From 12de4b138030a98606c3b9383f1dfd29cc2b7e55 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 25 Feb 2001 00:00:00 -0500
Subject: [PATCH] snapshot-20010225

---
 postfix/HISTORY                    |  21 ++++-
 postfix/RELEASE_NOTES              |   8 ++
 postfix/conf/main.cf               |  47 +++++-----
 postfix/conf/postfix-script-nosgid |   2 +
 postfix/conf/postfix-script-sgid   |   2 +
 postfix/conf/sample-misc.cf        |  41 ++++++---
 postfix/conf/sample-smtpd.cf       |  32 +++++++
 postfix/html/basic.html            |  86 ++++++++++++------
 postfix/html/faq.html              | 141 +++++++++++++++++++++++------
 postfix/html/uce.html              |   3 +-
 postfix/src/global/mail_params.c   |   2 +-
 postfix/src/global/mail_params.h   |   5 +
 postfix/src/global/mail_version.h  |   2 +-
 postfix/src/master/master_sig.c    |  43 +++++++++
 postfix/src/nqmgr/qmgr.c           |   4 +
 postfix/src/postconf/Makefile.in   |   2 -
 postfix/src/postconf/local_table.h |   1 -
 postfix/src/postconf/local_vars.h  |   1 -
 postfix/src/postconf/postconf.c    |   2 -
 postfix/src/qmgr/qmgr.c            |   2 +
 postfix/src/util/inet_addr_local.c |  16 +++-
 21 files changed, 358 insertions(+), 105 deletions(-)
 delete mode 100644 postfix/src/postconf/local_table.h
 delete mode 100644 postfix/src/postconf/local_vars.h

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 813c90c65..cee5cc5d3 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -4925,10 +4925,29 @@ Apologies for any names omitted.
 	Portability: MACOSX patches by Gerben Wierda.
 
 	Portability: Solaris /dev/null is a symlink, which tripped
-	up the code to safely open a file before delivery. We now
+	up the code to safely open a file before local delivery. We now
 	grudgingly allow symlinks owned by root. File: util/safe_open.c.
 
 20010224
 
 	Bugfix: "postconf mynetworks" ignored the inet_interfaces
 	setting. That was a very old one. File: postconf/postconf.c.
+
+	INCOMPATIBLE CHANGE: POSTFIX NO LONGER RELAYS MAIL FOR
+	CLIENTS IN THE ENTIRE CLASS A/B/C NETWORK. POSTFIX BY
+	DEFAULT RELAYS MAIL FOR CLIENTS IN THE LOCAL SUBNETWORK.
+	Specify "mynetworks_style = class" to get the old behavior.
+
+20010225
+
+	Portability: master sigchld handler based on writing to a
+	pipe, so that the master wakes up from select(). Based on
+	code by Erik Forsberg, Linkoping University, Sweden.  File:
+	master/master_sig.c. Disabled until after the major release.
+
+	Code cleanup: Postfix should now run with no alias database.
+
+	Code cleanup: local_destination_recipient_limit and
+	local_destination_concurrency_limit are not first-class
+	configuration parameters. Files: global/mail_params.h,
+	*qmgr/qmgr.c, postconf/postconf.c.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 1cfc98c8e..6c8a4c82d 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,3 +1,11 @@
+Incompatible changes with snapshot-20010225
+===========================================
+
+POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN THE ENTIRE CLASS A/B/C
+NETWORK. To get the old behavior, specify "mynetworks_style = class"
+in the main.cf file. The default (mynetworks_style = subnet) is to
+relay for clients in the local IP subnet. See conf/main.cf.
+
 Incompatible changes with snapshot-20010222
 ===========================================
 
diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index b6476b6c5..a618ef772 100644
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -120,37 +120,35 @@ mail_owner = postfix
 #mydestination = $myhostname, localhost.$mydomain, $mydomain,
 #	mail.$mydomain, www.$mydomain, ftp.$mydomain
 
-# RELAY CONTROL
+# TRUST AND RELAY CONTROL
 
-# The mynetworks parameter specifies the list of networks that make
-# up the local neighborhood. The list is used by the anti-UCE
-# software to relay authorize clients. See the check_relay_domains
-# and and smtpd_recipient_restrictions in the sample-smtpd.cf file.
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
 #
-# By default, Postfix derives the mynetworks setting from the local
-# machine network addresses.
-
-# The mynetworks_style parameter specifies how Postfix computes the
-# mynetworks default value from the local machine network addresses.
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in file sample-smtpd.cf.
 #
-# By default (mynetworks_style = subnet), Postfix relay authorizes
-# all clients in the subnets that are attached to this machine.
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
 # 
-# Specify "mynetworks_style = class" when you want to relay authorize
-# all clients in the class A, B or C networks that are attached to
-# to this machine.
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# This used to be the default. It is appropriate for service providers.
 #  
-# Specify "mynetworks_style = host" if you do not want to relay
-# authorize clients other than the local machine.
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
 # 
 # mynetworks_style = class
 # mynetworks_style = subnet
 # mynetworks_style = host
 
-# Instead of implicitly deriving the mynetworks value from local
-# machine addresses, you can specify an explicit list of network/mask
-# patterns, where the mask specifies the number of bits in the network
-# part of a host address.
+# Instead of using mynetworks_style to implicitly derive the mynetworks
+# list from local machine addresses, you can specify an explicit list
+# of network/netmask patterns, where the mask specifies the number of
+# bits in the network part of a host address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here.
@@ -430,10 +428,11 @@ mail_owner = postfix
 # raise eyebrows.
 # 
 # Each message delivery transport has its XXX_destination_concurrency_limit
-# parameter.  The default is $default_destination_concurrency_limit.
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
 
