From 0a99c1cb4787bac895dc6e2c606fda54ba38225d Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Fri, 4 Feb 2000 00:00:00 +0000
Subject: [PATCH] snapshot-20000204

---
 postfix/HISTORY                     |  21 +++
 postfix/RELEASE_NOTES               |   7 +-
 postfix/cleanup/cleanup.c           |   2 +
 postfix/cleanup/cleanup_api.c       |  18 ++-
 postfix/cleanup/cleanup_extracted.c |  32 +++--
 postfix/cleanup/cleanup_init.c      |   9 +-
 postfix/cleanup/cleanup_message.c   |  18 ++-
 postfix/conf/access                 |  16 +--
 postfix/conf/canonical              |  48 ++++++-
 postfix/conf/pcre_table             |  80 +++++++++++-
 postfix/conf/regexp_table           |  84 +++++++++++-
 postfix/conf/relocated              |  44 ++++++-
 postfix/conf/sample-pcre.cf         |   2 +-
 postfix/conf/transport              |  46 ++++++-
 postfix/conf/virtual                |  41 +++++-
 postfix/global/cleanup_strerror.c   |   1 +
 postfix/global/cleanup_user.h       |   3 +-
 postfix/global/mail_params.h        |   4 +
 postfix/global/mail_version.h       |   2 +-
 postfix/html/access.5.html          |  54 ++++----
 postfix/html/canonical.5.html       | 134 ++++++++++++++-----
 postfix/html/cleanup.8.html         |  10 +-
 postfix/html/pcre_table.5.html      | 132 +++++++++++++++++++
 postfix/html/pipe.8.html            |   2 +-
 postfix/html/regexp_table.5.html    | 132 +++++++++++++++++++
 postfix/html/relocated.5.html       | 104 ++++++++++++---
 postfix/html/resource.html          |   8 ++
 postfix/html/transport.5.html       | 142 ++++++++++----------
 postfix/html/virtual.5.html         | 196 ++++++++++++++--------------
 postfix/man/man5/access.5           |  16 +--
 postfix/man/man5/canonical.5        |  52 +++++++-
 postfix/man/man5/pcre_table.5       |  90 +++++++++++++
 postfix/man/man5/regexp_table.5     |  94 +++++++++++++
 postfix/man/man5/relocated.5        |  46 ++++++-
 postfix/man/man5/transport.5        |  48 ++++++-
 postfix/man/man5/virtual.5          |  45 ++++++-
 postfix/man/man8/cleanup.8          |   2 +
 postfix/man/man8/pipe.8             |   2 +-
 postfix/mantools/ccformat           |   2 +-
 postfix/master/multi_server.c       |   7 +
 postfix/master/single_server.c      |   7 +
 postfix/master/trigger_server.c     |   7 +
 postfix/pipe/pipe.c                 |   2 +-
 postfix/postconf/extract.awk        |   6 +-
 postfix/postsuper/postsuper.c       |   2 +-
 postfix/smtpd/smtpd.c               |  10 +-
 postfix/smtpd/smtpd.h               |   1 +
 postfix/smtpd/smtpd_check.c         |   9 +-
 postfix/smtpd/smtpd_state.c         |   1 +
 postfix/util/dict_mysql.c           |   2 +-
 50 files changed, 1482 insertions(+), 361 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 679a788a8..1f0614f7a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -3648,3 +3648,24 @@ Apologies for any names omitted.
 	time (see cleanup/cleanup_api.c); also got rid of the global
 	state variables and fixed a couple bugs that were introduced
 	with 20000115-22.
+
+20000204
+
+	Feature: in daemon mode, the MAIL FROM size check can be
+	postponed until RCPT TO so that Postfix can log sender and
+	recipient. Simon J Mudd.  Files: smtpd/smtpd.c
+
+	Robustness: limit the number of recipient addresses that
+	can be extracted from message headers. Parameter:
+	extract_recipient_limit (default:  10240). Files:
+	cleaup/cleanup_message.c, cleanup/cleanup_extracted.c.
+
+	Cleanup: the message header reject logging now includes
+	sender and recipient address (if possible), so that the
+	logging looks more like the other reject logging.  File:
+	cleanup/cleanup_message.c.
+
+	Documentation: added sections on regular expression tables
+	to the access, canonical, virtual, transport and relocated
+	man pages, and write new man pages that are specific to
+	regular expressions: pcre_table.5 and regexp_table.5.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index ac4111da2..6a45b4ddb 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,9 +1,10 @@
-Incompatible changes with snapshot-20000203
+Incompatible changes with snapshot-20000204
 ===========================================
 
-None sofar.
+This release is mainly to have a reference point after reorganizing
+the cleanup daemon.
 
-Major changes with snapshot-20000203
+Major changes with snapshot-20000204
 ====================================
 
 Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix
diff --git a/postfix/cleanup/cleanup.c b/postfix/cleanup/cleanup.c
index a8f1e913f..7121dc0ea 100644
--- a/postfix/cleanup/cleanup.c
+++ b/postfix/cleanup/cleanup.c
@@ -95,6 +95,8 @@
 /*	Limit the number of envelope recipients that are remembered.
 /* .IP \fBheader_size_limit\fR
 /*	Limit the amount of memory in bytes used to process a message header.
+/* .IP \fBextract_recipient_limit\fR
+/*	Limit the amount of recipients extracted from message headers.
 /* SEE ALSO
 /*	canonical(5) canonical address lookup table format
 /*	qmgr(8) queue manager daemon
diff --git a/postfix/cleanup/cleanup_api.c b/postfix/cleanup/cleanup_api.c
index a8b950302..0d530da9b 100644
--- a/postfix/cleanup/cleanup_api.c
+++ b/postfix/cleanup/cleanup_api.c
@@ -144,8 +144,8 @@ void    cleanup_control(CLEANUP_STATE *state, int flags)
      * throw away the input only in case of real show-stopper errors, such as
      * unrecognizable data (which should never happen) or insufficient space
      * for the queue file (which will happen occasionally). Otherwise,
-     * discard input after any lethal error. See the CLEANUP_OUT_OK()
-     * macro definition.
+     * discard input after any lethal error. See the CLEANUP_OUT_OK() macro
+     * definition.
      */
     if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) {
 	state->err_mask =
@@ -168,10 +168,12 @@ int     cleanup_close(CLEANUP_STATE *state)
      * the execute bits on a file only when we really want the queue manager
      * to process it.
      */
-    if (state->recip == 0)
-	state->errs |= CLEANUP_STAT_RCPT;
-    if (state->end_seen == 0)
-	state->errs |= CLEANUP_STAT_BAD;
+    if (CLEANUP_OUT_OK(state)) {
+	if (state->recip == 0)
+	    state->errs |= CLEANUP_STAT_RCPT;
+	if (state->end_seen == 0)
+	    state->errs |= CLEANUP_STAT_BAD;
+    }
 
     /*
      * If there are no errors, be very picky about queue file write errors
@@ -204,6 +206,8 @@ int     cleanup_close(CLEANUP_STATE *state)
      * message headers because we could not process all the message headers).
      * However, cleanup_strerror() prioritizes errors so that it can report
      * the cause (e.g., header buffer overflow), which is more useful.
+     * 
+     * XXX When bouncing, should log sender because qmgr won't be able to.
      */
 #define CAN_BOUNCE() \
 	((state->errs & (CLEANUP_STAT_BAD | CLEANUP_STAT_WRITE)) == 0 \
@@ -215,7 +219,7 @@ int     cleanup_close(CLEANUP_STATE *state)
 	    if (bounce_recip(BOUNCE_FLAG_CLEAN,
 			     MAIL_QUEUE_INCOMING, state->queue_id,
 			     state->sender, state->recip ?
-			     state->recip : "", "cleanup", state->time,
+			   state->recip : "unknown", "cleanup", state->time,
 			     "Message processing aborted: %s",
 			     cleanup_strerror(state->errs)) == 0) {
 		state->errs = 0;
diff --git a/postfix/cleanup/cleanup_extracted.c b/postfix/cleanup/cleanup_extracted.c
index 4a3fb36cb..b95a37299 100644
--- a/postfix/cleanup/cleanup_extracted.c
+++ b/postfix/cleanup/cleanup_extracted.c
@@ -144,23 +144,27 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf,
      */
     if (state->recip == 0 && (state->errs & CLEANUP_STAT_HOVFL) == 0) {
 	rcpt = (state->resent[0] ? state->resent_recip : state->recipients);
-	if (*var_always_bcc && rcpt->argv[0]) {
-	    clean_addr = vstring_alloc(100);
-	    cleanup_rewrite_internal(clean_addr, var_always_bcc);
-	    if (cleanup_rcpt_canon_maps)
-		cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
+	if (rcpt->argc >= var_extra_rcpt_limit) {
+	    state->errs |= CLEANUP_STAT_ROVFL;
+	} else {
+	    if (*var_always_bcc && rcpt->argv[0]) {
+		clean_addr = vstring_alloc(100);
+		cleanup_rewrite_internal(clean_addr, var_always_bcc);
+		if (cleanup_rcpt_canon_maps)
+		    cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
 				cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-	    if (cleanup_comm_canon_maps)
-		cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
+		if (cleanup_comm_canon_maps)
+		    cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
 				cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-	    argv_add(rcpt, STR(clean_addr), (char *) 0);
-	    vstring_free(clean_addr);
+		argv_add(rcpt, STR(clean_addr), (char *) 0);
+		vstring_free(clean_addr);
+	    }
+	    argv_terminate(rcpt);
+	    for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++)
+		cleanup_out_recipient(state, *cpp);
+	    if (rcpt->argv[0])
+		state->recip = mystrdup(rcpt->argv[0]);
 	}
-	argv_terminate(rcpt);
-	for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++)
-	    cleanup_out_recipient(state, *cpp);
-	if (rcpt->argv[0])
-	    state->recip = mystrdup(rcpt->argv[0]);
     }
 
     /*
diff --git a/postfix/cleanup/cleanup_init.c b/postfix/cleanup/cleanup_init.c
index c3b1a537b..2de75692c 100644
--- a/postfix/cleanup/cleanup_init.c
+++ b/postfix/cleanup/cleanup_init.c
@@ -23,7 +23,7 @@
 /*	void	cleanup_all()
 /* DESCRIPTION
 /*	This module implements a callable interface to the cleanup service
-/*	for one-time initializations that must be done before any message 
+/*	for one-time initializations that must be done before any message
 /*	processing can take place.
 /*
 /*	cleanup_int_table[] and cleanup_str_table[] specify configuration
@@ -33,7 +33,7 @@
 /*
 /*	cleanup_pre_jail() and cleanup_post_jail() perform mandatory
 /*	initializations before and after the process enters the optional
-/*	chroot jail. These functions satisfy the interface as specified 
+/*	chroot jail. These functions satisfy the interface as specified
 /*	in single_service(3).
 /*
 /*	cleanup_path is either a null pointer or it is the name of a queue
@@ -42,7 +42,7 @@
 /*
 /*	cleanup_all() must be called in case of fatal error, in order
 /*	to remove an incomplete queue file. Normally, as part of process
-/*	initialization, one registers a msg_cleanup() handler and a signal() 
+/*	initialization, one registers a msg_cleanup() handler and a signal()
 /*	handler that both call cleanup_all() before terminating the process.
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
@@ -101,14 +101,17 @@ char   *var_empty_addr;			/* destination of bounced bounces */
 int     var_delay_warn_time;		/* delay that triggers warning */
 char   *var_prop_extension;		/* propagate unmatched extension */
 char   *var_always_bcc;			/* big brother */
+int     var_extra_rcpt_limit;		/* recipient extract limit */
 
