Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/gnu/dist/postfix/html/access.5.html

220 lines
9.4 KiB
HTML
Raw Blame History

<html> <head> </head> <body> <pre>
ACCESS(5) ACCESS(5)
<b>NAME</b>
access - format of Postfix access table
<b>SYNOPSIS</b>
<b>postmap</b> <b>/etc/postfix/access</b>
<b>postmap</b> <b>-q</b> <b>"</b><i>string</i><b>"</b> <b>/etc/postfix/access</b>
<b>postmap</b> <b>-q</b> <b>-</b> <b>/etc/postfix/access</b> &lt;<i>inputfile</i>
<b>DESCRIPTION</b>
The optional <b>access</b> table directs the Postfix SMTP server
to selectively reject or accept mail. Access can be
allowed or denied for specific host names, domain names,
networks, host network addresses or mail addresses.
Normally, the <b>access</b> table is specified as a text file
that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
<b>postmap</b> <b>/etc/postfix/access</b> in order to rebuild the
indexed file after changing the access table.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
indexed files.
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions. In that case, the lookups are done in a slightly
different way as described below.
<b>TABLE</b> <b>FORMAT</b>
The format of the access table is as follows:
<i>pattern</i> <i>action</i>
When <i>pattern</i> matches a mail address, domain or host
address, perform the corresponding <i>action</i>.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
is a `#'.
multi-line text
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
cal line.
<b>EMAIL</b> <b>ADDRESS</b> <b>PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>user</i>@<i>domain</i>
Matches the specified mail address.
<i>domain.tld</i>
Matches <i>domain.tld</i> as the domain part of an email
address.
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd</b><i>_</i><b>access</b><i>_</i><b>maps</b> is listed in
the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
mains.
<i>user</i>@ Matches all mail addresses with the specified user
part.
Note: lookup of the null sender address is not possible
with some types of lookup table. By default, Postfix uses
&lt;&gt; as the lookup key for such addresses. The value is
specified with the <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> parameter
in the Postfix <b>main.cf</b> file.
<b>ADDRESS</b> <b>EXTENSION</b>
When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
and <i>user</i>@.
<b>HOST</b> <b>NAME/ADDRESS</b> <b>PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>domain.tld</i>
Matches <i>domain.tld</i>.
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd</b><i>_</i><b>access</b><i>_</i><b>maps</b> is listed in
the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
mains.
<i>net.work.addr.ess</i>
<i>net.work.addr</i>
<i>net.work</i>
<i>net</i> Matches any host address in the specified network.
A network address is a sequence of one or more
octets separated by ".".
<b>ACTIONS</b>
[<b>45</b>]<i>NN</i> <i>text</i>
Reject the address etc. that matches the pattern,
and respond with the numerical code and text.
<b>REJECT</b>
<b>REJECT</b> <i>optional</i> <i>text...</i>
Reject the address etc. that matches the pattern.
Reply with <i>$reject_code</i> <i>optional</i> <i>text...</i> when the
optional text is specified, otherwise reply with a
generic error response message.
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
mat is generated by address-based relay authoriza-
tion schemes.
<b>DUNNO</b> Pretend that the lookup key was not found in this
table. This prevents Postfix from trying substrings
of the lookup key (such as a subdomain name, or a
network address subnetwork).
<b>HOLD</b>
<b>HOLD</b> <i>optional</i> <i>text...</i>
Place the message on the <b>hold</b> queue, where it will
sit until someone either deletes it or releases it
for delivery. Log the optional text if specified,
otherwise log a generic message.
Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
Note: this action currently affects all recipients
of the message.
<b>DISCARD</b>
<b>DISCARD</b> <i>optional</i> <i>text...</i>
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
erwise log a generic message.
Note: this action currently affects all recipients
of the message.
<b>FILTER</b> <i>transport:destination</i>
After the message is queued, send the entire mes-
sage through a content filter. More information
about content filters is in the Postfix FIL-
TER_README file.
Note: this action overrides the <b>main.cf</b> <b>con-</b>
<b>tent</b><i>_</i><b>filter</b> setting, and currently affects all
recipients of the message.
<i>restriction...</i>
Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>destination</b>, and so on).
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
<i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>BUGS</b>
The table format does not understand quoting conventions.
<b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table
<a href="smtpd.8.html">smtpd(8)</a> smtp server
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
ACCESS(5)
</pre> </body> </html>
Reference in New Issue View Git Blame Copy Permalink