ACCESS(5) ACCESS(5)
NAME
access - format of Postfix access table
SYNOPSIS
postmap /usr/local/etc/postfix/access
DESCRIPTION
The optional access table directs the Postfix SMTP server
to selectively reject or accept mail from or to specific
hosts, domains, networks, host addresses or mail
addresses.
Normally, the access table is specified as a text file
that serves as input to the postmap(1) command. The
result, an indexed file in dbm or db format, is used for
fast searching by the mail system. Execute the command
postmap /usr/local/etc/postfix/access in order to rebuild the
indexed file after changing the access table.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
indexed files.
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions. In that case, the lookups are done in a slightly
different way as described below.
TABLE FORMAT
The format of the access table is as follows:
blanks and comments
Blank lines are ignored, as are lines beginning
with `#'.
leading whitespace
Lines that begin with whitespace continue the pre-
vious line.
pattern action
When pattern matches a mail address, domain or host
address, perform the corresponding action.
PATTERNS
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
user@domain
Matches the specified mail address.
domain.name
Matches the domain.name itself and any subdomain
thereof, either in hostnames or in mail addresses.
1
ACCESS(5) ACCESS(5)
Top-level domains will never be matched.
user@ Matches all mail addresses with the specified user
part.
net.work.addr.ess
net.work.addr
net.work
net Matches any host address in the specified network.
A network address is a sequence of one or more
octets separated by ".".
ACTIONS
[45]NN text
Reject the address etc. that matches the pattern,
and respond with the numerical code and text.
REJECT Reject the address etc. that matches the pattern. A
generic error response message is generated.
OK Accept the address etc. that matches the pattern.
restriction...
Apply the named UCE restriction(s) (permit, reject,
reject_unauth_destination, and so on).
REGULAR EXPRESSION TABLES
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
see regexp_table(5) or pcre_table(5).
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done, and
user@domain mail addresses are not broken up into their
user@ and domain constituent parts.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
Actions are the same as with normal indexed file lookups,
with the additional feature that parenthesized substrings
from the pattern can be interpolated as $1, $2 and so on.
BUGS
The table format does not understand quoting conventions.
2
ACCESS(5) ACCESS(5)
SEE ALSO
postmap(1) create mapping table
smtpd(8) smtp server
pcre_table(5) format of PCRE tables
regexp_table(5) format of POSIX regular expression tables
LICENSE
The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
3