feature is not available up to and including
|
|
|
422 |
# Postfix version 2.4.
|
|
|
423 |
#
|
| 197 |
- |
424 |
# Each lookup operation uses the entire query string once.
|
|
|
425 |
# Depending on the application, that string is an entire
|
| 192 |
- |
426 |
# client hostname, an entire client IP address, or an entire
|
| 197 |
- |
427 |
# mail address. Thus, no parent domain or parent network
|
|
|
428 |
# search is done, user@domain mail addresses are not broken
|
|
|
429 |
# up into their user@ and domain constituent parts, nor is
|
| 192 |
- |
430 |
# user+foo broken up into user and foo.
|
|
|
431 |
#
|
|
|
432 |
# Actions are the same as with indexed file lookups.
|
|
|
433 |
#
|
|
|
434 |
# EXAMPLE
|
| 197 |
- |
435 |
# The following example uses an indexed file, so that the
|
|
|
436 |
# order of table entries does not matter. The example per-
|
|
|
437 |
# mits access by the client at address 1.2.3.4 but rejects
|
|
|
438 |
# all other clients in 1.2.3.0/24. Instead of hash lookup
|
|
|
439 |
# tables, some systems use dbm. Use the command "postconf
|
|
|
440 |
# -m" to find out what lookup tables Postfix supports on
|
| 192 |
- |
441 |
# your system.
|
|
|
442 |
#
|
|
|
443 |
# /etc/postfix/main.cf:
|
|
|
444 |
# smtpd_client_restrictions =
|
|
|
445 |
# check_client_access hash:/etc/postfix/access
|
|
|
446 |
#
|
|
|
447 |
# /etc/postfix/access:
|
|
|
448 |
# 1.2.3 REJECT
|
|
|
449 |
# 1.2.3.4 OK
|
|
|
450 |
#
|
| 197 |
- |
451 |
# Execute the command "postmap /etc/postfix/access" after
|
| 192 |
- |
452 |
# editing the file.
|
|
|
453 |
#
|
|
|
454 |
# BUGS
|
| 197 |
- |
455 |
# The table format does not understand quoting conventions.
|
| 192 |
- |
456 |
#
|
|
|
457 |
# SEE ALSO
|
|
|
458 |
# postmap(1), Postfix lookup table manager
|
|
|
459 |
# smtpd(8), SMTP server
|
|
|
460 |
# postconf(5), configuration parameters
|
|
|
461 |
# transport(5), transport:nexthop syntax
|
|
|
462 |
#
|
|
|
463 |
# README FILES
|
| 197 |
- |
464 |
# Use "postconf readme_directory" or "postconf html_direc-
|
| 192 |
- |
465 |
# tory" to locate this information.
|
|
|
466 |
# SMTPD_ACCESS_README, built-in SMTP server access control
|
|
|
467 |
# DATABASE_README, Postfix lookup table overview
|
|
|
468 |
#
|
|
|
469 |
# LICENSE
|
| 197 |
- |
470 |
# The Secure Mailer license must be distributed with this
|
| 192 |
- |
471 |
# software.
|
|
|
472 |
#
|
|
|
473 |
# AUTHOR(S)
|
|
|
474 |
# Wietse Venema
|
|
|
475 |
# IBM T.J. Watson Research
|
|
|
476 |
# P.O. Box 704
|
|
|
477 |
# Yorktown Heights, NY 10598, USA
|
|
|
478 |
#
|
|
|
479 |
# Wietse Venema
|
|
|
480 |
# Google, Inc.
|
|
|
481 |
# 111 8th Avenue
|
|
|
482 |
# New York, NY 10011, USA
|
|
|
483 |
#
|
|
|
484 |
# ACCESS(5)
|