Your IP : 3.14.247.239


Current Path : /etc/postfix/
Upload File :
Current File : //etc/postfix/access

# ACCESS(5)                                                            ACCESS(5)
# 
# NAME
#        access - Postfix SMTP server access table
# 
# SYNOPSIS
#        postmap /etc/postfix/access
# 
#        postmap -q "string" /etc/postfix/access
# 
#        postmap -q - /etc/postfix/access <inputfile
# 
# DESCRIPTION
#        This  document  describes  access  control  on remote SMTP
#        client information: host  names,  network  addresses,  and
#        envelope  sender or recipient addresses; it is implemented
#        by the  Postfix  SMTP  server.   See  header_checks(5)  or
#        body_checks(5)  for access control on the content of email
#        messages.
# 
#        Normally, the access(5) table is specified as a text  file
#        that  serves  as  input  to  the  postmap(1) command.  The
#        result, an indexed file in dbm or db format, is  used  for
#        fast  searching  by  the  mail system. Execute the command
#        "postmap /etc/postfix/access" to rebuild an  indexed  file
#        after changing the corresponding text file.
# 
#        When  the  table  is provided via other means such as NIS,
#        LDAP or SQL, the same lookups are  done  as  for  ordinary
#        indexed files.
# 
#        Alternatively,  the  table  can  be provided as a regular-
#        expression map where patterns are given as regular expres-
#        sions,  or lookups can be directed to TCP-based server. In
#        those cases, the lookups are done in a slightly  different
#        way  as  described below under "REGULAR EXPRESSION TABLES"
#        or "TCP-BASED TABLES".
# 
# CASE FOLDING
#        The search string is folded to lowercase  before  database
#        lookup.  As  of Postfix 2.3, the search string is not case
#        folded with database types such as regexp: or pcre:  whose
#        lookup fields can match both upper and lower case.
# 
# TABLE FORMAT
#        The input format for the postmap(1) command is as follows:
# 
#        pattern action
#               When pattern matches a mail address, domain or host
#               address, perform the corresponding action.
# 
#        blank lines and comments
#               Empty  lines and whitespace-only lines are ignored,
#               as are lines whose first  non-whitespace  character
#               is a `#'.
# 
#        multi-line text
#               A  logical  line starts with non-whitespace text. A
#               line that starts with whitespace continues a  logi-
#               cal line.
# 
# EMAIL ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked tables such as NIS, LDAP or  SQL,  patterns  are
#        tried in the order as listed below:
# 
#        user@domain
#               Matches the specified mail address.
# 
#        domain.tld
#               Matches  domain.tld  as the domain part of an email
#               address.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the Postfix  parent_domain_matches_subdomains  con-
#               figuration setting.
# 
#        .domain.tld
#               Matches subdomains of domain.tld, but only when the
#               string smtpd_access_maps is not listed in the Post-
#               fix  parent_domain_matches_subdomains configuration
#               setting.
# 
#        user@  Matches all mail addresses with the specified  user
#               part.
# 
#        Note:  lookup  of  the null sender address is not possible
#        with some types of lookup table. By default, Postfix  uses
#        <>  as  the  lookup  key  for such addresses. The value is
#        specified with the smtpd_null_access_lookup_key  parameter
#        in the Postfix main.cf file.
# 
# EMAIL ADDRESS EXTENSION
#        When a mail address localpart contains the optional recip-
#        ient delimiter (e.g., user+foo@domain), the  lookup  order
#        becomes:  user+foo@domain, user@domain, domain, user+foo@,
#        and user@.
# 
# HOST NAME/ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked  tables  such as NIS, LDAP or SQL, the following
#        lookup patterns are examined in the order as listed:
# 
#        domain.tld
#               Matches domain.tld.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the Postfix  parent_domain_matches_subdomains  con-
