# ACCESS(5)                                               ACCESS(5)
# 
# NAME
#        access - format of Postfix access table
# 
# SYNOPSIS
#        postmap /etc/postfix/access
# 
#        postmap -q "string" /etc/postfix/access
# 
#        postmap -q - /etc/postfix/access <inputfile
# 
# DESCRIPTION
#        The  optional access table directs the Postfix SMTP server
#        to selectively  reject  or  accept  mail.  Access  can  be
#        allowed  or  denied for specific host names, domain names,
#        networks, host network addresses or mail addresses.
# 
#        Normally, the access table is specified  as  a  text  file
#        that  serves  as  input  to  the  postmap(1) command.  The
#        result, an indexed file in dbm or db format, is  used  for
#        fast  searching  by  the  mail system. Execute the command
#        postmap  /etc/postfix/access  in  order  to  rebuild   the
#        indexed file after changing the access table.
# 
#        When  the  table  is provided via other means such as NIS,
#        LDAP or SQL, the same lookups are  done  as  for  ordinary
#        indexed files.
# 
#        Alternatively,  the  table  can  be provided as a regular-
#        expression map where patterns are given as regular expres-
#        sions,  or lookups can be directed to TCP-based server. In
#        that case, the lookups are done in  a  slightly  different
#        way  as  described below under "REGULAR EXPRESSION TABLES"
#        and "TCP-BASED TABLES".
# 
# TABLE FORMAT
#        The format of the access table is as follows:
# 
#        pattern action
#               When pattern matches a mail address, domain or host
#               address, perform the corresponding action.
# 
#        blank lines and comments
#               Empty  lines and whitespace-only lines are ignored,
#               as are lines whose first  non-whitespace  character
#               is a `#'.
# 
#        multi-line text
#               A  logical  line starts with non-whitespace text. A
#               line that starts with whitespace continues a  logi-
#               cal line.
# 
# EMAIL ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked tables such as NIS, LDAP or SQL,  the  following
#        lookup patterns are examined in the order as listed:
# 
#        user@domain
#               Matches the specified mail address.
# 
#        domain.tld
#               Matches  domain.tld  as the domain part of an email
#               address.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the Postfix  parent_domain_matches_subdomains  con-
