# ACCESS(5)                                                            ACCESS(5)
# 
# NAME
#        access - format of Postfix access table
# 
# SYNOPSIS
#        postmap /etc/postfix/access
# 
#        postmap -q "string" /etc/postfix/access
# 
#        postmap -q - /etc/postfix/access <inputfile
# 
# DESCRIPTION
#        The  optional  access  table  directs the Postfix SMTP server to selec-
#        tively reject or accept mail. Access can be allowed or denied for  spe-
#        cific  host  names,  domain  names, networks, host network addresses or
#        mail addresses.
# 
#        Normally, the access table is specified as a text file that  serves  as
#        input to the postmap(1) command.  The result, an indexed file in dbm or
#        db format, is used for fast searching by the mail system.  Execute  the
#        command  postmap  /etc/postfix/access  in  order to rebuild the indexed
#        file after changing the access table.
# 
#        When the table is provided via other means such as NIS,  LDAP  or  SQL,
#        the same lookups are done as for ordinary indexed files.
# 
#        Alternatively,  the  table  can be provided as a regular-expression map
#        where patterns are given as regular  expressions.  In  that  case,  the
#        lookups are done in a slightly different way as described below.
# 
# TABLE FORMAT
#        The input format for the postmap(1) command is as follows:
# 
#        pattern action
#               When  pattern  matches  a  mail address, domain or host address,
#               perform the corresponding action.
# 
#        blank lines and comments
#               Empty lines and whitespace-only lines are ignored, as are  lines
#               whose first non-whitespace character is a `#'.
# 
#        multi-line text
#               A  logical  line  starts  with  non-whitespace text. A line that
#               starts with whitespace continues a logical line.
# 
# EMAIL ADDRESS PATTERNS
#        With lookups from indexed files such as DB or DBM,  or  from  networked
#        tables  such  as  NIS,  LDAP or SQL, patterns are tried in the order as
#        listed below:
# 
#        user@domain
#               Matches the specified mail address.
# 
#        domain.tld
#               Matches domain.tld as the domain part of an email address.
# 
#               The pattern domain.tld also matches subdomains,  but  only  when
#               the  string  smtpd_access_maps  is  listed  in  the Postfix par-
#               ent_domain_matches_subdomains configuration setting.  Otherwise,
#               specify  .domain.tld  (note  the  initial dot) in order to match
#               subdomains.
# 
#        user@  Matches all mail addresses with the specified user part.
# 
#        Note: lookup of the null sender address is not possible with some types
#        of lookup table. By default, Postfix uses <> as the lookup key for such
#        addresses. The value is specified with the smtpd_null_access_lookup_key
#        parameter in the Postfix main.cf file.
# 
# ADDRESS EXTENSION
#        When a mail address localpart contains the optional recipient delimiter
#        (e.g., user+foo@domain), the  lookup  order  becomes:  user+foo@domain,
#        user@domain, domain, user+foo@, and user@.
# 
# HOST NAME/ADDRESS PATTERNS
#        With  lookups  from  indexed files such as DB or DBM, or from networked
#        tables such as NIS, LDAP or SQL,  the  following  lookup  patterns  are
#        examined in the order as listed:
# 
#        domain.tld
#               Matches domain.tld.
# 
#               The  pattern  domain.tld  also matches subdomains, but only when
#               the string smtpd_access_maps  is  listed  in  the  Postfix  par-
#               ent_domain_matches_subdomains configuration setting.  Otherwise,
#               specify .domain.tld (note the initial dot)  in  order  to  match
#               subdomains.
# 
#        net.work.addr.ess
# 
#        net.work.addr
# 
#        net.work
# 
#        net    Matches  any  host  address  in the specified network. A network
#               address is a sequence of one or more octets separated by ".".
# 
#               Note: CIDR notation  (network/netmask)  is  not  supported  with
#               lookups  from indexed files such as DB or DBM, or from networked
#               tables such as NIS, LDAP or SQL.
# 
# ACTIONS
#        [45]NN text
#               Reject the address etc. that matches the  pattern,  and  respond
#               with the numerical code and text.
# 
#        REJECT
# 
#        REJECT optional text...
#               Reject  the  address  etc.  that matches the pattern. Reply with
#               $reject_code optional text... when the optional text  is  speci-
#               fied, otherwise reply with a generic error response message.
# 
#        OK     Accept the address etc. that matches the pattern.
# 
#        all-numerical
#               An  all-numerical result is treated as OK. This format is gener-
#               ated by address-based relay authorization schemes.
# 
#        DUNNO  Pretend that the lookup key was not found in  this  table.  This
#               prevents  Postfix from trying substrings of the lookup key (such
#               as a subdomain name, or a network address subnetwork).
# 
#        HOLD
# 
#        HOLD optional text...
#               Place the message on the hold queue, where  it  will  sit  until
#               someone  either deletes it or releases it for delivery.  Log the
#               optional text if specified, otherwise log a generic message.
# 
#               Mail that is placed on hold can be examined with the  postcat(1)
#               command,  and can be destroyed or released with the postsuper(1)
#               command.
# 
#               Note: this action currently affects all recipients of  the  mes-
#               sage.
# 
#        DISCARD
# 
#        DISCARD optional text...
#               Claim successful delivery and silently discard the message.  Log
#               the optional text if specified, otherwise log a generic message.
# 
#               Note:  this  action currently affects all recipients of the mes-
#               sage.
# 
#        FILTER transport:destination
#               After the message is queued, send the entire message  through  a
#               content  filter.   More  information about content filters is in
#               the Postfix FILTER_README file.
# 
#               Note: this action overrides the main.cf content_filter  setting,
#               and currently affects all recipients of the message.
# 
#        restriction...
#               Apply    the   named   UCE   restriction(s)   (permit,   reject,
#               reject_unauth_destination, and so on).
# 
# REGULAR EXPRESSION TABLES
#        This section describes how the table lookups change when the  table  is
#        given  in the form of regular expressions. For a description of regular
#        expression lookup table syntax, see regexp_table(5) or pcre_table(5).
# 
#        Each pattern is a regular expression that  is  applied  to  the  entire
#        string being looked up. Depending on the application, that string is an
#        entire client hostname, an entire client IP address, or an entire  mail
#        address.  Thus,  no  parent  domain  or  parent network search is done,
#        user@domain mail addresses are not  broken  up  into  their  user@  and
#        domain  constituent parts, nor is user+foo broken up into user and foo.
# 
#        Patterns are applied in the order as specified in the  table,  until  a
#        pattern is found that matches the search string.
# 
#        Actions  are the same as with indexed file lookups, with the additional
#        feature that parenthesized substrings from the pattern can be  interpo-
#        lated as $1, $2 and so on.
# 
# BUGS
#        The table format does not understand quoting conventions.
# 
# SEE ALSO
#        postmap(1) create mapping table
#        smtpd(8) smtp server
#        pcre_table(5) format of PCRE tables
#        regexp_table(5) format of POSIX regular expression tables
# 
# LICENSE
#        The Secure Mailer license must be distributed with this software.
# 
# AUTHOR(S)
#        Wietse Venema
#        IBM T.J. Watson Research
#        P.O. Box 704
#        Yorktown Heights, NY 10598, USA
# 
#                                                                      ACCESS(5)