 CONFIG_INT_TABLE cleanup_int_table[] = {
     VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
     VAR_HEADER_LIMIT, DEF_HEADER_LIMIT, &var_header_limit, 1, 0,
     VAR_DUP_FILTER_LIMIT, DEF_DUP_FILTER_LIMIT, &var_dup_filter_limit, 0, 0,
     VAR_DELAY_WARN_TIME, DEF_DELAY_WARN_TIME, &var_delay_warn_time, 0, 0,
+    VAR_EXTRA_RCPT_LIMIT, DEF_EXTRA_RCPT_LIMIT, &var_extra_rcpt_limit, 0, 0,
     0,
 };
+
 CONFIG_STR_TABLE cleanup_str_table[] = {
     VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
     VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
diff --git a/postfix/cleanup/cleanup_message.c b/postfix/cleanup/cleanup_message.c
index 532ddce5d..c4fb5a91e 100644
--- a/postfix/cleanup/cleanup_message.c
+++ b/postfix/cleanup/cleanup_message.c
@@ -202,6 +202,7 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
     TOK822 *tree;
     TOK822 **addr_list;
     TOK822 **tpp;
+    ARGV   *rcpt;
 
     if (msg_verbose)
 	msg_info("rewrite_recip: %s", hdr_opts->name);
@@ -222,11 +223,14 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
 	if (cleanup_comm_canon_maps)
 	    cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
 			       cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-	tok822_internalize(state->temp1, tpp[0]->head, TOK822_STR_DEFL);
-	if (state->recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0)
-	    argv_add((hdr_opts->flags & HDR_OPT_RR) ?
-		     state->resent_recip : state->recipients,
-		     vstring_str(state->temp1), (char *) 0);
+	if (state->recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0) {
+	    rcpt = (hdr_opts->flags & HDR_OPT_RR) ?
+		state->resent_recip : state->recipients;
+	    if (rcpt->argc < var_extra_rcpt_limit) {
+		tok822_internalize(state->temp1, tpp[0]->head, TOK822_STR_DEFL);
+		argv_add(rcpt, vstring_str(state->temp1), (char *) 0);
+	    }
+	}
 	if (cleanup_masq_domains)
 	    cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
 	if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !state->return_receipt)
@@ -260,7 +264,9 @@ static void cleanup_header(CLEANUP_STATE *state)
 