#               figuration setting.
# 
#        .domain.tld
#               Matches subdomains of domain.tld, but only when the
#               string smtpd_access_maps is not listed in the Post-
#               fix  parent_domain_matches_subdomains configuration
#               setting.
# 
#        net.work.addr.ess
# 
#        net.work.addr
# 
#        net.work
# 
#        net    Matches the specified IPv4 host address or  subnet-
#               work.  An  IPv4  host address is a sequence of four
#               decimal octets separated by ".".
# 
#               Subnetworks are matched  by  repeatedly  truncating
#               the last ".octet" from the remote IPv4 host address
#               string until a match is found in the access  table,
#               or until further truncation is not possible.
# 
#               NOTE 1: The access map lookup key must be in canon-
#               ical form: do not specify unnecessary null  charac-
#               ters,  and  do not enclose network address informa-
#               tion with "[]" characters.
# 
#               NOTE 2: use the cidr lookup table type  to  specify
#               network/netmask  patterns.  See  cidr_table(5)  for
#               details.
# 
#        net:work:addr:ess
# 
#        net:work:addr
# 
#        net:work
# 
#        net    Matches the specified IPv6 host address or  subnet-
#               work.  An  IPv6 host address is a sequence of three
#               to eight hexadecimal octet pairs separated by  ":".
# 
#               Subnetworks  are  matched  by repeatedly truncating
#               the last ":octetpair" from  the  remote  IPv6  host
#               address string until a match is found in the access
#               table, or until further truncation is not possible.
# 
#               NOTE 1: the truncation and comparison are done with
#               the string representation of the IPv6 host address.
#               Thus, not all the ":" subnetworks will be tried.
# 
#               NOTE 2: The access map lookup key must be in canon-
#               ical form: do not specify unnecessary null  charac-
#               ters,  and  do not enclose network address informa-
#               tion with "[]" characters.
# 
#               NOTE 3: use the cidr lookup table type  to  specify
#               network/netmask  patterns.  See  cidr_table(5)  for
#               details.
# 
#               IPv6 support is available in Postfix 2.2 and later.
# 
# ACCEPT ACTIONS
#        OK     Accept the address etc. that matches the pattern.
# 
#        all-numerical
#               An all-numerical result is treated as OK. This for-
#               mat is generated by address-based relay  authoriza-
#               tion schemes such as pop-before-smtp.
# 
# REJECT ACTIONS
#        Postfix  version  2.3  and  later  support enhanced status
#        codes as defined in RFC 3463.  When no code  is  specified
#        at  the  beginning  of  the  text below, Postfix inserts a
#        default enhanced status code of "5.7.1"  in  the  case  of
#        reject  actions, and "4.7.1" in the case of defer actions.
#        See "ENHANCED STATUS CODES" below.
# 
#        4NN text
# 
#        5NN text
#               Reject the address etc. that matches  the  pattern,
#               and respond with the numerical three-digit code and
#               text. 4NN means "try again later", while 5NN  means
#               "do not try again".
# 
#               The  following  responses  have special meaning for
#               the Postfix SMTP server:
# 
#               421 text (Postfix 2.3 and later)
# 
#               521 text (Postfix 2.6 and later)
#                      After responding with the  numerical  three-
#                      digit  code and text, disconnect immediately
#                      from the SMTP client.  This  frees  up  SMTP
#                      server  resources  so  that they can be made
#                      available to another SMTP client.
# 
#                      Note: The "521" response should be used only
#                      with  botnets and other malware where inter-
#                      operability is of no concern.  The "send 521
#                      and  disconnect"  behavior is NOT defined in
#                      the SMTP standard.
# 
#        REJECT optional text...
#               Reject the address etc. that matches  the  pattern.
#               Reply    with   "$access_map_reject_code   optional
#               text..." when the optional text is specified,  oth-
#               erwise reply with a generic error response message.
# 
#        DEFER optional text...
#               Reject the address etc. that matches  the  pattern.
#               Reply    with    "$access_map_defer_code   optional
#               text..." when the optional text is specified,  oth-
#               erwise reply with a generic error response message.
# 
#               This feature is available in Postfix 2.6 and later.
# 
#        DEFER_IF_REJECT optional text...
#               Defer  the  request if some later restriction would
#               result   in   a   REJECT   action.    Reply    with
#               "$access_map_defer_code   4.7.1  optional  text..."
#               when the  optional  text  is  specified,  otherwise
#               reply with a generic error response message.
# 
#               Prior to Postfix 2.6, the SMTP reply code is 450.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        DEFER_IF_PERMIT optional text...