#               figuration setting.  Otherwise, specify .domain.tld
#               (note the initial dot) in  order  to  match  subdo-
#               mains.
# 
#        user@  Matches  all mail addresses with the specified user
#               part.
# 
#        Note: lookup of the null sender address  is  not  possible
#        with  some types of lookup table. By default, Postfix uses
#        <> as the lookup key for  such  addresses.  The  value  is
#        specified  with the smtpd_null_access_lookup_key parameter
#        in the Postfix main.cf file.
# 
# EMAIL ADDRESS EXTENSION
#        When a mail address localpart contains the optional recip-
#        ient  delimiter  (e.g., user+foo@domain), the lookup order
#        becomes: user+foo@domain, user@domain, domain,  user+foo@,
#        and user@.
# 
# HOST NAME/ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM, or from
#        networked tables such as NIS, LDAP or SQL,  the  following
#        lookup patterns are examined in the order as listed:
# 
#        domain.tld
#               Matches domain.tld.
# 
#               The pattern domain.tld also matches subdomains, but
#               only when the string smtpd_access_maps is listed in
#               the  Postfix  parent_domain_matches_subdomains con-
#               figuration setting.  Otherwise, specify .domain.tld
#               (note  the  initial  dot)  in order to match subdo-
#               mains.
# 
#        net.work.addr.ess
# 
#        net.work.addr
# 
#        net.work
# 
#        net    Matches any host address in the specified  network.
#               A  network  address  is  a  sequence of one or more
#               octets separated by ".".
# 
#               NOTE: use the cidr lookup  table  type  to  specify
#               network/netmask  patterns.  See  cidr_table(5)  for
#               details.
# 
# ACTIONS
#        [45]NN text
#               Reject the address etc. that matches  the  pattern,
#               and respond with the numerical code and text.
# 
#        REJECT
# 
#        REJECT optional text...
#               Reject  the  address etc. that matches the pattern.
#               Reply with $reject_code optional text...  when  the
#               optional  text is specified, otherwise reply with a
#               generic error response message.
# 
#        OK     Accept the address etc. that matches the pattern.
# 
#        all-numerical
#               An all-numerical result is treated as OK. This for-
#               mat  is generated by address-based relay authoriza-
#               tion schemes.
# 
#        DUNNO  Pretend that the lookup key was not found  in  this
#               table. This prevents Postfix from trying substrings
#               of the lookup key (such as a subdomain name,  or  a
#               network address subnetwork).
# 
#        HOLD
# 
#        HOLD optional text...
#               Place  the message on the hold queue, where it will
#               sit until someone either deletes it or releases  it
#               for  delivery.  Log the optional text if specified,
#               otherwise log a generic message.
# 
#               Mail that is placed on hold can  be  examined  with
#               the  postcat(1)  command,  and  can be destroyed or
#               released with the postsuper(1) command.
# 
#               Note: this action currently affects all  recipients
#               of the message.
# 
#        DISCARD
# 
#        DISCARD optional text...
#               Claim  successful delivery and silently discard the
#               message.  Log the optional text if specified,  oth-
#               erwise log a generic message.
# 
#               Note:  this action currently affects all recipients
#               of the message.
# 
#        FILTER transport:destination
#               After the message is queued, send the  entire  mes-
#               sage  through  a  content filter.  More information
#               about  content  filters  is  in  the  Postfix  FIL-
#               TER_README file.
# 
#               Note:   this  action  overrides  the  main.cf  con-
#               tent_filter  setting,  and  currently  affects  all
#               recipients of the message.
# 
#        REDIRECT user@domain
#               After  the  message  is queued, send the message to
#               the  specified  address  instead  of  the  intended
#               recipient(s).
# 
#               Note:  this action overrides the FILTER action, and
#               currently affects all recipients of the message.
# 
#        restriction...
#               Apply the named UCE restriction(s) (permit, reject,
#               reject_unauth_destination, and so on).
# 
# REGULAR EXPRESSION TABLES
#        This  section  describes how the table lookups change when
#        the table is given in the form of regular expressions. For
#        a  description  of regular expression lookup table syntax,
#        see regexp_table(5) or pcre_table(5).
# 
#        Each pattern is a regular expression that  is  applied  to
#        the entire string being looked up. Depending on the appli-
#        cation, that string  is  an  entire  client  hostname,  an
#        entire client IP address, or an entire mail address. Thus,
#        no  parent  domain  or  parent  network  search  is  done,
#        user@domain  mail  addresses  are not broken up into their
#        user@ and domain constituent parts, nor is user+foo broken
#        up into user and foo.
# 
#        Patterns  are  applied  in  the  order as specified in the
#        table, until a pattern is found that  matches  the  search
#        string.
# 
#        Actions  are  the  same as with indexed file lookups, with
#        the additional feature that parenthesized substrings  from
#        the pattern can be interpolated as $1, $2 and so on.
# 
# TCP-BASED TABLES
#        This  section  describes how the table lookups change when
#        lookups are directed to a TCP-based server. For a descrip-
#        tion   of  the  TCP  client/server  lookup  protocol,  see
#        tcp_table(5).
# 
#        Each lookup operation uses the entire query  string  once.
#        Depending  on  the  application,  that string is an entire
#        client hostname, an entire client IP address, or an entire
#        mail  address.   Thus,  no parent domain or parent network
#        search is done, user@domain mail addresses are not  broken
#        up  into  their user@ and domain constituent parts, nor is
#        user+foo broken up into user and foo.
# 
#        Actions are the same as with indexed file lookups.
# 
# BUGS
#        The table format does not understand quoting  conventions.
# 
# SEE ALSO
#        postmap(1) create lookup table
#        smtpd(8) smtp server
#        cidr_table(5) format of CIDR tables
#        pcre_table(5) format of PCRE tables
#        regexp_table(5) format of POSIX regular expression tables
#        tcp_table(5) TCP client/server table lookup protocol
# 
# LICENSE
#        The  Secure  Mailer  license must be distributed with this
#        software.
# 
# AUTHOR(S)
#        Wietse Venema
#        IBM T.J. Watson Research
#        P.O. Box 704
#        Yorktown Heights, NY 10598, USA
# 
#                                                         ACCESS(5)