 	if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
 	    if (strcasecmp(value, "REJECT") == 0) {
-		msg_warn("%s: reject: header %.100s", state->queue_id, header);
+		msg_info("%s: reject: header %.100s; from=<%s> to=<%s>",
+			 state->queue_id, header, state->sender,
+			 state->recip ? state->recip : "unknown");
 		state->errs |= CLEANUP_STAT_CONT;
 	    }
 	}
diff --git a/postfix/conf/access b/postfix/conf/access
index 6fcde8c3f..e994a9473 100644
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -34,7 +34,8 @@
 # PATTERNS
 # .ad
 # .fi
-#	With lookups from indexed files, patterns are tried in the order as
+#	With lookups from indexed files such as DB or DBM, or from networked
+#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
 #	listed below:
 # .IP \fIuser\fR@\fIdomain\fR
 #	Matches the specified mail address.
@@ -73,13 +74,12 @@
 #	Each pattern is a regular expression that is applied to the entire
 #	string being looked up. Depending on the application, that string
 #	is an entire client hostname, an entire client IP address, or an
-#	entire mail address. Patterns are applied in order as specified,
-#	until a pattern is found that matches the search string.
+#	entire mail address. Thus, no parent domain or parent network search
+#	is done, and \fIuser@domain\fR mail addresses are not broken up into
+#	their \fIuser@\fR and \fIdomain\fR constituent parts.
 #
-#	In contrast to lookups from indexed files, no parent domain or
-#	parent network search is done with regular expression tables, 
-#	and \fIuser@domain\fR mail addresses are not broken up into their 
-#	\fIuser@\fR and \fIdomain\fR constituent parts.
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
 #
 #	Actions are the same as with normal indexed file lookups, with
 #	the additional feature that parenthesized substrings from the
@@ -90,7 +90,7 @@
 #	postmap(1) create mapping table
 #	smtpd(8) smtp server
 #	pcre_table(5) format of PCRE tables
-#	regexp_table(5) format of POSIX regexp tables
+#	regexp_table(5) format of POSIX regular expression tables
 # LICENSE
 # .ad
 # .fi
diff --git a/postfix/conf/canonical b/postfix/conf/canonical
index 1f464bb60..448ae5040 100644
--- a/postfix/conf/canonical
+++ b/postfix/conf/canonical
@@ -10,12 +10,19 @@
 #	local and non-local addresses. The mapping is used by the
 #	\fBcleanup\fR(8) daemon.  The address mapping is recursive.
 #
-#	The file serves as input to the \fBpostmap\fR(1) command. The result,
-#	an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-#	fast searching by the mail system. After an update
+#	Normally, the file serves as input to the \fBpostmap\fR(1) command.
+#	The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+#	is used for fast searching by the mail system. After an update
 #	it may take a minute or so before the change becomes visible.
 #	Issue a \fBpostfix reload\fR command to eliminate the delay.
 #
+#	When the table is provided via other means such as NIS, LDAP
+#	or SQL, the same lookups are done as for ordinary indexed files.
+#
+#	Alternatively, the table can be provided as a regular-expression
+#	map where patterns are given as regular expressions. In that case,
+#	the lookups are done in a slightly different way as described below.
+#
 #	The \fBcanonical\fR mapping affects both message header addresses
 #	(i.e. addresses that appear inside messages) and message envelope
 #	addresses (for example, the addresses that are used in SMTP protocol
@@ -30,11 +37,19 @@
 #
 #	The \fBcanonical\fR mapping is not to be confused with local aliasing.
 #	Use the \fBaliases\fR(5) map for that purpose.
-#
-#	The format of the \fBcanonical\fR table is as follows, mappings
-#	being tried in the order as listed in this manual page:
+# TABLE FORMAT
+# .ad
+# .fi
+#	The format of the \fBcanonical\fR table is as follows:
 # .IP "blanks and comments"
 #	Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+#	When \fIpattern\fR matches a mail address, replace it by the
+#	corresponding \fIresult\fR.
+# .PP
+#	With lookups from indexed files such as DB or DBM, or from networked
+#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+#	listed below:
 # .IP "\fIuser\fR@\fIdomain address\fR"
 #	\fIuser\fR@\fIdomain\fR is replaced by \fIaddress\fR. This form
 #	has the highest precedence.
@@ -65,6 +80,25 @@
 #	to the result of table lookup. The matching order is:
 #	\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
 #	\fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+#	This section describes how the table lookups change when the table
+#	is given in the form of regular expressions. For a description of
+#	regular expression lookup table syntax, see \fBregexp_table\fR(5)
+#	or \fBpcre_table\fR(5).
+#
+#	Each pattern is a regular expression that is applied to the entire
+#	address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+#	broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+#	nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
+#
+#	Results are the same as with normal indexed file lookups, with
+#	the additional feature that parenthesized substrings from the
+#	pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 # BUGS
 #	The table format does not understand quoting conventions.
 # CONFIGURATION PARAMETERS
@@ -101,6 +135,8 @@
 #	cleanup(8) canonicalize and enqueue mail
 #	postmap(1) create mapping table
 #	virtual(5) virtual domain mapping
+#	pcre_table(5) format of PCRE tables
+#	regexp_table(5) format of POSIX regular expression tables
 # LICENSE
 # .ad
 # .fi
diff --git a/postfix/conf/pcre_table b/postfix/conf/pcre_table
index cdecf7822..525d7fb0e 100644
--- a/postfix/conf/pcre_table
+++ b/postfix/conf/pcre_table
@@ -1 +1,79 @@
-THIS IS TODO
+#++
+# NAME
+#	pcre_table 5
+# SUMMARY
+#	format of Postfix PCRE tables
+# SYNOPSIS
+#	pcre:/etc/postfix/filename
+# DESCRIPTION
+#	The Postfix mail system uses optional tables for address
+#	rewriting or mail routing. These tables usually are in
+#	\fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+#	can be specified in Perl Compatible Regular Expression form.
+#
+#	To find out what types of lookup tables your Postfix system
+#	supports use the \fBpostconf -m\fR command.
+#
+#	The general form of a PCRE table is:
+# .IP "blanks and comments"
+#	Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+#	When \fIpattern\fR matches a search string, use the corresponding
+#	\fIresult\fR. A line that starts with white space continues the
+#	preceding line.
+# .PP
+#	Each pattern is a perl-like regular expression. The expression
+#	delimiter can be any character, except whitespace or characters
+#	that have special meaning (traditionally the forward slash is used).
+#	The regular expression can contain whitespace.
+#
+#	By default, matching is case-insensitive, although following
+#	the second slash with an `i' flag will reverse this. Other flags
+#	are supported, but the only other useful one is `U', which makes
+#	matching ungreedy (see PCRE documentation and source for more
+#	info).
+#
+#	Each pattern is applied to the entire string being looked up.
+#	Depending on the application, that string is an entire client
+#	hostname, an entire client IP address, or an entire mail address.
+#	Thus, no parent domain or parent network search is done, and
+#	\fIuser@domain\fR mail addresses are not broken up into their
+#	\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+#	broken up into \fIuser\fR and \fIfoo\fR.
+#
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
+#
+#	Substitution of sub-strings from the matched expression is
+#	possible using the conventional perl syntax ($1, $2, etc.). The
+#	macros in the replacement string may need to be written as ${n}
+#	or $(n) if they aren't followed by whitespace.
+# EXAMPLES
+#	# Protect your outgoing majordomo exploders
+#	/^(?!owner-)(.*)-outgoing@(my\.domain)$/    550 Use ${1}@${2} instead
+#
+#	# Bounce friend@whatever, except when whatever is our domain (you would
+#	# be better just bouncing all friend@ mail - this is just an example).
+#	/^friend@(?!my\.domain).*$/         550 Stick this in your pipe $0
+#
+#	# A multi-line entry. The text is sent as one line.
+#	#
+#	/^noddy@connect\.com\.au$/
+#	\ 550 This user is a funny one. You really don't want to send mail to
+#	\ them as it only makes their head spin.
+# SEE ALSO
+#	regexp_table(5) format of POSIX regular expression tables
+# AUTHOR(S)
+#	The PCRE table lookup code was originally written by:
+#	Andrew McNamara
+#	andrewm@connect.com.au
+#	connect.com.au Pty. Ltd.
+#	Level 3, 213 Miller St
+#	North Sydney, NSW, Australia
+#
+#	Adopted and adapted by:
+#	Wietse Venema
+#	IBM T.J. Watson Research
+#	P.O. Box 704
+#	Yorktown Heights, NY 10598, USA
+#--
diff --git a/postfix/conf/regexp_table b/postfix/conf/regexp_table
index cdecf7822..d91251325 100644
--- a/postfix/conf/regexp_table
+++ b/postfix/conf/regexp_table
@@ -1 +1,83 @@
-THIS IS TODO
+#++
+# NAME
+#	regexp_table 5
+# SUMMARY
+#	format of Postfix regular expression tables
+# SYNOPSIS
+#	regexp:/etc/postfix/filename
+# DESCRIPTION
+#	The Postfix mail system uses optional tables for address
+#	rewriting or mail routing. These tables usually are in
+#	\fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+#	can be specified in POSIX regular expression form.
+#
+#	To find out what types of lookup tables your Postfix system
+#	supports use the \fBpostconf -m\fR command.
+#
+#	The general form of a Postfix regular expression table is:
+# .IP "blanks and comments"
+#	Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+#	When \fIpattern\fR matches a search string, use the corresponding
+#	\fIresult\fR. A line that starts with white space continues the
+#	preceding line.
+# .IP "\fIpattern1!pattern2 result\fR"
+#	Matches \fIpattern1\fR but not \fIpattern2\fR.
+# .PP
+#	Each pattern is a regular expression enclosed by a pair of delimiters.
+#	The regular expression syntax is described in \fIre_format\fR(7).
+#	The expression delimiter can be any character, except whitespace
+#	or characters that have special meaning (traditionally the forward
+#	slash is used). The regular expression can contain whitespace.
+#
+#	By default, matching is case-insensitive, although following
+#	the second slash with an `i' flag will reverse this. Other flags
+#	are `x' (disable extended expression syntax), and `m' (enable
+#	multi-line mode).
+#
+#	Each pattern is applied to the entire string being looked up.
+#	Depending on the application, that string is an entire client
+#	hostname, an entire client IP address, or an entire mail address.
+#	Thus, no parent domain or parent network search is done, and
+#	\fIuser@domain\fR mail addresses are not broken up into their
+#	\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+#	broken up into \fIuser\fR and \fIfoo\fR.
+#
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
+#
+#	Substitution of sub-strings from the matched expression is
+#	possible using $1, $2, etc.. The macros in the replacement string
+#	may need to be written as ${n} or $(n) if they aren't followed
+#	by whitespace.
+# EXAMPLES
+#	# Disallow sender-specified routing. This is a must if you relay mail
+#	# for other domains.
+#	/[%!@].*[%!@]/            550 Sender-specified routing rejected
+#
+#	# Postmaster is OK, that way they can talk to us about how to fix
+#	# their problem.
+#	/^postmaster@.*$/         OK
+#
+#	# Protect your outgoing majordomo exploders
+#	/^(.*)-outgoing@(.*)$/!/^owner-.*/      550 Use ${1}@${2} instead
+# SEE ALSO
+#	pcre_table(5) format of PCRE tables
+# AUTHOR(S)
+#	The regexp table lookup code was originally written by:
+#	LaMont Jones
+#	lamont@hp.com
+#
+#	That code was based on the PCRE dictionary contributed by:
+#	Andrew McNamara
+#	andrewm@connect.com.au
+#	connect.com.au Pty. Ltd.
+#	Level 3, 213 Miller St
+#	North Sydney, NSW, Australia
+#
+#	Adopted and adapted by:
+#	Wietse Venema
+#	IBM T.J. Watson Research
+#	P.O. Box 704
+#	Yorktown Heights, NY 10598, USA
+#--
diff --git a/postfix/conf/relocated b/postfix/conf/relocated
index 1c3c216cf..aa736cccc 100644
--- a/postfix/conf/relocated
+++ b/postfix/conf/relocated
@@ -9,13 +9,22 @@
 #	The optional \fBrelocated\fR file provides the information that is
 #	used in "user has moved to \fInew_location\fR" bounce messages.
 #
-#	The file serves as input to the \fBpostmap\fR(1) command. The result,
-#	an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-#	fast searching by the mail system. After an update
+#	Normally, the file serves as input to the \fBpostmap\fR(1) command.
+#	The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+#	is used for fast searching by the mail system. After an update
 #	issue a \fBpostfix reload\fR command to make the change visible.
 #
-#	Table lookups are case insensitive.
+#	When the table is provided via other means such as NIS, LDAP
+#	or SQL, the same lookups are done as for ordinary indexed files.
 #
+#	Alternatively, the table can be provided as a regular-expression
+#	map where patterns are given as regular expressions. In that case,
+#	the lookups are done in a slightly different way as described below.
+#
+#	Table lookups are case insensitive.
+# TABLE FORMAT
+# .ad
+# .fi
 #	The format of the table is as follows:
 # .IP \(bu
 #	Blank lines are ignored, as are lines beginning with `#'.
@@ -27,7 +36,9 @@
 #	Where \fInew_location\fR specifies contact information such as
 #	an email address, or perhaps a street address or telephone number.
 # .PP
-#	The \fIkey\fR field is one of the following:
+#	With lookups from indexed files such as DB or DBM, or from networked
+#	tables such as NIS, LDAP or SQL, the \fIkey\fR field is one of the
+#	following:
 # .IP \fIuser\fR@\fIdomain\fR
 #	Matches \fIuser\fR@\fIdomain\fR. This form has precedence over all
 #	other forms.
@@ -45,6 +56,25 @@
 #	optional recipient delimiter (e.g., \fIuser+foo\fR@\fIdomain\fR),
 #	the search is repeated for the unextended address (e.g.
 #	\fIuser\fR@\fIdomain\fR).
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+#	This section describes how the table lookups change when the table
+#	is given in the form of regular expressions. For a description of
+#	regular expression lookup table syntax, see \fBregexp_table\fR(5)
+#	or \fBpcre_table\fR(5).
+#
+#	Each pattern is a regular expression that is applied to the entire
+#	address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+#	broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+#	nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
+#
+#	Results are the same as with normal indexed file lookups, with
+#	the additional feature that parenthesized substrings from the
+#	pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 # BUGS
 #	The table format does not understand quoting conventions.
 # CONFIGURATION PARAMETERS
@@ -66,6 +96,8 @@
 #	The domain that is appended to locally-posted mail.
 # SEE ALSO
 #	postmap(1) create lookup table
+#	pcre_table(5) format of PCRE tables
+#	regexp_table(5) format of POSIX regular expression tables
 # LICENSE
 # .ad
 # .fi
@@ -76,5 +108,5 @@
 #	P.O. Box 704
 #	Yorktown Heights, NY 10598, USA
 #--
- 
+
 # By default, this file is not used.  See sample-relocated.cf
diff --git a/postfix/conf/sample-pcre.cf b/postfix/conf/sample-pcre.cf
index 2bfa1a122..48b829784 100644
--- a/postfix/conf/sample-pcre.cf
+++ b/postfix/conf/sample-pcre.cf
@@ -7,7 +7,7 @@
 #	the forward slash is used). The regular expression can contain
 #	whitespace.
 #
-#	By default, matching is case-INsensative, although following
+#	By default, matching is case-INsensitive, although following
 #	the second slash with an 'i' will reverse this. Other flags are
 #	supported, but the only other useful one is 'U', which makes
 #	matching ungreedy (see PCRE documentation and source for more
diff --git a/postfix/conf/transport b/postfix/conf/transport
index 258a7b37d..8b80bb00c 100644
--- a/postfix/conf/transport
+++ b/postfix/conf/transport
@@ -10,14 +10,30 @@
 #	hierarchies to message delivery transports and/or relay hosts. The
 #	mapping is used by the \fBtrivial-rewrite\fR(8) daemon.
 #
-#	The file serves as input to the \fBpostmap\fR(1) command. The result,
-#	an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-#	fast searching by the mail system. After updating this table,
+#	Normally, the file serves as input to the \fBpostmap\fR(1) command.
+#	The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
+#	for fast searching by the mail system. After updating this table,
 #	issue the \fBpostfix reload\fR command to make the change visible.
 #
+#	When the table is provided via other means such as NIS, LDAP
+#	or SQL, the same lookups are done as for ordinary indexed files.
+#
+#	Alternatively, the table can be provided as a regular-expression
+#	map where patterns are given as regular expressions. In that case,
+#	the lookups are done in a slightly different way as described below.
+# TABLE FORMAT
+# .ad
+# .fi
 #	The format of the transport table is as follows:
 # .IP "blanks and comments"
 #	Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+#	When \fIpattern\fR matches the domain, use the corresponding
+#	\fIresult\fR.
+# .PP
+#	With lookups from indexed files such as DB or DBM, or from networked
+#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+#	listed below:
 # .IP "\fIdomain transport\fR:\fInexthop\fR"
 #	Mail for \fIdomain\fR is delivered through \fItransport\fR to
 #	\fInexthop\fR.
@@ -32,7 +48,7 @@
 #	for example:
 #
 # .ti +5
-#	\fBhostname.my.domain       local:\fR
+#	\fBhostname.my.domain	local:\fR
 # .ti +5
 #	\fBlocalhost.my.domain      local:\fR
 #
@@ -88,8 +104,26 @@
 # .ti +5
 #	\fB\&.foo.org      error:mail for *.foo.org is not deliverable\fR
 #
-#	This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR 
+#	This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR
 #	to be bounced.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+#	This section describes how the table lookups change when the table
+#	is given in the form of regular expressions. For a description of
+#	regular expression lookup table syntax, see \fBregexp_table\fR(5)
+#	or \fBpcre_table\fR(5).
+#
+#	Each pattern is a regular expression that is applied to the entire
+#	domain being looked up. Thus, \fIsome.domain.hierarchy\fR is not
+#	broken up into parent domains.
+#
+#	Patterns are applied in the order as specified in the table, until a
+#	pattern is found that matches the search string.
+#
+#	Results are the same as with normal indexed file lookups, with
+#	the additional feature that parenthesized substrings from the
+#	pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 # CONFIGURATION PARAMETERS
 # .ad
 # .fi
@@ -108,6 +142,8 @@
 # SEE ALSO
 #	postmap(1) create mapping table
 #	trivial-rewrite(8) rewrite and resolve addresses
+#	pcre_table(5) format of PCRE tables
+#	regexp_table(5) format of POSIX regular expression tables
 # LICENSE
 # .ad
 # .fi
diff --git a/postfix/conf/virtual b/postfix/conf/virtual
index ef2e34934..bc29dca1a 100644
--- a/postfix/conf/virtual
+++ b/postfix/conf/virtual
@@ -15,12 +15,21 @@
 #	Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
 #	mapping to rewrite header and envelope addresses in general.
 #
-#	The file serves as input to the \fBpostmap\fR(1) command. The
-#	result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+#	Normally, the file serves as input to the \fBpostmap\fR(1) command.
+#	The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
 #	is used for fast searching by the mail system. After an update
 #	it may take a minute or so before the change becomes visible.
 #	Issue a \fBpostfix reload\fR command to eliminate the delay.
 #
+#	When the table is provided via other means such as NIS, LDAP
+#	or SQL, the same lookups are done as for ordinary indexed files.
+#
+#	Alternatively, the table can be provided as a regular-expression
+#	map where patterns are given as regular expressions. In that case,
+#	the lookups are done in a slightly different way as described below.
+# TABLE FORMAT
+# .ad
+# .fi
 #	Typical support for a virtual domain looks like the following:
 #
 # .in +4
@@ -38,6 +47,13 @@
 #	tried in the order as listed in this manual page:
 # .IP "blanks and comments"
 #	Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+#	When \fIpattern\fR matches a mail address, replace it by the
+#	corresponding \fIresult\fR.
+# .PP
+#	With lookups from indexed files such as DB or DBM, or from networked
+#	tables such as NIS, LDAP or SQL, patterns are tried in the order as
+#	listed below:
 # .IP "\fIuser\fR@\fIdomain address, address, ...\fR"
 #	Mail for \fIuser\fR@\fIdomain\fR is redirected to \fIaddress\fR.
 #	This form has the highest precedence.
@@ -66,6 +82,25 @@
 #	propagated to the result of expansion. The matching order is:
 #	\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
 #	\fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+#	This section describes how the table lookups change when the table
+#	is given in the form of regular expressions. For a description of
+#	regular expression lookup table syntax, see \fBregexp_table\fR(5)
+#	or \fBpcre_table\fR(5).
+#
+#	Each pattern is a regular expression that is applied to the entire
+#	address being looked up. Thus, \fIuser@domain\fR mail addresses are not 
+#	broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+#	nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+#	Patterns are applied in the order as specified in the table, until a 
+#	pattern is found that matches the search string.
+#
+#	Results are the same as with normal indexed file lookups, with
+#	the additional feature that parenthesized substrings from the
+#	pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 # BUGS
 #	The table format does not understand quoting conventions.
 # CONFIGURATION PARAMETERS
@@ -91,6 +126,8 @@
 # SEE ALSO
 #	cleanup(8) canonicalize and enqueue mail
 #	postmap(1) create mapping table
+#	pcre_table(5) format of PCRE tables
+#	regexp_table(5) format of POSIX regular expression tables
 # LICENSE
 # .ad
 # .fi
diff --git a/postfix/global/cleanup_strerror.c b/postfix/global/cleanup_strerror.c
index 088f31aaa..144b74e72 100644
--- a/postfix/global/cleanup_strerror.c
+++ b/postfix/global/cleanup_strerror.c
@@ -50,6 +50,7 @@ struct cleanup_stat_map {
 static struct cleanup_stat_map cleanup_stat_map[] = {
     CLEANUP_STAT_BAD, "Internal protocol error",
     CLEANUP_STAT_HOVFL, "Message header too long",
+    CLEANUP_STAT_ROVFL, "Too many extracted recipients",
     CLEANUP_STAT_RCPT, "No recipients specified",
     CLEANUP_STAT_HOPS, "Too many hops",
     CLEANUP_STAT_SIZE, "Message file too big",
diff --git a/postfix/global/cleanup_user.h b/postfix/global/cleanup_user.h
index cc7d768e4..8dff91022 100644
--- a/postfix/global/cleanup_user.h
+++ b/postfix/global/cleanup_user.h
@@ -32,8 +32,9 @@
 #define CLEANUP_STAT_SYN	(1<<5)	/* Bad address syntax */
 #define CLEANUP_STAT_RCPT	(1<<6)	/* No recipients found */
 #define CLEANUP_STAT_HOVFL	(1<<7)	/* Header overflow */
+#define CLEANUP_STAT_ROVFL	(1<<8)	/* Recipient overflow */
 
-#define CLEANUP_STAT_LETHAL	(~CLEANUP_STAT_HOVFL)	/* lethal errors */
+#define CLEANUP_STAT_LETHAL	~(CLEANUP_STAT_HOVFL|CLEANUP_STAT_ROVFL)
 
 extern const char *cleanup_strerror(unsigned);
 
diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h
index d7f309d68..807ae0f37 100644
--- a/postfix/global/mail_params.h
+++ b/postfix/global/mail_params.h
@@ -639,6 +639,10 @@ extern int var_hopcount_limit;
 #define DEF_HEADER_LIMIT	102400
 extern int var_header_limit;
 
+#define VAR_EXTRA_RCPT_LIMIT	"extract_recipient_limit"
+#define DEF_EXTRA_RCPT_LIMIT	10240
+extern int var_extra_rcpt_limit;
+
  /*
   * Message/queue size limits.
   */
diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h
index 956d19670..ee9afa2a3 100644
--- a/postfix/global/mail_version.h
+++ b/postfix/global/mail_version.h
@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20000203"
+#define DEF_MAIL_VERSION	"Snapshot-20000204"
 extern char *var_mail_version;
 
 /* LICENSE
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index 47059a1a1..7371cac91 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -45,23 +45,23 @@ ACCESS(5)                                               ACCESS(5)
               address, perform the corresponding <i>action</i>.
 
