# ACCESS(5)                                               ACCESS(5)
# 
# NAME
#        access - format of Postfix access table
# 
# SYNOPSIS
#        postmap /etc/postfix/access
# 
#        postmap -q "string" /etc/postfix/access
# 
#        postmap -q - /etc/postfix/access <inputfile
# 
# DESCRIPTION
#        The  optional access table directs the Postfix SMTP server
#        to selectively  reject  or  accept  mail.  Access  can  be
#        allowed  or  denied for specific host names, domain names,
#        networks, host network addresses or mail addresses.
# 
#        Normally, the access table is specified  as  a  text  file
#        that  serves  as  input  to  the  postmap(1) command.  The
#        result, an indexed file in dbm or db format, is  used  for
#        fast  searching  by  the  mail system. Execute the command
#        postmap  /etc/postfix/access  in  order  to  rebuild   the
#        indexed file after changing the access table.
# 
#        When  the  table  is provided via other means such as NIS,
#        LDAP or SQL, the same lookups are  done  as  for  ordinary
#        indexed files.
# 
#        Alternatively,  the  table  can  be provided as a regular-
#        expression map where patterns are given as regular expres-
#        sions,  or lookups can be directed to TCP-based server. In
#        that case, the lookups are done in  a  slightly  different
#        way  as  described below under "REGULAR EXPRESSION TABLES"
#        and "TCP-BASED TABLES".
# 
# TABLE FORMAT
#        The input format for the postmap(1) command is as follows:
# 
#        pattern action
#               When pattern matches a mail address, domain or host
#               address, perform the corresponding action.
# 
#        blank lines and comments
#               Empty lines and whitespace-only lines are  ignored,
#               as  are  lines whose first non-whitespace character
#               is a `#'.
# 
#        multi-line text
#               A logical line starts with non-whitespace  text.  A
#               line  that starts with whitespace continues a logi-
#               cal line.
# 
# EMAIL ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked  tables  such  as NIS, LDAP or SQL, patterns are
#        tried in the order as listed below:
# 
#        user@domain
#               Matches the specified mail address.
# 
#        domain.tld
#               Matches domain.tld as the domain part of  an  email
#               address.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the  Postfix  parent_domain_matches_subdomains con-
#               figuration setting (note that this is  the  default
#               for  some versions of Postfix).  Otherwise, specify
#               .domain.tld (note the  initial  dot)  in  order  to
#               match subdomains.
# 
#        user@  Matches  all mail addresses with the specified user
#               part.
# 
#        Note: lookup of the null sender address  is  not  possible
#        with  some types of lookup table. By default, Postfix uses
#        <> as the lookup key for  such  addresses.  The  value  is
#        specified  with the smtpd_null_access_lookup_key parameter
#        in the Postfix main.cf file.
# 
# EMAIL ADDRESS EXTENSION
#        When a mail address localpart contains the optional recip-
#        ient  delimiter  (e.g., user+foo@domain), the lookup order
#        becomes: user+foo@domain, user@domain, domain,  user+foo@,
#        and user@.
# 
# HOST NAME/ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked tables such as NIS, LDAP or SQL,  the  following
#        lookup patterns are examined in the order as listed:
# 
#        domain.tld
#               Matches domain.tld.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the  Postfix  parent_domain_matches_subdomains con-
