man > CIDR_TABLE(5)

CIDR_TABLE(5)                          File Formats Manual                          CIDR_TABLE(5)

NAME
       cidr_table - format of Postfix CIDR tables

SYNOPSIS
       postmap -q "string" cidr:/etc/postfix/filename

       postmap -q - cidr:/etc/postfix/filename <inputfile

DESCRIPTION
       The  Postfix  mail system uses optional lookup tables.  These tables are usually in dbm or db
       format.  Alternatively, lookup tables can be specified in CIDR (Classless Inter-Domain  Rout-
       ing)  form.  In this case, each input is compared against a list of patterns. When a match is
       found, the corresponding result is returned and the search is terminated.

       To find out what types of lookup tables your Postfix system supports use  the  "postconf  -m"
       command.

       To test lookup tables, use the "postmap -q" command as described in the SYNOPSIS above.

TABLE FORMAT
       The general form of a Postfix CIDR table is:

       pattern     result
              When  a  search  string  matches  the  specified pattern, use the corresponding result
              value. The pattern must be in network/prefix or network_address form (see ADDRESS PAT-
              TERN SYNTAX below).

       !pattern     result
              When  a  search  string does not match the specified pattern, use the specified result
              value. The pattern must be in network/prefix or network_address form (see ADDRESS PAT-
              TERN SYNTAX below).

              This feature is available in Postfix 3.2 and later.

       if pattern

       endif  When  a  search string matches the specified pattern, match that search string against
              the patterns between if and endif.  The pattern must  be  in  network/prefix  or  net-
              work_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

              Note: do not prepend whitespace to text between if..endif.

              This feature is available in Postfix 3.2 and later.

       if !pattern

       endif  When  a  search  string does not match the specified pattern, match that search string
              against the patterns between if and endif. The pattern must be  in  network/prefix  or
              network_address form (see ADDRESS PATTERN SYNTAX below). The if..endif can nest.

              Note: do not prepend whitespace to text between if..endif.

              This feature is available in Postfix 3.2 and later.

       blank lines and comments
              Empty lines and whitespace-only lines are ignored, as are lines whose first non-white-
              space character is a `#'.

       multi-line text
              A logical line starts with non-whitespace text. A line  that  starts  with  whitespace
              continues a logical line.

TABLE SEARCH ORDER
       Patterns  are  applied  in the order as specified in the table, until a pattern is found that
       matches the search string.

ADDRESS PATTERN SYNTAX
       Postfix CIDR tables are pattern-based. A pattern is either a network_address  which  requires
       an exact match, or a network_address/prefix_length where the prefix_length part specifies the
       length of the network_address prefix that must be matched (the other bits in the  network_ad-
       dress part must be zero).

       An  IPv4  network  address is a sequence of four decimal octets separated by ".", and an IPv6
       network address is a sequence of three to eight hexadecimal octet pairs separated by  ":"  or
       "::",  where the latter is short-hand for a sequence of one or more all-zero octet pairs. The
       pattern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6 address.  IPv6 sup-
       port is available in Postfix 2.2 and later.

       Before  comparisons  are made, lookup keys and table entries are converted from string to bi-
       nary. Therefore, IPv6 patterns will be matched regardless of leading zeros (a leading zero in
       an IPv4 address octet indicates octal notation).

       Note: address information may be enclosed inside "[]" but this form is not required.

EXAMPLE SMTPD ACCESS MAP
       /etc/postfix/main.cf:
           smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...

       /etc/postfix/client.cidr:
           # Rule order matters. Put more specific allowlist entries
           # before more general denylist entries.
           192.168.1.1             OK
           192.168.0.0/16          REJECT
           2001:db8::1             OK
           2001:db8::/32           REJECT

SEE ALSO
       postmap(1), Postfix lookup table manager
       regexp_table(5), format of regular expression tables
       pcre_table(5), format of PCRE tables

README FILES
       Use "postconf readme_directory" or "postconf html_directory" to locate this information.
       DATABASE_README, Postfix lookup table overview

HISTORY
       CIDR table support was introduced with Postfix version 2.1.

AUTHOR(S)
       The CIDR table lookup code was originally written by:
       Jozsef Kadlecsik
       KFKI Research Institute for Particle and Nuclear Physics
       POB. 49
       1525 Budapest, Hungary

       Adopted and adapted by:
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

       Wietse Venema
       Google, Inc.
       111 8th Avenue
       New York, NY 10011, USA

                                                                                    CIDR_TABLE(5)
CIDR_TABLE(5)
NAME SYNOPSIS DESCRIPTION TABLE FORMAT TABLE SEARCH ORDER ADDRESS PATTERN SYNTAX EXAMPLE SMTPD ACCESS MAP SEE ALSO README FILES HISTORY

Generated by phpman v4.9.22-1-g1b0fcb4 · Markdown · JSON · MCP Author: Che Dong Under GNU General Public License
2026-07-05 06:10 @216.73.216.52
CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Valid XHTML 1.0 Transitional!Valid CSS!

^_top_^