 <b>PATTERNS</b>
-       With lookups from indexed files, patterns are tried in the
-       order as listed below:
+       With lookups from indexed files such as DB or DBM, or from
+       networked  tables  such  as NIS, LDAP or SQL, patterns are
+       tried in the order as listed below:
 
        <i>user</i>@<i>domain</i>
               Matches the specified mail address.
 
        <i>domain.name</i>
-              Matches  the  <i>domain.name</i>  itself and any subdomain
-              thereof, either in hostnames or in mail  addresses.
+              Matches the <i>domain.name</i> itself  and  any  subdomain
+              thereof,  either in hostnames or in mail addresses.
               Top-level domains will never be matched.
 
-       <i>user</i>@  Matches  all mail addresses with the specified user
+       <i>user</i>@  Matches all mail addresses with the specified  user
               part.
 
 
 
-
                                                                 1
 
 
@@ -77,13 +77,13 @@ ACCESS(5)                                               ACCESS(5)
 
        <i>net.work</i>
 
-       <i>net</i>    Matches any host address in the specified  network.
-              A  network  address  is  a  sequence of one or more
+       <i>net</i>    Matches  any host address in the specified network.
+              A network address is a  sequence  of  one  or  more
               octets separated by ".".
 
 <b>ACTIONS</b>
        [<b>45</b>]<i>XX</i> <i>text</i>
-              Reject the address etc. that matches  the  pattern,
+              Reject  the  address etc. that matches the pattern,
               and respond with the numerical code and text.
 
        <b>REJECT</b> Reject the address etc. that matches the pattern. A
@@ -95,35 +95,35 @@ ACCESS(5)                                               ACCESS(5)
               Accept the address etc. that matches the pattern.
 
 <b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
-       This section describes how the table lookups  change  when
+       This  section  describes how the table lookups change when
        the table is given in the form of regular expressions. For
-       a description of regular expression lookup  table  syntax,
-       see <b>regexp</b><i>_</i><b>table</b>(5) or <b>pcre</b><i>_</i><b>table</b>(5).
+       a  description  of regular expression lookup table syntax,
+       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
 
-       Each  pattern  is  a regular expression that is applied to
+       Each pattern is a regular expression that  is  applied  to
        the entire string being looked up. Depending on the appli-
-       cation,  that  string  is  an  entire  client hostname, an
-       entire client IP address, or an entire mail address.  Pat-
-       terns  are  applied in order as specified, until a pattern
-       is found that matches the search string.
+       cation, that string  is  an  entire  client  hostname,  an
+       entire client IP address, or an entire mail address. Thus,
+       no parent domain or parent network  search  is  done,  and
+       <i>user@domain</i>  mail  addresses  are not broken up into their
+       <i>user@</i> and <i>domain</i> constituent parts.
 
-       In contrast to  lookups  from  indexed  files,  no  parent
-       domain  or  parent  network  search  is  done with regular
-       expression tables, and <i>user@domain</i> mail addresses are  not
-       broken up into their <i>user@</i> and <i>domain</i> constituent parts.
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
+       string.
 
-       Actions  are the same as with normal indexed file lookups,
-       with the additional feature that parenthesized  substrings
-       from  the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+       Actions are the same as with normal indexed file  lookups,
+       with  the additional feature that parenthesized substrings
+       from the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so  on.
 
 <b>BUGS</b>
-       The table format does not understand quoting  conventions.
+       The  table format does not understand quoting conventions.
 
 <b>SEE</b> <b>ALSO</b>
        <a href="postmap.1.html">postmap(1)</a> create mapping table
        <a href="smtpd.8.html">smtpd(8)</a> smtp server
        <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
-       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regexp tables
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
 
 
 
@@ -138,7 +138,7 @@ ACCESS(5)                                               ACCESS(5)
 
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html
index fdfc525b6..6bd8000b8 100644
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@@ -16,11 +16,21 @@ CANONICAL(5)                                         CANONICAL(5)
        for local and non-local addresses. The mapping is used  by
        the  <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.  The address mapping is recursive.
 
-       The file serves as input to the  <a href="postmap.1.html"><b>postmap</b>(1)</a>  command.  The
-       result,  an  indexed file in <b>dbm</b> or <b>db</b> format, is used for
-       fast searching by the mail system. After an update it  may
-       take  a  minute  or  so before the change becomes visible.
-       Issue a <b>postfix</b> <b>reload</b> command to eliminate the delay.
+       Normally, the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a>  com-
+       mand.  The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
+       used for fast searching  by  the  mail  system.  After  an
+       update  it  may  take  a  minute  or  so before the change
+       becomes visible.  Issue a <b>postfix</b> <b>reload</b> command to elimi-
+       nate the delay.
+
+       When  the  table  is provided via other means such as NIS,
+       LDAP or SQL, the same lookups are  done  as  for  ordinary
+       indexed files.
+
+       Alternatively,  the  table  can  be provided as a regular-
+       expression map where patterns are given as regular expres-
+       sions.  In  that  case, the lookups are done in a slightly
+       different way as described below.
 
        The  <b>canonical</b>  mapping  affects   both   message   header
        addresses (i.e. addresses that appear inside messages) and
@@ -38,13 +48,33 @@ CANONICAL(5)                                         CANONICAL(5)
        The  <b>canonical</b>  mapping  is  not to be confused with local
        aliasing.  Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
 
-       The format of the <b>canonical</b> table is as follows,  mappings
-       being tried in the order as listed in this manual page:
+<b>TABLE</b> <b>FORMAT</b>
+       The format of the <b>canonical</b> table is as follows:
 
        blanks and comments
-              Blank  lines  are  ignored,  as are lines beginning
+              Blank lines are ignored,  as  are  lines  beginning
               with `#'.
 
+       <i>pattern</i> <i>result</i>
+              When  <i>pattern</i> matches a mail address, replace it by
+              the corresponding <i>result</i>.
+
+
+
+
+                                                                1
+
+
+
+
+
+CANONICAL(5)                                         CANONICAL(5)
+
+
+       With lookups from indexed files such as DB or DBM, or from
+       networked  tables  such  as NIS, LDAP or SQL, patterns are
+       tried in the order as listed below:
+
        <i>user</i>@<i>domain</i> <i>address</i>
               <i>user</i>@<i>domain</i> is replaced by <i>address</i>. This  form  has
               the highest precedence.
@@ -59,18 +89,6 @@ CANONICAL(5)                                         CANONICAL(5)
               to  $<b>myorigin</b>,  when  <i>site</i> is listed in $<b>mydestina-</b>
               <b>tion</b>, or when it is listed in $<b>inet</b><i>_</i><b>interfaces</b>.
 
-
-
-
-                                                                1
-
-
-
-
-
-CANONICAL(5)                                         CANONICAL(5)
-
-
               This form is useful for replacing  login  names  by
               <i>Firstname.Lastname</i>.
 
@@ -90,6 +108,38 @@ CANONICAL(5)                                         CANONICAL(5)
        matching order is: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>,
        <i>user</i>, and @<i>domain</i>.
 
+<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
+       This  section  describes how the table lookups change when
+       the table is given in the form of regular expressions. For
+       a  description  of regular expression lookup table syntax,
+       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
+
+       Each pattern is a regular expression that  is  applied  to
+       the entire address being looked up. Thus, <i>user@domain</i> mail
+       addresses are not broken up into their  <i>user</i>  and  <i>@domain</i>
+       constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
+       <i>foo</i>.
+
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
+       string.
+
+       Results are the same as with normal indexed file  lookups,
+
+
+
+                                                                2
+
+
+
+
+
+CANONICAL(5)                                         CANONICAL(5)
+
+
+       with  the additional feature that parenthesized substrings
+       from the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so  on.
+
 <b>BUGS</b>
        The  table format does not understand quoting conventions.
 
@@ -124,19 +174,6 @@ CANONICAL(5)                                         CANONICAL(5)
               List  of user names that are not subject to address
               masquerading.
 
-
-
-
-
-                                                                2
-
-
-
-
-
-CANONICAL(5)                                         CANONICAL(5)
-
-
        <b>mydestination</b>
               List of domains that  this  mail  system  considers
               local.
@@ -152,6 +189,19 @@ CANONICAL(5)                                         CANONICAL(5)
        <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
        <a href="postmap.1.html">postmap(1)</a> create mapping table
        <a href="virtual.5.html">virtual(5)</a> virtual domain mapping
+       <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
+
+
+
+                                                                3
+
+
+
+
+
+CANONICAL(5)                                         CANONICAL(5)
+
 
 <b>LICENSE</b>
        The  Secure  Mailer  license must be distributed with this
@@ -194,7 +244,23 @@ CANONICAL(5)                                         CANONICAL(5)
 
 
 
-                                                                3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+                                                                4
 
 
 </pre> </body> </html>
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html
index 24150028f..def018487 100644
--- a/postfix/html/cleanup.8.html
+++ b/postfix/html/cleanup.8.html
@@ -143,6 +143,10 @@ CLEANUP(8)                                             CLEANUP(8)
               Limit the amount of memory in bytes used to process
               a message header.
 
+       <b>extract</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+              Limit  the amount of recipients extracted from mes-
+              sage headers.
+
 <b>SEE</b> <b>ALSO</b>
        <a href="canonical.5.html">canonical(5)</a> canonical address lookup table format
        <a href="qmgr.8.html">qmgr(8)</a> queue manager daemon
@@ -155,7 +159,7 @@ CLEANUP(8)                                             CLEANUP(8)
        /etc/postfix/virtual*, virtual mapping table
 
 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>
@@ -185,10 +189,6 @@ CLEANUP(8)                                             CLEANUP(8)
 
 
 
-
-
-
-
 
 
 
diff --git a/postfix/html/pcre_table.5.html b/postfix/html/pcre_table.5.html
index 449e42fc7..3b3d7e744 100644
--- a/postfix/html/pcre_table.5.html
+++ b/postfix/html/pcre_table.5.html
@@ -1,2 +1,134 @@
 <html> <head> </head> <body> <pre>
+
+
+
+PCRE_TABLE(5)                                       PCRE_TABLE(5)
+
+
+<b>NAME</b>
+       pcre_table - format of Postfix PCRE tables
+
+<b>SYNOPSIS</b>
+       pcre:/etc/postfix/filename
+
+<b>DESCRIPTION</b>
+       The  Postfix  mail system uses optional tables for address
+       rewriting or mail routing. These tables usually are in <b>dbm</b>
+       or  <b>db</b>  format. Alternatively, lookup tables can be speci-
+       fied in Perl Compatible Regular Expression form.
+
+       To find out what types of lookup tables your Postfix  sys-
+       tem supports use the <b>postconf</b> <b>-m</b> command.
+
+       The general form of a PCRE table is:
+
+       blanks and comments
+              Blank  lines  are  ignored,  as are lines beginning
+              with `#'.
+
+       <i>pattern</i> <i>result</i>
+              When <i>pattern</i> matches a search string, use the  cor-
+              responding  <i>result</i>.  A  line that starts with white
+              space continues the preceding line.
+
+       Each  pattern  is  a  perl-like  regular  expression.  The
+       expression  delimiter can be any character, except whites-
+       pace or characters that have special  meaning  (tradition-
+       ally  the  forward slash is used).  The regular expression
+       can contain whitespace.
+
+       By default, matching is case-insensitive, although follow-
+       ing  the  second slash with an `i' flag will reverse this.
+       Other flags are supported, but the only other  useful  one
+       is `U', which makes matching ungreedy (see PCRE documenta-
+       tion and source for more info).
+
+       Each pattern is applied to the entire string being  looked
+       up.   Depending  on  the  application,  that  string is an
+       entire client hostname, an entire client IP address, or an
+       entire  mail  address.   Thus,  no parent domain or parent
+       network search is done, and <i>user@domain</i> mail addresses are
+       not  broken  up  into  their  <i>user</i>  and <i>domain</i> constituent
+       parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
+       string.
+
+       Substitution of sub-strings from the matched expression is
+       possible  using  the  conventional  perl  syntax  ($1, $2,
+       etc.). The macros in the replacement string may need to be
+       written  as  ${n}  or  $(n)  if  they  aren't  followed by
+
+
+
+                                                                1
+
+
+
+
+
+PCRE_TABLE(5)                                       PCRE_TABLE(5)
+
+
+       whitespace.
+
+<b>EXAMPLES</b>
+       # Protect your outgoing majordomo exploders
+       /^(?!owner-)(.*)-outgoing@(my.domain)$/    550 Use ${1}@${2} instead
+
+       # Bounce friend@whatever, except when whatever is our domain (you would
+       # be better just bouncing all friend@ mail - this is just an example).
+       /^friend@(?!my.domain).*$/         550 Stick this in your pipe $0
+
+       # A multi-line entry. The text is sent as one line.
+       #
+       /^noddy@connect.com.au$/
+        550 This user is a funny one. You really don't want to send mail to
+        them as it only makes their head spin.
+
+<b>SEE</b> <b>ALSO</b>
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
+
+<b>AUTHOR(S)</b>
+       The PCRE table lookup code was originally written by:
+       Andrew McNamara
+       andrewm@connect.com.au
+       connect.com.au Pty. Ltd.
+       Level 3, 213 Miller St
+       North Sydney, NSW, Australia
+
+       Adopted and adapted by:
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+                                                                2
+
+
 </pre> </body> </html>
diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html
index eb63c2a48..f3a535472 100644
--- a/postfix/html/pipe.8.html
+++ b/postfix/html/pipe.8.html
@@ -58,7 +58,7 @@ PIPE(8)                                                   PIPE(8)
               execute  commands with root privileges, or with the
               privileges of the mail system owner.  If  <i>groupname</i>
               is  specified,  the  corresponding group ID is used
-              instead of the group ID of of <i>username</i>.
+              instead of the group ID of <i>username</i>.
 