#               figuration setting.  Otherwise, specify .domain.tld
#               (note  the  initial  dot)  in order to match subdo-
#               mains.
# 
#        net.work.addr.ess
# 
#        net.work.addr
# 
#        net.work
# 
#        net    Matches any host address in the specified  network.
#               A  network  address  is  a  sequence of one or more
#               octets separated by ".".
# 
#               NOTE: use the cidr lookup  table  type  to  specify
#               network/netmask  patterns.  See  cidr_table(5)  for
#               details.
# 
# ACTIONS
#        [45]NN text
#               Reject the address etc. that matches  the  pattern,
#               and respond with the numerical code and text.
# 
#        REJECT optional text...
#               Reject  the  address etc. that matches the pattern.
#               Reply with $reject_code optional text...  when  the
#               optional  text is specified, otherwise reply with a
#               generic error response message.
# 
#        DEFER_IF_REJECT optional text...
#               Defer the request if some later  restriction  would
#               result in a REJECT action. Reply with "450 optional
#               text... when the optional text is specified, other-
#               wise reply with a generic error response message.
# 
#        DEFER_IF_PERMIT optional text...
#               Defer  the  request if some later restriction would
#               result in a an explicit or implicit PERMIT  action.
#               Reply  with "450 optional text... when the optional
#               text is specified, otherwise reply with  a  generic
#               error response message.
# 
#        OK     Accept the address etc. that matches the pattern.
# 
#        all-numerical
#               An all-numerical result is treated as OK. This for-
#               mat is generated by address-based relay  authoriza-
#               tion schemes.
# 
#        DUNNO  Pretend  that  the  lookup  key was not found. This
#               prevents Postfix  from  trying  substrings  of  the
#               lookup  key (such as a subdomain name, or a network
#               address subnetwork).
# 
#        PREPEND headername: headervalue
#               Prepend the specified message header  to  the  mes-
#               sage.  When this action is used multiple times, the
#               first prepended header appears  before  the  second
#               etc. prepended header.
# 
#               Note:  this action does not support multi-line mes-
#               sage headers.
# 
#        HOLD optional text...
#               Place the message on the hold queue, where it  will
#               sit  until someone either deletes it or releases it
#               for delivery.  Log the optional text if  specified,
#               otherwise log a generic message.
# 
#               Mail  that  is  placed on hold can be examined with
#               the postcat(1) command, and  can  be  destroyed  or
#               released with the postsuper(1) command.
# 
#               Note:  this action currently affects all recipients
#               of the message.
# 
#        DISCARD optional text...
#               Claim successful delivery and silently discard  the
#               message.   Log the optional text if specified, oth-
#               erwise log a generic message.
# 
#               Note: this action currently affects all  recipients
#               of the message.
# 
#        FILTER transport:destination
#               After  the  message is queued, send the entire mes-
#               sage through the specified external content filter.
#               More  information about external content filters is
#               in the Postfix FILTER_README file.
# 
#               Note:  this  action  overrides  the  main.cf   con-
#               tent_filter  setting,  and  currently  affects  all
#               recipients of the message.
# 
#        REDIRECT user@domain
#               After the message is queued, send  the  message  to
#               the  specified  address  instead  of  the  intended
#               recipient(s).
# 
#               Note: this action overrides the FILTER action,  and
#               currently affects all recipients of the message.
# 
#        restriction...
#               Apply the named UCE restriction(s) (permit, reject,
#               reject_unauth_destination, and so on).
# 
# REGULAR EXPRESSION TABLES
#        This section describes how the table lookups  change  when
#        the table is given in the form of regular expressions. For
#        a description of regular expression lookup  table  syntax,
#        see regexp_table(5) or pcre_table(5).
# 
#        Each  pattern  is  a regular expression that is applied to
#        the entire string being looked up. Depending on the appli-
#        cation,  that  string  is  an  entire  client hostname, an
#        entire client IP address, or an entire mail address. Thus,
#        no  parent  domain  or  parent  network  search  is  done,
#        user@domain mail addresses are not broken  up  into  their
#        user@ and domain constituent parts, nor is user+foo broken
#        up into user and foo.
# 
#        Patterns are applied in the  order  as  specified  in  the
#        table,  until  a  pattern is found that matches the search
#        string.
# 
#        Actions are the same as with indexed  file  lookups,  with
#        the  additional feature that parenthesized substrings from
#        the pattern can be interpolated as $1, $2 and so on.
# 
# TCP-BASED TABLES
#        This section describes how the table lookups  change  when
#        lookups are directed to a TCP-based server. For a descrip-
#        tion  of  the  TCP  client/server  lookup  protocol,   see
#        tcp_table(5).
# 
#        Each  lookup  operation uses the entire query string once.
#        Depending on the application, that  string  is  an  entire
#        client hostname, an entire client IP address, or an entire
#        mail address.  Thus, no parent domain  or  parent  network
#        search  is done, user@domain mail addresses are not broken
#        up into their user@ and domain constituent parts,  nor  is
#        user+foo broken up into user and foo.
# 
#        Actions are the same as with indexed file lookups.
# 
# BUGS
#        The  table format does not understand quoting conventions.
# 
# SEE ALSO
#        postmap(1) create lookup table
#        smtpd(8) smtp server
#        cidr_table(5) format of CIDR tables
#        pcre_table(5) format of PCRE tables
#        regexp_table(5) format of POSIX regular expression tables
#        tcp_table(5) TCP client/server table lookup protocol
# 
# LICENSE
#        The Secure Mailer license must be  distributed  with  this
#        software.
# 
# AUTHOR(S)
#        Wietse Venema
#        IBM T.J. Watson Research
#        P.O. Box 704
#        Yorktown Heights, NY 10598, USA
# 
#                                                         ACCESS(5)