#               Defer the request if some later  restriction  would
#               result  in a an explicit or implicit PERMIT action.
#               Reply with "$access_map_defer_code 4.7.1   optional
#               text..."  when the optional text is specified, oth-
#               erwise reply with a generic error response message.
# 
#               Prior to Postfix 2.6, the SMTP reply code is 450.
# 
#               This feature is available in Postfix 2.1 and later.
# 
# OTHER ACTIONS
#        restriction...
#               Apply the named UCE restriction(s) (permit, reject,
#               reject_unauth_destination, and so on).
# 
#        BCC user@domain
#               Send  one  copy  of  the  message  to the specified
#               recipient.
# 
#               If multiple BCC actions are  specified  within  the
#               same  SMTP  MAIL  transaction, only the last action
#               will be used.
# 
#               This feature is not  part  of  the  stable  Postfix
#               release.
# 
#        DISCARD optional text...
#               Claim  successful delivery and silently discard the
#               message.  Log the optional text if specified,  oth-
#               erwise log a generic message.
# 
#               Note:  this action currently affects all recipients
#               of the message.   To  discard  only  one  recipient
#               without  discarding  the  entire  message,  use the
#               transport(5) table to direct mail to the discard(8)
#               service.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        DUNNO  Pretend that the lookup key  was  not  found.  This
#               prevents  Postfix  from  trying  substrings  of the
#               lookup key (such as a subdomain name, or a  network
#               address subnetwork).
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        FILTER transport:destination
#               After the message is queued, send the  entire  mes-
#               sage through the specified external content filter.
#               The transport name specifies the first field  of  a
#               mail  delivery  agent  definition in master.cf; the
#               syntax of the next-hop destination is described  in
#               the  manual  page  of  the  corresponding  delivery
#               agent.  More  information  about  external  content
#               filters is in the Postfix FILTER_README file.
# 
#               Note  1: do not use $number regular expression sub-
#               stitutions for transport or destination unless  you
#               know that the information has a trusted origin.
# 
#               Note  2:  this  action  overrides  the main.cf con-
#               tent_filter setting, and affects all recipients  of
#               the  message.  In  the  case  that  multiple FILTER
#               actions fire, only the last one is executed.
# 
#               Note 3: the purpose of the  FILTER  command  is  to
#               override  message routing.  To override the recipi-
#               ent's transport but not the  next-hop  destination,
#               specify  an  empty  filter destination (Postfix 2.7
#               and later), or specify a transport:destination that
#               delivers   through  a  different  Postfix  instance
#               (Postfix 2.6 and earlier). Other options are  using
#               the  recipient-dependent transport_maps or the sen-
#               der-dependent   sender_dependent_default_transport-
#               _maps features.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        HOLD optional text...
#               Place the message on the hold queue, where it  will
#               sit  until someone either deletes it or releases it
#               for delivery.  Log the optional text if  specified,
#               otherwise log a generic message.
# 
#               Mail  that  is  placed on hold can be examined with
#               the postcat(1) command, and  can  be  destroyed  or
#               released with the postsuper(1) command.
# 
#               Note:  use  "postsuper -r" to release mail that was
#               kept on hold for a significant fraction  of  $maxi-
#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
#               longer. Use "postsuper -H" only for mail that  will
#               not expire within a few delivery attempts.
# 
#               Note:  this action currently affects all recipients
#               of the message.
# 
#               This feature is available in Postfix 2.0 and later.
# 
#        PREPEND headername: headervalue
#               Prepend  the  specified  message header to the mes-
#               sage.  When more than one PREPEND action  executes,
#               the  first prepended header appears before the sec-
#               ond etc. prepended header.
# 
#               Note: this action must execute before  the  message
#               content  is received; it cannot execute in the con-
#               text of smtpd_end_of_data_restrictions.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        REDIRECT user@domain