 
 
diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html
index 449e42fc7..92489df61 100644
--- a/postfix/html/regexp_table.5.html
+++ b/postfix/html/regexp_table.5.html
@@ -1,2 +1,134 @@
 <html> <head> </head> <body> <pre>
+
+
+
+REGEXP_TABLE(5)                                   REGEXP_TABLE(5)
+
+
+<b>NAME</b>
+       regexp_table - format of Postfix regular expression tables
+
+<b>SYNOPSIS</b>
+       regexp:/etc/postfix/filename
+
+<b>DESCRIPTION</b>
+       The Postfix mail system uses optional tables  for  address
+       rewriting or mail routing. These tables usually are in <b>dbm</b>
+       or <b>db</b> format. Alternatively, lookup tables can  be  speci-
+       fied in POSIX regular expression form.
+
+       To  find out what types of lookup tables your Postfix sys-
+       tem supports use the <b>postconf</b> <b>-m</b> command.
+
+       The general form of a Postfix regular expression table is:
+
+       blanks and comments
+              Blank  lines  are  ignored,  as are lines beginning
+              with `#'.
+
+       <i>pattern</i> <i>result</i>
+              When <i>pattern</i> matches a search string, use the  cor-
+              responding  <i>result</i>.  A  line that starts with white
+              space continues the preceding line.
+
+       <i>pattern1!pattern2</i> <i>result</i>
+              Matches <i>pattern1</i> but not <i>pattern2</i>.
+
+       Each pattern is a regular expression enclosed by a pair of
+       delimiters.  The regular expression syntax is described in
+       <i>re_format</i>(7).  The expression delimiter can be any charac-
+       ter,  except  whitespace  or  characters that have special
+       meaning (traditionally the forward  slash  is  used).  The
+       regular expression can contain whitespace.
+
+       By default, matching is case-insensitive, although follow-
+       ing the second slash with an `i' flag will  reverse  this.
+       Other  flags are `x' (disable extended expression syntax),
+       and `m' (enable multi-line mode).
+
+       Each pattern is applied to the entire string being  looked
+       up.   Depending  on  the  application,  that  string is an
+       entire client hostname, an entire client IP address, or an
+       entire  mail  address.   Thus,  no parent domain or parent
+       network search is done, and <i>user@domain</i> mail addresses are
+       not  broken  up  into  their  <i>user</i>  and <i>domain</i> constituent
+       parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
+       string.
+
+       Substitution of sub-strings from the matched expression is
+
+
+
+                                                                1
+
+
+
+
+
+REGEXP_TABLE(5)                                   REGEXP_TABLE(5)
+
+
+       possible using $1, $2, etc.. The macros in the replacement
+       string may need to be written as  ${n}  or  $(n)  if  they
+       aren't followed by whitespace.
+
+<b>EXAMPLES</b>
+       # Disallow sender-specified routing. This is a must if you relay mail
+       # for other domains.
+       /[%!@].*[%!@]/            550 Sender-specified routing rejected
+
+       # Postmaster is OK, that way they can talk to us about how to fix
+       # their problem.
+       /^postmaster@.*$/         OK
+
+       # Protect your outgoing majordomo exploders
+       /^(.*)-outgoing@(.*)$/!/^owner-.*/      550 Use ${1}@${2} instead
+
+<b>SEE</b> <b>ALSO</b>
+       <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+
+<b>AUTHOR(S)</b>
+       The regexp table lookup code was originally written by:
+       LaMont Jones
+       lamont@hp.com
+
+       That code was based on the PCRE dictionary contributed by:
+       Andrew McNamara
+       andrewm@connect.com.au
+       connect.com.au Pty. Ltd.
+       Level 3, 213 Miller St
+       North Sydney, NSW, Australia
+
+       Adopted and adapted by:
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+                                                                2
+
+
 </pre> </body> </html>
diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html
index a7788b8a4..a68420ecd 100644
--- a/postfix/html/relocated.5.html
+++ b/postfix/html/relocated.5.html
@@ -16,13 +16,24 @@ RELOCATED(5)                                         RELOCATED(5)
        is used in "user has moved to  <i>new_location</i>"  bounce  mes-
        sages.
 
-       The  file  serves  as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
-       result, an indexed file in <b>dbm</b> or <b>db</b> format, is  used  for
-       fast searching by the mail system. After an update issue a
-       <b>postfix</b> <b>reload</b> command to make the change visible.
+       Normally,  the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> com-
+       mand.  The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
+       used  for  fast  searching  by  the  mail system. After an
+       update issue a <b>postfix</b> <b>reload</b> command to make  the  change
+       visible.
+
+       When  the  table  is provided via other means such as NIS,
+       LDAP or SQL, the same lookups are  done  as  for  ordinary
+       indexed files.
+
+       Alternatively,  the  table  can  be provided as a regular-
+       expression map where patterns are given as regular expres-
+       sions.  In  that  case, the lookups are done in a slightly
+       different way as described below.
 
        Table lookups are case insensitive.
 
+<b>TABLE</b> <b>FORMAT</b>
        The format of the table is as follows:
 
        <b>o</b>      Blank lines are ignored,  as  are  lines  beginning
@@ -34,7 +45,9 @@ RELOCATED(5)                                         RELOCATED(5)
               such as an  email  address,  or  perhaps  a  street
               address or telephone number.
 
-       The <i>key</i> field is one of the following:
+       With lookups from indexed files such as DB or DBM, or from
+       networked tables such as NIS, LDAP or SQL, the  <i>key</i>  field
+       is one of the following:
 
        <i>user</i>@<i>domain</i>
               Matches  <i>user</i>@<i>domain</i>. This form has precedence over
@@ -46,19 +59,6 @@ RELOCATED(5)                                         RELOCATED(5)
 
        @<i>domain</i>
               Matches every address in <i>domain</i>. This form has  the
-              lowest precedence.
-
-<b>ADDRESS</b> <b>EXTENSION</b>
-       When  the search fails, and the address localpart contains
-       the optional recipient delimiter (e.g.,  <i>user+foo</i>@<i>domain</i>),
-       the  search  is  repeated for the unextended address (e.g.
-       <i>user</i>@<i>domain</i>).
-
-<b>BUGS</b>
-       The table format does not understand quoting  conventions.
-
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
-       The  following  <b>main.cf</b> parameters are especially relevant
 
 
 
@@ -71,6 +71,39 @@ RELOCATED(5)                                         RELOCATED(5)
 RELOCATED(5)                                         RELOCATED(5)
 
 
+              lowest precedence.
+
+<b>ADDRESS</b> <b>EXTENSION</b>
+       When  the search fails, and the address localpart contains
+       the optional recipient delimiter (e.g.,  <i>user+foo</i>@<i>domain</i>),
+       the  search  is  repeated for the unextended address (e.g.
+       <i>user</i>@<i>domain</i>).
+
+<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
+       This section describes how the table lookups  change  when
+       the table is given in the form of regular expressions. For
+       a description of regular expression lookup  table  syntax,
+       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
+
+       Each  pattern  is  a regular expression that is applied to
+       the entire address being looked up. Thus, <i>user@domain</i> mail
+       addresses  are  not  broken up into their <i>user</i> and <i>@domain</i>
+       constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
+       <i>foo</i>.
+
+       Patterns  are  applied  in  the  order as specified in the
+       table, until a pattern is found that  matches  the  search
+       string.
+
+       Results  are the same as with normal indexed file lookups,
+       with the additional feature that parenthesized  substrings
+       from  the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>BUGS</b>
+       The table format does not understand quoting  conventions.
+
+<b>CONFIGURATION</b> <b>PARAMETERS</b>
+       The  following  <b>main.cf</b> parameters are especially relevant
        to this topic. See the Postfix  <b>main.cf</b>  file  for  syntax
        details  and  for  default  values. Use the <b>postfix</b> <b>reload</b>
        command after a configuration change.
@@ -91,8 +124,23 @@ RELOCATED(5)                                         RELOCATED(5)
        <b>myorigin</b>
               The domain that is appended to locally-posted mail.
 
+
+
+
+
+                                                                2
+
+
+
+
+
+RELOCATED(5)                                         RELOCATED(5)
+
+
 <b>SEE</b> <b>ALSO</b>
        <a href="postmap.1.html">postmap(1)</a> create lookup table
+       <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
 
 <b>LICENSE</b>
        The Secure Mailer license must be  distributed  with  this
@@ -128,7 +176,25 @@ RELOCATED(5)                                         RELOCATED(5)
 
 
 
-                                                                2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+                                                                3
 
 
 </pre> </body> </html>
diff --git a/postfix/html/resource.html b/postfix/html/resource.html
index cabadc150..fb7a972a5 100644
--- a/postfix/html/resource.html
+++ b/postfix/html/resource.html
@@ -80,6 +80,14 @@ Header text that does not fit in <b>$header_size_limit</b> bytes
 overflows into the message body. This limit is enforced by the <a
 href="cleanup.8.html"> cleanup</a> header rewriting code.
 
+<p>
+
+<dt> <b>extract_recipient_limit</b> (default: 10240 recipients)
+
+<dd> How many recipients Postfix will extract from message headers
+before it gives up. This limits the damage that a run-away program
+can do with "sendmail -t".
+
 </dl>
 
 <p>
diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html
index bace70fa9..2fabeb56d 100644
--- a/postfix/html/transport.5.html
+++ b/postfix/html/transport.5.html
@@ -17,18 +17,36 @@ TRANSPORT(5)                                         TRANSPORT(5)
        relay hosts. The mapping is used by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
        daemon.
 
-       The file serves as input to the  <a href="postmap.1.html"><b>postmap</b>(1)</a>  command.  The
-       result,  an  indexed file in <b>dbm</b> or <b>db</b> format, is used for
-       fast searching by the mail  system.  After  updating  this
-       table, issue the <b>postfix</b> <b>reload</b> command to make the change
-       visible.
+       Normally, the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a>  com-
+       mand.  The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
+       used for fast searching by the mail system. After updating
+       this  table,  issue the <b>postfix</b> <b>reload</b> command to make the
+       change visible.
 
+       When the table is provided via other means  such  as  NIS,
+       LDAP  or  SQL,  the  same lookups are done as for ordinary
+       indexed files.
+
+       Alternatively, the table can be  provided  as  a  regular-
+       expression map where patterns are given as regular expres-
+       sions. In that case, the lookups are done  in  a  slightly
+       different way as described below.
+
+<b>TABLE</b> <b>FORMAT</b>
        The format of the transport table is as follows:
 
        blanks and comments
-              Blank lines are ignored,  as  are  lines  beginning
+              Blank  lines  are  ignored,  as are lines beginning
               with `#'.
 
