# ACCESS(5) ACCESS(5) # # NAME # access - format of Postfix access table # # SYNOPSIS # postmap /etc/postfix/access # # postmap -q "string" /etc/postfix/access # # postmap -q - /etc/postfix/access <inputfile # # DESCRIPTION # The optional access table directs the Postfix SMTP server # to selectively reject or accept mail. Access can be # allowed or denied for specific host names, domain names, # networks, host network addresses or mail addresses. # # Normally, the access table is specified as a text file # that serves as input to the postmap(1) command. The # result, an indexed file in dbm or db format, is used for # fast searching by the mail system. Execute the command # postmap /etc/postfix/access in order to rebuild the # indexed file after changing the access table. # # When the table is provided via other means such as NIS, # LDAP or SQL, the same lookups are done as for ordinary # indexed files. # # Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- # sions. In that case, the lookups are done in a slightly # different way as described below. # # TABLE FORMAT # The format of the access table is as follows: # # pattern action # When pattern matches a mail address, domain or host # address, perform the corresponding action. # # blank lines and comments # Empty lines and whitespace-only lines are ignored, # as are lines whose first non-whitespace character # is a `#'. # # multi-line text # A logical line starts with non-whitespace text. A # line that starts with whitespace continues a logi- # cal line. # # EMAIL ADDRESS PATTERNS # With lookups from indexed files such as DB or DBM, or from # networked tables such as NIS, LDAP or SQL, the following # lookup patterns are examined in the order as listed: # # user@domain # Matches the specified mail address. # # domain.tld # Matches domain.tld as the domain part of an email # address. # # The pattern domain.tld also matches subdomains, but # only when the string smtpd_access_maps is listed in # the Postfix parent_domain_matches_subdomains con- # figuration setting. Otherwise, specify .domain.tld # (note the initial dot) in order to match subdo- # mains. # # user@ Matches all mail addresses with the specified user # part. # # Note: lookup of the null sender address is not possible # with some types of lookup table. By default, Postfix uses # <> as the lookup key for such addresses. The value is # specified with the smtpd_null_access_lookup_key parameter # in the Postfix main.cf file. # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- # ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, domain, user+foo@, # and user@. # # HOST NAME/ADDRESS PATTERNS # With lookups from indexed files such as DB or DBM, or from # networked tables such as NIS, LDAP or SQL, the following # lookup patterns are examined in the order as listed: # # domain.tld # Matches domain.tld. # # The pattern domain.tld also matches subdomains, but # only when the string smtpd_access_maps is listed in # the Postfix parent_domain_matches_subdomains con- # figuration setting. Otherwise, specify .domain.tld # (note the initial dot) in order to match subdo- # mains. # # net.work.addr.ess # # net.work.addr # # net.work # # net Matches any host address in the specified network. # A network address is a sequence of one or more # octets separated by ".". # # ACTIONS # [45]NN text # Reject the address etc. that matches the pattern, # and respond with the numerical code and text. # # REJECT # # REJECT optional text... # Reject the address etc. that matches the pattern. # Reply with $reject_code optional text... when the # optional text is specified, otherwise reply with a # generic error response message. # # OK Accept the address etc. that matches the pattern. # # all-numerical # An all-numerical result is treated as OK. This for- # mat is generated by address-based relay authoriza- # tion schemes. # # DUNNO Pretend that the lookup key was not found in this # table. This prevents Postfix from trying substrings # of the lookup key (such as a subdomain name, or a # network address subnetwork). # # HOLD # # HOLD optional text... # Place the message on the hold queue, where it will # sit until someone either deletes it or releases it # for delivery. Log the optional text if specified, # otherwise log a generic message. # # Mail that is placed on hold can be examined with # the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # # Note: this action currently affects all recipients # of the message. # # DISCARD # # DISCARD optional text... # Claim successful delivery and silently discard the # message. Log the optional text if specified, oth- # erwise log a generic message. # # Note: this action currently affects all recipients # of the message. # # FILTER transport:destination # After the message is queued, send the entire mes- # sage through a content filter. More information # about content filters is in the Postfix FIL- # TER_README file. # # Note: this action overrides the main.cf con- # tent_filter setting, and currently affects all # recipients of the message. # # restriction... # Apply the named UCE restriction(s) (permit, reject, # reject_unauth_destination, and so on). # # REGULAR EXPRESSION TABLES # This section describes how the table lookups change when # the table is given in the form of regular expressions. For # a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # # Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- # cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, # user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # # Patterns are applied in the order as specified in the # table, until a pattern is found that matches the search # string. # # Actions are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # BUGS # The table format does not understand quoting conventions. # # SEE ALSO # postmap(1) create mapping table # smtpd(8) smtp server # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables # # LICENSE # The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) # Wietse Venema # IBM T.J. Watson Research # P.O. Box 704 # Yorktown Heights, NY 10598, USA # # ACCESS(5)