#               After  the  message  is queued, send the message to
#               the  specified  address  instead  of  the  intended
#               recipient(s).
# 
#               Note:  this action overrides the FILTER action, and
#               currently affects all recipients of the message.
# 
#               This feature is available in Postfix 2.1 and later.
# 
#        WARN optional text...
#               Log a warning with the optional text, together with
#               client information and  if  available,  with  helo,
#               sender, recipient and protocol information.
# 
#               This feature is available in Postfix 2.1 and later.
# 
# ENHANCED STATUS CODES
#        Postfix version 2.3  and  later  support  enhanced  status
#        codes  as  defined  in  RFC 3463.  When an enhanced status
#        code is specified in an access table,  it  is  subject  to
#        modification.  The  following  transformations  are needed
#        when the same access  table  is  used  for  client,  helo,
#        sender,  or  recipient  access  restrictions;  they happen
#        regardless of whether Postfix replies to a MAIL FROM, RCPT
#        TO or other SMTP command.
# 
#        o      When  a sender address matches a REJECT action, the
#               Postfix SMTP server will transform a recipient  DSN
#               status  (e.g.,  4.1.1-4.1.6) into the corresponding
#               sender DSN status, and vice versa.
# 
#        o      When  non-address  information  matches  a   REJECT
#               action  (such  as  the HELO command argument or the
#               client hostname/address), the Postfix  SMTP  server
#               will  transform  a  sender  or recipient DSN status
#               into  a  generic  non-address  DSN  status   (e.g.,
#               4.0.0).
# 
# REGULAR EXPRESSION TABLES
#        This  section  describes how the table lookups change when
#        the table is given in the form of regular expressions. For
#        a  description  of regular expression lookup table syntax,
#        see regexp_table(5) or pcre_table(5).
# 
#        Each pattern is a regular expression that  is  applied  to
#        the entire string being looked up. Depending on the appli-
#        cation, that string  is  an  entire  client  hostname,  an
#        entire client IP address, or an entire mail address. Thus,
#        no  parent  domain  or  parent  network  search  is  done,
#        user@domain  mail  addresses  are not broken up into their
#        user@ and domain constituent parts, nor is user+foo broken
#        up into user and foo.
# 
#        Patterns  are applied in the order as specified in the ta-
#        ble, until a pattern is  found  that  matches  the  search
#        string.
# 
#        Actions  are  the  same as with indexed file lookups, with
#        the additional feature that parenthesized substrings  from
#        the pattern can be interpolated as $1, $2 and so on.
# 
# TCP-BASED TABLES
#        This  section  describes how the table lookups change when
#        lookups are directed to a TCP-based server. For a descrip-
#        tion of the TCP client/server lookup protocol, see tcp_ta-
#        ble(5).  This feature is not available up to and including
#        Postfix version 2.4.
# 
#        Each  lookup  operation uses the entire query string once.
#        Depending on the application, that  string  is  an  entire
#        client hostname, an entire client IP address, or an entire
#        mail address.  Thus, no parent domain  or  parent  network
#        search  is done, user@domain mail addresses are not broken
#        up into their user@ and domain constituent parts,  nor  is
#        user+foo broken up into user and foo.
# 
#        Actions are the same as with indexed file lookups.
# 
# EXAMPLE
#        The  following  example  uses an indexed file, so that the
#        order of table entries does not matter. The  example  per-
#        mits  access  by the client at address 1.2.3.4 but rejects
#        all other clients in 1.2.3.0/24. Instead  of  hash  lookup
#        tables,  some  systems use dbm.  Use the command "postconf
#        -m" to find out what lookup  tables  Postfix  supports  on
#        your system.
# 
#        /etc/postfix/main.cf:
#            smtpd_client_restrictions =
#                check_client_access hash:/etc/postfix/access
# 
#        /etc/postfix/access:
#            1.2.3   REJECT
#            1.2.3.4 OK
# 
#        Execute  the  command  "postmap /etc/postfix/access" after
#        editing the file.
# 
# BUGS
#        The table format does not understand quoting  conventions.
# 
# SEE ALSO
#        postmap(1), Postfix lookup table manager
#        smtpd(8), SMTP server
#        postconf(5), configuration parameters
#        transport(5), transport:nexthop syntax
# 
# README FILES
#        Use  "postconf  readme_directory" or "postconf html_direc-
#        tory" to locate this information.
#        SMTPD_ACCESS_README, built-in SMTP server access control
#        DATABASE_README, Postfix lookup table overview
# 
# LICENSE
#        The Secure Mailer license must be  distributed  with  this
#        software.
# 
# AUTHOR(S)
#        Wietse Venema
#        IBM T.J. Watson Research
#        P.O. Box 704
#        Yorktown Heights, NY 10598, USA
# 
#                                                                      ACCESS(5)