+       <i>pattern</i> <i>result</i>
+              When <i>pattern</i> matches the  domain,  use  the  corre-
+              sponding <i>result</i>.
+
+       With lookups from indexed files such as DB or DBM, or from
+       networked tables such as NIS, LDAP or  SQL,  patterns  are
+       tried in the order as listed below:
+
        <i>domain</i> <i>transport</i>:<i>nexthop</i>
               Mail  for  <i>domain</i> is delivered through <i>transport</i> to
               <i>nexthop</i>.
@@ -40,10 +58,22 @@ TRANSPORT(5)                                         TRANSPORT(5)
        Note:  transport  map entries take precedence over domains
        specified in the <b>mydestination</b> parameter. If you  use  the
        optional  transport  map,  it  may  be  safer  to  specify
-       explicit entries for all domains specified  in  <b>mydestina-</b>
-       <b>tion</b>, for example:
+       explicit   entries   for   all   domains   specified    in
 
-            <b>hostname.my.domain</b>       <b>local:</b>
+
+
+                                                                1
+
+
+
+
+
+TRANSPORT(5)                                         TRANSPORT(5)
+
+
+       <b>mydestination</b>, for example:
+
+            <b>hostname.my.domain</b>   <b>local:</b>
             <b>localhost.my.domain</b>      <b>local:</b>
 
        The  interpretation  of  the  <i>nexthop</i>  field  is transport
@@ -60,17 +90,6 @@ TRANSPORT(5)                                         TRANSPORT(5)
             <b>foo.org</b>      <b>uucp:foo</b>
             <b>.foo.org</b>     <b>uucp:foo</b>
 
-
-
-                                                                1
-
-
-
-
-
-TRANSPORT(5)                                         TRANSPORT(5)
-
-
        When no <i>nexthop</i> host name is specified, the destination domain
        name is used instead. For example, the following directs mail for
        <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a mail
@@ -106,6 +125,36 @@ TRANSPORT(5)                                         TRANSPORT(5)
        This causes all mail for <i>user</i>@<i>anything</i><b>foo.org</b>
        to be bounced.
 
+
+
+
+                                                                2
+
+
+
+
+
+TRANSPORT(5)                                         TRANSPORT(5)
+
+
+<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
+       This section describes how the table lookups  change  when
+       the table is given in the form of regular expressions. For
+       a description of regular expression lookup  table  syntax,
+       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
+
+       Each  pattern  is  a regular expression that is applied to
+       the entire domain being looked up. Thus, <i>some.domain.hier-</i>
+       <i>archy</i> is not broken up into parent domains.
+
+       Patterns  are  applied  in  the  order as specified in the
+       table, until a pattern is found that  matches  the  search
+       string.
+
+       Results  are the same as with normal indexed file lookups,
+       with the additional feature that parenthesized  substrings
+       from  the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+
 <b>CONFIGURATION</b> <b>PARAMETERS</b>
        The following <b>main.cf</b> parameters are  especially  relevant
        to  this  topic.  See  the Postfix <b>main.cf</b> file for syntax
@@ -125,21 +174,11 @@ TRANSPORT(5)                                         TRANSPORT(5)
               The default host to send to when no transport table
               entry matches.
 
-
-
-
-                                                                2
-
-
-
-
-
-TRANSPORT(5)                                         TRANSPORT(5)
-
-
 <b>SEE</b> <b>ALSO</b>
        <a href="postmap.1.html">postmap(1)</a> create mapping table
        <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> rewrite and resolve addresses
+       <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
 
 <b>LICENSE</b>
        The  Secure  Mailer  license must be distributed with this
@@ -155,45 +194,6 @@ TRANSPORT(5)                                         TRANSPORT(5)
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                 3
 
 
diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html
index 91f57e9b7..8202910c7 100644
--- a/postfix/html/virtual.5.html
+++ b/postfix/html/virtual.5.html
@@ -23,12 +23,23 @@ VIRTUAL(5)                                             VIRTUAL(5)
        mapping  to  rewrite header and envelope addresses in gen-
        eral.
 
-       The file serves as input to the  <a href="postmap.1.html"><b>postmap</b>(1)</a>  command.  The
-       result,  an  indexed file in <b>dbm</b> or <b>db</b> format, is used for
-       fast searching by the mail system. After an update it  may
-       take  a  minute  or  so before the change becomes visible.
-       Issue a <b>postfix</b> <b>reload</b> command to eliminate the delay.
+       Normally, the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a>  com-
+       mand.  The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
+       used for fast searching  by  the  mail  system.  After  an
+       update  it  may  take  a  minute  or  so before the change
+       becomes visible.  Issue a <b>postfix</b> <b>reload</b> command to elimi-
+       nate the delay.
 
+       When  the  table  is provided via other means such as NIS,
+       LDAP or SQL, the same lookups are  done  as  for  ordinary
+       indexed files.
+
+       Alternatively,  the  table  can  be provided as a regular-
+       expression map where patterns are given as regular expres-
+       sions.  In  that  case, the lookups are done in a slightly
+       different way as described below.
+
+<b>TABLE</b> <b>FORMAT</b>
        Typical support for a virtual domain looks like  the  fol-
        lowing:
 
@@ -47,18 +58,7 @@ VIRTUAL(5)                                             VIRTUAL(5)
               Blank lines are ignored,  as  are  lines  beginning
               with `#'.
 
-       <i>user</i>@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
-              Mail  for  <i>user</i>@<i>domain</i>  is  redirected  to <i>address</i>.
-              This form has the highest precedence.
 
-       <i>user</i> <i>address,</i> <i>address,</i> <i>...</i>
-              Mail for <i>user</i>@<i>site</i> is redirected  to  <i>address</i>  when
-              <i>site</i>  is equal to $<b>myorigin</b>, when <i>site</i> is listed in
-              $mydestination,   or   when   it   is   listed   in
-              $<i>inet_interfaces</i>.
-
-              This  functionality  overlaps with functionality of
-              the local <i>alias</i>(5) database. The difference is that
 
 
 
@@ -71,60 +71,60 @@ VIRTUAL(5)                                             VIRTUAL(5)
 VIRTUAL(5)                                             VIRTUAL(5)
 
 
-              <b>virtual</b>   mapping   can  be  applied  to  non-local
+       <i>pattern</i> <i>result</i>
+              When  <i>pattern</i> matches a mail address, replace it by
+              the corresponding <i>result</i>.
+
+       With lookups from indexed files such as DB or DBM, or from
+       networked  tables  such  as NIS, LDAP or SQL, patterns are
+       tried in the order as listed below:
+
+       <i>user</i>@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
+              Mail for  <i>user</i>@<i>domain</i>  is  redirected  to  <i>address</i>.
+              This form has the highest precedence.
+
+       <i>user</i> <i>address,</i> <i>address,</i> <i>...</i>
+              Mail  for  <i>user</i>@<i>site</i>  is redirected to <i>address</i> when
+              <i>site</i> is equal to $<b>myorigin</b>, when <i>site</i> is listed  in
+              $mydestination,   or   when   it   is   listed   in
+              $<i>inet_interfaces</i>.
+
+              This functionality overlaps with  functionality  of
+              the local <i>alias</i>(5) database. The difference is that
+              <b>virtual</b>  mapping  can  be  applied   to   non-local
               addresses.
 
        @<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
-              Mail for  any  user  in  <i>domain</i>  is  redirected  to
+              Mail  for  any  user  in  <i>domain</i>  is  redirected to
               <i>address</i>.  This form has the lowest precedence.
 
-       In  all the above forms, when <i>address</i> has the form @<i>other-</i>
-       <i>domain</i>, the result is the same user in <i>otherdomain</i>.   This
+       In all the above forms, when <i>address</i> has the form  @<i>other-</i>
+       <i>domain</i>,  the result is the same user in <i>otherdomain</i>.  This
        works for the first address in the expansion only.
 
 <b>ADDRESS</b> <b>EXTENSION</b>
-       When  the search fails, and the address localpart contains
-       the optional recipient delimiter (e.g.,  <i>user+foo</i>@<i>domain</i>),
-       the  search  is  repeated for the unextended address (e.g.
+       When the search fails, and the address localpart  contains
+       the  optional recipient delimiter (e.g., <i>user+foo</i>@<i>domain</i>),
+       the search is repeated for the  unextended  address  (e.g.
        <i>user</i>@<i>domain</i>), and the unmatched address extension is prop-
-       agated  to the result of expansion. The matching order is:
+       agated to the result of expansion. The matching order  is:
        <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
 
-<b>BUGS</b>
-       The  table format does not understand quoting conventions.
+<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
+       This section describes how the table lookups  change  when
+       the table is given in the form of regular expressions. For
+       a description of regular expression lookup  table  syntax,
+       see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
 
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
-       The following <b>main.cf</b> parameters are  especially  relevant
-       to  this  topic.  See  the Postfix <b>main.cf</b> file for syntax
-       details and for default values.  Use  the  <b>postfix</b>  <b>reload</b>
-       command after a configuration change.
+       Each  pattern  is  a regular expression that is applied to
+       the entire address being looked up. Thus, <i>user@domain</i> mail
+       addresses  are  not  broken up into their <i>user</i> and <i>@domain</i>
+       constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
+       <i>foo</i>.
 
-       <b>virtual</b><i>_</i><b>maps</b>
-              List of virtual mapping tables.
-
-       Other parameters of interest:
-
-       <b>inet</b><i>_</i><b>interfaces</b>
-              The  network  interface  addresses that this system
-              receives mail on.
-
-       <b>mydestination</b>
-              List of domains that  this  mail  system  considers
-              local.
-
-       <b>myorigin</b>
-              The domain that is appended to locally-posted mail.
-
-       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
-              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
-              addresses.
-
-<b>SEE</b> <b>ALSO</b>
-       <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
-       <a href="postmap.1.html">postmap(1)</a> create mapping table
-
-<b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       Patterns  are  applied  in  the  order as specified in the
+       table, until a pattern is found that  matches  the  search
+       string.
 
 
 
@@ -137,6 +137,47 @@ VIRTUAL(5)                                             VIRTUAL(5)
 VIRTUAL(5)                                             VIRTUAL(5)
 
 
+       Results  are the same as with normal indexed file lookups,
+       with the additional feature that parenthesized  substrings
+       from  the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>BUGS</b>
+       The table format does not understand quoting  conventions.
+
+<b>CONFIGURATION</b> <b>PARAMETERS</b>
+       The  following  <b>main.cf</b> parameters are especially relevant
+       to this topic. See the Postfix  <b>main.cf</b>  file  for  syntax
+       details  and  for  default  values. Use the <b>postfix</b> <b>reload</b>
+       command after a configuration change.
+
+       <b>virtual</b><i>_</i><b>maps</b>
+              List of virtual mapping tables.
+
+       Other parameters of interest:
+
+       <b>inet</b><i>_</i><b>interfaces</b>
+              The network interface addresses  that  this  system
+              receives mail on.
+
+       <b>mydestination</b>
+              List  of  domains  that  this mail system considers
+              local.
+
+       <b>myorigin</b>
+              The domain that is appended to locally-posted mail.
+
+       <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
+              Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
+              addresses.
+
+<b>SEE</b> <b>ALSO</b>
+       <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
+       <a href="postmap.1.html">postmap(1)</a> create mapping table
+       <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+       <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
+
+<b>LICENSE</b>
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 <b>AUTHOR(S)</b>
@@ -153,47 +194,6 @@ VIRTUAL(5)                                             VIRTUAL(5)
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                 3
 
 
diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5
index 4791bf88c..e07f77bac 100644
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -44,7 +44,8 @@ perform the corresponding \fIaction\fR.
 .nf
 .ad
 .fi
-With lookups from indexed files, patterns are tried in the order as
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
 listed below:
 .IP \fIuser\fR@\fIdomain\fR
 Matches the specified mail address.
@@ -87,13 +88,12 @@ or \fBpcre_table\fR(5).
 Each pattern is a regular expression that is applied to the entire
 string being looked up. Depending on the application, that string
 is an entire client hostname, an entire client IP address, or an
-entire mail address. Patterns are applied in order as specified,
-until a pattern is found that matches the search string.
+entire mail address. Thus, no parent domain or parent network search
+is done, and \fIuser@domain\fR mail addresses are not broken up into
+their \fIuser@\fR and \fIdomain\fR constituent parts.
 
-In contrast to lookups from indexed files, no parent domain or
-parent network search is done with regular expression tables,
-and \fIuser@domain\fR mail addresses are not broken up into their
-\fIuser@\fR and \fIdomain\fR constituent parts.
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
 
 Actions are the same as with normal indexed file lookups, with
 the additional feature that parenthesized substrings from the
@@ -108,7 +108,7 @@ The table format does not understand quoting conventions.
 postmap(1) create mapping table
 smtpd(8) smtp server
 pcre_table(5) format of PCRE tables
-regexp_table(5) format of POSIX regexp tables
+regexp_table(5) format of POSIX regular expression tables
 .SH LICENSE
 .na
 .nf
diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5
index 6c1c6dfdb..df681ad9f 100644
--- a/postfix/man/man5/canonical.5
+++ b/postfix/man/man5/canonical.5
@@ -16,12 +16,19 @@ The optional \fBcanonical\fR file specifies an address mapping for
 local and non-local addresses. The mapping is used by the
 \fBcleanup\fR(8) daemon.  The address mapping is recursive.
 
-The file serves as input to the \fBpostmap\fR(1) command. The result,
-an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-fast searching by the mail system. After an update
+Normally, the file serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. After an update
 it may take a minute or so before the change becomes visible.
 Issue a \fBpostfix reload\fR command to eliminate the delay.
 
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular-expression
+map where patterns are given as regular expressions. In that case,
+the lookups are done in a slightly different way as described below.
+
 The \fBcanonical\fR mapping affects both message header addresses
 (i.e. addresses that appear inside messages) and message envelope
 addresses (for example, the addresses that are used in SMTP protocol
@@ -36,11 +43,21 @@ domain\fR support. Use the \fBvirtual\fR(5) map for that purpose.
 
 The \fBcanonical\fR mapping is not to be confused with local aliasing.
 Use the \fBaliases\fR(5) map for that purpose.
-
-The format of the \fBcanonical\fR table is as follows, mappings
-being tried in the order as listed in this manual page:
+.SH TABLE FORMAT
+.na
+.nf
+.ad
+.fi
+The format of the \fBcanonical\fR table is as follows:
 .IP "blanks and comments"
 Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIresult\fR.
+.PP
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
 .IP "\fIuser\fR@\fIdomain address\fR"
 \fIuser\fR@\fIdomain\fR is replaced by \fIaddress\fR. This form
 has the highest precedence.
@@ -73,6 +90,27 @@ search is repeated for the unextended address (e.g.
 to the result of table lookup. The matching order is:
 \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
 \fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+.SH REGULAR EXPRESSION TABLES
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with normal indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 .SH BUGS
 .ad
 .fi
@@ -115,6 +153,8 @@ addresses.
 cleanup(8) canonicalize and enqueue mail
 postmap(1) create mapping table
 virtual(5) virtual domain mapping
+pcre_table(5) format of PCRE tables
+regexp_table(5) format of POSIX regular expression tables
 .SH LICENSE
 .na
 .nf
diff --git a/postfix/man/man5/pcre_table.5 b/postfix/man/man5/pcre_table.5
index e69de29bb..aa43ab8af 100644
--- a/postfix/man/man5/pcre_table.5
+++ b/postfix/man/man5/pcre_table.5
@@ -0,0 +1,90 @@
+.TH PCRE_TABLE 5 
+.ad
+.fi
+.SH NAME
+pcre_table
+\-
+format of Postfix PCRE tables
+.SH SYNOPSIS
+.na
+.nf
+pcre:/etc/postfix/filename
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables usually are in
+\fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+can be specified in Perl Compatible Regular Expression form.
+
+To find out what types of lookup tables your Postfix system
+supports use the \fBpostconf -m\fR command.
+
+The general form of a PCRE table is:
+.IP "blanks and comments"
+Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches a search string, use the corresponding
+\fIresult\fR. A line that starts with white space continues the
+preceding line.
+.PP
+Each pattern is a perl-like regular expression. The expression
+delimiter can be any character, except whitespace or characters
+that have special meaning (traditionally the forward slash is used).
+The regular expression can contain whitespace.
+
+By default, matching is case-insensitive, although following
+the second slash with an `i' flag will reverse this. Other flags
+are supported, but the only other useful one is `U', which makes
+matching ungreedy (see PCRE documentation and source for more
+info).
+
+Each pattern is applied to the entire string being looked up.
+Depending on the application, that string is an entire client
+hostname, an entire client IP address, or an entire mail address.
+Thus, no parent domain or parent network search is done, and
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Substitution of sub-strings from the matched expression is
+possible using the conventional perl syntax ($1, $2, etc.). The
+macros in the replacement string may need to be written as ${n}
+or $(n) if they aren't followed by whitespace.
+.SH EXAMPLES
+.na
+.nf
+# Protect your outgoing majordomo exploders
+/^(?!owner-)(.*)-outgoing@(my\.domain)$/    550 Use ${1}@${2} instead
+
+# Bounce friend@whatever, except when whatever is our domain (you would
+# be better just bouncing all friend@ mail - this is just an example).
+/^friend@(?!my\.domain).*$/         550 Stick this in your pipe $0
+
+# A multi-line entry. The text is sent as one line.
+#
+/^noddy@connect\.com\.au$/
+\ 550 This user is a funny one. You really don't want to send mail to
+\ them as it only makes their head spin.
+.SH SEE ALSO
+.na
+.nf
+regexp_table(5) format of POSIX regular expression tables
+.SH AUTHOR(S)
+.na
+.nf
+The PCRE table lookup code was originally written by:
+Andrew McNamara
+andrewm@connect.com.au
+connect.com.au Pty. Ltd.
+Level 3, 213 Miller St
+North Sydney, NSW, Australia
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
diff --git a/postfix/man/man5/regexp_table.5 b/postfix/man/man5/regexp_table.5
index e69de29bb..64c9097c8 100644
--- a/postfix/man/man5/regexp_table.5
+++ b/postfix/man/man5/regexp_table.5
@@ -0,0 +1,94 @@
+.TH REGEXP_TABLE 5 
+.ad
+.fi
+.SH NAME
+regexp_table
+\-
+format of Postfix regular expression tables
+.SH SYNOPSIS
+.na
+.nf
+regexp:/etc/postfix/filename
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables usually are in
+\fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+can be specified in POSIX regular expression form.
+
+To find out what types of lookup tables your Postfix system
+supports use the \fBpostconf -m\fR command.
+
+The general form of a Postfix regular expression table is:
+.IP "blanks and comments"
+Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches a search string, use the corresponding
+\fIresult\fR. A line that starts with white space continues the
+preceding line.
+.IP "\fIpattern1!pattern2 result\fR"
+Matches \fIpattern1\fR but not \fIpattern2\fR.
+.PP
+Each pattern is a regular expression enclosed by a pair of delimiters.
+The regular expression syntax is described in \fIre_format\fR(7).
+The expression delimiter can be any character, except whitespace
+or characters that have special meaning (traditionally the forward
+slash is used). The regular expression can contain whitespace.
+
+By default, matching is case-insensitive, although following
+the second slash with an `i' flag will reverse this. Other flags
+are `x' (disable extended expression syntax), and `m' (enable
+multi-line mode).
+
+Each pattern is applied to the entire string being looked up.
+Depending on the application, that string is an entire client
+hostname, an entire client IP address, or an entire mail address.
+Thus, no parent domain or parent network search is done, and
+\fIuser@domain\fR mail addresses are not broken up into their
+\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Substitution of sub-strings from the matched expression is
+possible using $1, $2, etc.. The macros in the replacement string
+may need to be written as ${n} or $(n) if they aren't followed
+by whitespace.
+.SH EXAMPLES
+.na
+.nf
+# Disallow sender-specified routing. This is a must if you relay mail
+# for other domains.
+/[%!@].*[%!@]/            550 Sender-specified routing rejected
+
+# Postmaster is OK, that way they can talk to us about how to fix
+# their problem.
+/^postmaster@.*$/         OK
+
+# Protect your outgoing majordomo exploders
+/^(.*)-outgoing@(.*)$/!/^owner-.*/      550 Use ${1}@${2} instead
+.SH SEE ALSO
+.na
+.nf
+pcre_table(5) format of PCRE tables
+.SH AUTHOR(S)
+.na
+.nf
+The regexp table lookup code was originally written by:
+LaMont Jones
+lamont@hp.com
+
+That code was based on the PCRE dictionary contributed by:
+Andrew McNamara
+andrewm@connect.com.au
+connect.com.au Pty. Ltd.
+Level 3, 213 Miller St
+North Sydney, NSW, Australia
+
+Adopted and adapted by:
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
diff --git a/postfix/man/man5/relocated.5 b/postfix/man/man5/relocated.5
index 4325a74a4..415169c7e 100644
--- a/postfix/man/man5/relocated.5
+++ b/postfix/man/man5/relocated.5
@@ -15,13 +15,24 @@ format of Postfix relocated table
 The optional \fBrelocated\fR file provides the information that is
 used in "user has moved to \fInew_location\fR" bounce messages.
 
-The file serves as input to the \fBpostmap\fR(1) command. The result,
-an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-fast searching by the mail system. After an update
+Normally, the file serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. After an update
 issue a \fBpostfix reload\fR command to make the change visible.
 
-Table lookups are case insensitive.
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
 
+Alternatively, the table can be provided as a regular-expression
+map where patterns are given as regular expressions. In that case,
+the lookups are done in a slightly different way as described below.
+
+Table lookups are case insensitive.
+.SH TABLE FORMAT
+.na
+.nf
+.ad
+.fi
 The format of the table is as follows:
 .IP \(bu
 Blank lines are ignored, as are lines beginning with `#'.
@@ -33,7 +44,9 @@ An entry has one of the following form:
 Where \fInew_location\fR specifies contact information such as
 an email address, or perhaps a street address or telephone number.
 .PP
-The \fIkey\fR field is one of the following:
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, the \fIkey\fR field is one of the
+following:
 .IP \fIuser\fR@\fIdomain\fR
 Matches \fIuser\fR@\fIdomain\fR. This form has precedence over all
 other forms.
@@ -53,6 +66,27 @@ When the search fails, and the address localpart contains the
 optional recipient delimiter (e.g., \fIuser+foo\fR@\fIdomain\fR),
 the search is repeated for the unextended address (e.g.
 \fIuser\fR@\fIdomain\fR).
+.SH REGULAR EXPRESSION TABLES
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with normal indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 .SH BUGS
 .ad
 .fi
@@ -80,6 +114,8 @@ The domain that is appended to locally-posted mail.
 .na
 .nf
 postmap(1) create lookup table
+pcre_table(5) format of PCRE tables
+regexp_table(5) format of POSIX regular expression tables
 .SH LICENSE
 .na
 .nf
diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5
index 78983c8f0..ad470d8d8 100644
--- a/postfix/man/man5/transport.5
+++ b/postfix/man/man5/transport.5
@@ -16,14 +16,32 @@ The optional \fBtransport\fR file specifies a mapping from domain
 hierarchies to message delivery transports and/or relay hosts. The
 mapping is used by the \fBtrivial-rewrite\fR(8) daemon.
 
-The file serves as input to the \fBpostmap\fR(1) command. The result,
-an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-fast searching by the mail system. After updating this table,
+Normally, the file serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
+for fast searching by the mail system. After updating this table,
 issue the \fBpostfix reload\fR command to make the change visible.
 
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular-expression
+map where patterns are given as regular expressions. In that case,
+the lookups are done in a slightly different way as described below.
+.SH TABLE FORMAT
+.na
+.nf
+.ad
+.fi
 The format of the transport table is as follows:
 .IP "blanks and comments"
 Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches the domain, use the corresponding
+\fIresult\fR.
+.PP
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
 .IP "\fIdomain transport\fR:\fInexthop\fR"
 Mail for \fIdomain\fR is delivered through \fItransport\fR to
 \fInexthop\fR.
@@ -38,7 +56,7 @@ entries for all domains specified in \fBmydestination\fR,
 for example:
 
 .ti +5
-\fBhostname.my.domain       local:\fR
+\fBhostname.my.domain   local:\fR
 .ti +5
 \fBlocalhost.my.domain      local:\fR
 
@@ -98,6 +116,26 @@ The error mailer can be used to bounce mail:
 
 This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR
 to be bounced.
+.SH REGULAR EXPRESSION TABLES
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+domain being looked up. Thus, \fIsome.domain.hierarchy\fR is not
+broken up into parent domains.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with normal indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 .SH CONFIGURATION PARAMETERS
 .na
 .nf
@@ -120,6 +158,8 @@ The default host to send to when no transport table entry matches.
 .nf
 postmap(1) create mapping table
 trivial-rewrite(8) rewrite and resolve addresses
+pcre_table(5) format of PCRE tables
+regexp_table(5) format of POSIX regular expression tables
 .SH LICENSE
 .na
 .nf
diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5
index 48f0e72d8..734a377a3 100644
--- a/postfix/man/man5/virtual.5
+++ b/postfix/man/man5/virtual.5
@@ -21,12 +21,23 @@ envelope address, and does not affect message headers.
 Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
 mapping to rewrite header and envelope addresses in general.
 
-The file serves as input to the \fBpostmap\fR(1) command. The
-result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+Normally, the file serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
 is used for fast searching by the mail system. After an update
 it may take a minute or so before the change becomes visible.
 Issue a \fBpostfix reload\fR command to eliminate the delay.
 
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular-expression
+map where patterns are given as regular expressions. In that case,
+the lookups are done in a slightly different way as described below.
+.SH TABLE FORMAT
+.na
+.nf
+.ad
+.fi
 Typical support for a virtual domain looks like the following:
 
 .in +4
@@ -44,6 +55,13 @@ The format of the virtual table is as follows, mappings being
 tried in the order as listed in this manual page:
 .IP "blanks and comments"
 Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIpattern result\fR"
+When \fIpattern\fR matches a mail address, replace it by the
+corresponding \fIresult\fR.
+.PP
+With lookups from indexed files such as DB or DBM, or from networked
+tables such as NIS, LDAP or SQL, patterns are tried in the order as
+listed below:
 .IP "\fIuser\fR@\fIdomain address, address, ...\fR"
 Mail for \fIuser\fR@\fIdomain\fR is redirected to \fIaddress\fR.
 This form has the highest precedence.
@@ -74,6 +92,27 @@ the search is repeated for the unextended address (e.g.
 propagated to the result of expansion. The matching order is:
 \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
 \fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+.SH REGULAR EXPRESSION TABLES
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5).
+
+Each pattern is a regular expression that is applied to the entire
+address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+
+Patterns are applied in the order as specified in the table, until a
+pattern is found that matches the search string.
+
+Results are the same as with normal indexed file lookups, with
+the additional feature that parenthesized substrings from the
+pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 .SH BUGS
 .ad
 .fi
@@ -105,6 +144,8 @@ addresses.
 .nf
 cleanup(8) canonicalize and enqueue mail
 postmap(1) create mapping table
+pcre_table(5) format of PCRE tables
+regexp_table(5) format of POSIX regular expression tables
 .SH LICENSE
 .na
 .nf
diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8
index b73d33329..31b8fbcbf 100644
--- a/postfix/man/man8/cleanup.8
+++ b/postfix/man/man8/cleanup.8
@@ -109,6 +109,8 @@ Address mapping lookup table for envelope recipient addresses.
 Limit the number of envelope recipients that are remembered.
 .IP \fBheader_size_limit\fR
 Limit the amount of memory in bytes used to process a message header.
+.IP \fBextract_recipient_limit\fR
+Limit the amount of recipients extracted from message headers.
 .SH SEE ALSO
 .na
 .nf
diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8
index 18215d1d6..6a19a549c 100644
--- a/postfix/man/man8/pipe.8
+++ b/postfix/man/man8/pipe.8
@@ -56,7 +56,7 @@ specified \fIusername\fR.  The software refuses to execute
 commands with root privileges, or with the privileges of the
 mail system owner. If \fIgroupname\fR is specified, the
 corresponding group ID is used instead of the group ID of
-of \fIusername\fR.
+\fIusername\fR.
 .IP "\fBargv\fR=\fIcommand\fR... (required)"
 The command to be executed. This must be specified as the
 last command attribute.
diff --git a/postfix/mantools/ccformat b/postfix/mantools/ccformat
index bdc74d647..83e1550b3 100755
--- a/postfix/mantools/ccformat
+++ b/postfix/mantools/ccformat
@@ -192,7 +192,7 @@ exit
 #	code; this has not been tested thoroughly, however.
 #
 #	Will produce useless files when fed with anything that is
-#	not C program text. This does not imply a judgement about
+#	not C program text. This does not imply a judgment about
 #	C programs in general.
 # AUTHOR(S)
 #	W.Z. Venema
diff --git a/postfix/master/multi_server.c b/postfix/master/multi_server.c
index 2af61dc9d..8e1bebd4b 100644
--- a/postfix/master/multi_server.c
+++ b/postfix/master/multi_server.c
@@ -360,6 +360,13 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
      */
     signal(SIGPIPE, SIG_IGN);
 
+    /*  
+     * Don't die for frivolous reasons.
+     */
+#ifdef SIGXFSZ
+    signal(SIGXFSZ, SIG_IGN);
+#endif
+
     /*
      * May need this every now and then.
      */
diff --git a/postfix/master/single_server.c b/postfix/master/single_server.c
index 15e500e41..328e35c66 100644
--- a/postfix/master/single_server.c
+++ b/postfix/master/single_server.c
@@ -329,6 +329,13 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...)
      */
     signal(SIGPIPE, SIG_IGN);
 
+    /*  
+     * Don't die for frivolous reasons.
+     */
+#ifdef SIGXFSZ
+    signal(SIGXFSZ, SIG_IGN);
+#endif
+
     /*
      * May need this every now and then.
      */
diff --git a/postfix/master/trigger_server.c b/postfix/master/trigger_server.c
index 7c777319c..23bdf3b19 100644
--- a/postfix/master/trigger_server.c
+++ b/postfix/master/trigger_server.c
@@ -330,6 +330,13 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,..
      */
     signal(SIGPIPE, SIG_IGN);
 
+    /*  
+     * Don't die for frivolous reasons.
+     */
+#ifdef SIGXFSZ
+    signal(SIGXFSZ, SIG_IGN);
+#endif
+
     /*
      * May need this every now and then.
      */
diff --git a/postfix/pipe/pipe.c b/postfix/pipe/pipe.c
index 134d76ea3..870bbbdd2 100644
--- a/postfix/pipe/pipe.c
+++ b/postfix/pipe/pipe.c
@@ -48,7 +48,7 @@
 /*	commands with root privileges, or with the privileges of the
 /*	mail system owner. If \fIgroupname\fR is specified, the
 /*	corresponding group ID is used instead of the group ID of
-/*	of \fIusername\fR.
+/*	\fIusername\fR.
 /* .IP "\fBargv\fR=\fIcommand\fR... (required)"
 /*	The command to be executed. This must be specified as the
 /*	last command attribute.
diff --git a/postfix/postconf/extract.awk b/postfix/postconf/extract.awk
index 43cb9604c..53b83b485 100644
--- a/postfix/postconf/extract.awk
+++ b/postfix/postconf/extract.awk
@@ -1,18 +1,18 @@
 # Extract initialization tables from actual source code.
 
-/static CONFIG_INT_TABLE/,/};/ { 
+/^(static| )*CONFIG_INT_TABLE .*{/,/};/ { 
     if ($1 ~ /VAR/) {
 	print "int " substr($3,2,length($3)-2) ";" > "int_vars.h"
 	print | "sort -u >int_table.h" 
     }
 }
-/static CONFIG_STR_TABLE/,/};/ { 
+/^(static| )*CONFIG_STR_TABLE .*{/,/};/ { 
     if ($1 ~ /VAR/) {
 	print "char *" substr($3,2,length($3)-2) ";" > "str_vars.h"
 	print | "sort -u >str_table.h" 
     }
 }
-/static CONFIG_BOOL_TABLE/,/};/ { 
+/^(static| )*CONFIG_BOOL_TABLE .*{/,/};/ { 
     if ($1 ~ /VAR/) {
 	print "int " substr($3,2,length($3)-2) ";" > "bool_vars.h"
 	print | "sort -u >bool_table.h" 
diff --git a/postfix/postsuper/postsuper.c b/postfix/postsuper/postsuper.c
index eb238ee47..18c2c9b28 100644
--- a/postfix/postsuper/postsuper.c
+++ b/postfix/postsuper/postsuper.c
@@ -246,7 +246,7 @@ static void super(char **queues, int action)
 	     * mkdir() operation is the main reason for this command to run
 	     * with postfix privilege. The mail_queue_mkdirs() routine could
 	     * be fixed to use the "right" privilege, but it is a good idea
-	     * to do everying with the postfix owner privileges regardless,
+	     * to do everything with the postfix owner privileges regardless,
 	     * in order to limit the amount of damage that we can do.
 	     */
 	    (void) mail_queue_path(wanted_path, queue_name, path);
diff --git a/postfix/smtpd/smtpd.c b/postfix/smtpd/smtpd.c
index c511dde45..185077a9e 100644
--- a/postfix/smtpd/smtpd.c
+++ b/postfix/smtpd/smtpd.c
@@ -550,9 +550,10 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 {
     char   *err;
     int     narg;
-    off_t   size = 0;
     char   *arg;
 
+    state->msg_size = 0;
+
     /*
      * Sanity checks. XXX Ignore bad SIZE= values until we can reliably and
      * portably detect overflows while converting from string to off_t.
@@ -589,8 +590,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	    || strcasecmp(arg, "BODY=7BIT") == 0) {
 	     /* void */ ;
 	} else if (strncasecmp(arg, "SIZE=", 5) == 0) {
-	    if ((size = off_cvt_string(arg + 5)) < 0)
-		size = 0;
+	    if ((state->msg_size = off_cvt_string(arg + 5)) < 0)
+		state->msg_size = 0;
 	} else {
 	    state->error_mask |= MAIL_ERROR_PROTOCOL;
 	    smtpd_chat_reply(state, "555 Unsupported option: %s", arg);
@@ -604,7 +605,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
-    if ((err = smtpd_check_size(state, size)) != 0) {
+    if ((SMTPD_STAND_ALONE(state) || var_smtpd_delay_reject == 0)
+	&& (err = smtpd_check_size(state, state->msg_size)) != 0) {
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
diff --git a/postfix/smtpd/smtpd.h b/postfix/smtpd/smtpd.h
index 32b7dec7b..13549faca 100644
--- a/postfix/smtpd/smtpd.h
+++ b/postfix/smtpd/smtpd.h
@@ -52,6 +52,7 @@ typedef struct SMTPD_STATE {
     char   *protocol;
     char   *where;
     int     recursion;
+    off_t   msg_size;
 } SMTPD_STATE;
 
 extern void smtpd_state_init(SMTPD_STATE *, VSTREAM *);
diff --git a/postfix/smtpd/smtpd_check.c b/postfix/smtpd/smtpd_check.c
index 93a6ff438..aa0e87141 100644
--- a/postfix/smtpd/smtpd_check.c
+++ b/postfix/smtpd/smtpd_check.c
@@ -121,20 +121,20 @@
 /* .IP check_relay_domains
 /*	Allow the request when either the client hostname or the resolved
 /*	recipient domain matches the \fIrelay_domains\fR configuration
-/*	parameter or a subdomain therereof, or when the destination somehow
+/*	parameter or a subdomain thereof, or when the destination somehow
 /*	resolves locally ($inet_interfaces, $mydestination or $virtual_maps).
 /*	Reject the request otherwise.
 /*	The \fIrelay_domains_reject_code\fR configuration parameter specifies
 /*	the reject status code (default: 554).
 /* .IP permit_auth_destination
 /*	Permit the request when the resolved recipient domain matches the
-/*	\fIrelay_domains\fR configuration parameter or a subdomain therereof,
+/*	\fIrelay_domains\fR configuration parameter or a subdomain thereof,
 /*	or when the destination somehow resolves locally ($inet_interfaces,
 /*	$mydestination or $virtual_maps).
 /* .IP reject_unauth_destination
 /*	Reject the request when the resolved recipient domain does not match
 /*	the \fIrelay_domains\fR configuration parameter or a subdomain
-/*	therereof, and when the destination does not somehow resolve locally
+/*	thereof, and when the destination does not somehow resolve locally
 /*	($inet_interfaces, $mydestination or $virtual_maps).
 /*	Same error code as check_relay_domains.
 /* .IP reject_unauth_pipelining
@@ -1849,7 +1849,8 @@ char   *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient)
     if (var_smtpd_delay_reject)
 	if ((err = smtpd_check_client(state)) != 0
 	    || (err = smtpd_check_helo(state, state->helo_name)) != 0
-	    || (err = smtpd_check_mail(state, state->sender)) != 0)
+	    || (err = smtpd_check_mail(state, state->sender)) != 0
+	    || (err = smtpd_check_size(state, state->msg_size)) != 0)
 	    SMTPD_CHECK_RCPT_RETURN(err);
 
     /*
diff --git a/postfix/smtpd/smtpd_state.c b/postfix/smtpd/smtpd_state.c
index a14b64216..a5d8c7dab 100644
--- a/postfix/smtpd/smtpd_state.c
+++ b/postfix/smtpd/smtpd_state.c
@@ -86,6 +86,7 @@ void    smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream)
     state->protocol = "SMTP";
     state->where = SMTPD_AFTER_CONNECT;
     state->recursion = 0;
+    state->msg_size = 0;
 
     /*
      * Initialize peer information.
diff --git a/postfix/util/dict_mysql.c b/postfix/util/dict_mysql.c
index 8f3263779..6c6bd3ef2 100644
--- a/postfix/util/dict_mysql.c
+++ b/postfix/util/dict_mysql.c
@@ -224,7 +224,7 @@ static MYSQL_RES *plmysql_query(PLMYSQL *PLDB,
 
 	/* answer already found */
 	if (res != 0 && host->stat == STATACTIVE) {
-	    msg_info("dict_mysql: closing unnessary connection to %s", host->hostname);
+	    msg_info("dict_mysql: closing unnecessary connection to %s", host->hostname);
 	    mysql_close(&(host->db));		/* also frees memory, have to
 						 * reallocate it */
 	    host->db = *((MYSQL *) mymalloc(sizeof(MYSQL)));