-local_destination_concurrency_limit = 2
-default_destination_concurrency_limit = 10
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 10
 
 # DEBUGGING CONTROL
 #
diff --git a/postfix/conf/postfix-script-nosgid b/postfix/conf/postfix-script-nosgid
index d2374041a..2c5d43ae2 100755
--- a/postfix/conf/postfix-script-nosgid
+++ b/postfix/conf/postfix-script-nosgid
@@ -247,6 +247,8 @@ EOF
 	(echo "$found" | grep bounce >/dev/null) || missing="$missing bounce"
 	(echo "$found" | grep defer >/dev/null)  || missing="$missing defer"
 	(echo "$found" | grep flush >/dev/null)  || missing="$missing flush"
+	(echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming"
+	(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
 	test -n "$missing" && {
 		$WARN fixing main.cf hash_queue_names for missing $missing
 		$command_directory/postconf -e hash_queue_names="$found$missing"
diff --git a/postfix/conf/postfix-script-sgid b/postfix/conf/postfix-script-sgid
index f86fdc3c9..a635ef679 100755
--- a/postfix/conf/postfix-script-sgid
+++ b/postfix/conf/postfix-script-sgid
@@ -248,6 +248,8 @@ EOF
 	(echo "$found" | grep bounce >/dev/null) || missing="$missing bounce"
 	(echo "$found" | grep defer >/dev/null)  || missing="$missing defer"
 	(echo "$found" | grep flush >/dev/null)  || missing="$missing flush"
+	(echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming"
+	(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
 	test -n "$missing" && {
 		$WARN fixing main.cf hash_queue_names for missing $missing
 		$command_directory/postconf -e hash_queue_names="$found$missing"
diff --git a/postfix/conf/sample-misc.cf b/postfix/conf/sample-misc.cf
index ed7b57db4..27ddd9a75 100644
--- a/postfix/conf/sample-misc.cf
+++ b/postfix/conf/sample-misc.cf
@@ -211,23 +211,34 @@ mydestination = $myhostname, localhost.$mydomain
 # myorigin = $mydomain
 myorigin = $myhostname
 
-# The mynetworks parameter specifies the list of networks that are
-# local to this machine.  The list is used by the anti-UCE software
-# to distinguish local clients from strangers. See permit_mynetworks
-# in the sample-smtpd.cf file.
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
 #
-# The mynetworks parameter specifies the list of networks that are
-# local to this machine.  The list is used by the anti-UCE software
-# to distinguish local clients from strangers. See permit_mynetworks
-# and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in file sample-smtpd.cf.
 #
-# The default is a list of all networks attached to the machine:  a
-# complete class A network (X.0.0.0/8), a complete class B network
-# (X.X.0.0/16), and so on. If you want stricter control, specify a
-# list of network/mask patterns, where the mask specifies the number
-# of bits in the network part of a host address. You can also specify
-# the absolute pathname of a pattern file instead of listing the
-# patterns here.
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# This used to be the default. It is appropriate for service providers.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+# mynetworks_style = class
+# mynetworks_style = subnet
+# mynetworks_style = host
+
+# Instead of using mynetworks_style to implicitly derive the mynetworks
+# list from local machine addresses, you can specify an explicit list
+# of network/netmask patterns, where the mask specifies the number of
+# bits in the network part of a host address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here.
 #
 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
 
diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf
index 56f301800..aa80fd291 100644
--- a/postfix/conf/sample-smtpd.cf
+++ b/postfix/conf/sample-smtpd.cf
@@ -101,6 +101,38 @@ smtpd_hard_error_limit = 100
 # UCE RESTRICTIONS
 #
 
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in file sample-smtpd.cf.
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# This used to be the default. It is appropriate for service providers.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+# mynetworks_style = class
+mynetworks_style = subnet
+# mynetworks_style = host
+
+# Instead of using mynetworks_style to implicitly derive the mynetworks
+# list from local machine addresses, you can specify an explicit list
+# of network/netmask patterns, where the mask specifies the number of
+# bits in the network part of a host address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here.
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+
 # The smtpd_client_restrictions parameter specifies optional restrictions
 # on SMTP client host names and addresses.
 #
diff --git a/postfix/html/basic.html b/postfix/html/basic.html
index a769d5619..d0fb4f374 100644
--- a/postfix/html/basic.html
+++ b/postfix/html/basic.html
@@ -163,27 +163,20 @@ hostnames of the machine, including $myhostname, and localhost.$mydomain.
 
 <a name="relaying"> <h2> What clients to relay mail for </h2> </a>
 
-By default, Postfix will relay mail for clients in relay authorized
-networks and in relay authorized domains.
+By default, Postfix will relay mail for clients in authorized
+networks and in authorized domains.
 
 <p>
 
-Relay authorized client networks are defined by the <a
+Authorized client networks are defined by the <a
 href="#mynetworks">mynetworks</a> parameter. The default is to
-relay authorize all clients in all class A, B or C networks that
-are attached to the machine.  
+authorize all clients in the IP subnetworks that the local machine
+is attached to.
 
 <p>
 
-<b>YOU MUST <a href="#mynetworks">CHANGE</a> THIS DEFAULT SETTING
-IF YOUR ADDRESS BLOCK IS PART OF A LARGER ADDRESS RANGE THAT IS
-OWNED BY YOUR PROVIDER - IT WOULD CAUSE POSTFIX TO RELAY MAIL FROM
-ALL THEIR CUSTOMERS</b>.
-
-<p>
-
-Relay authorized client domains are by defined by the <a
-href="uce.html#relay_domains"> relay_domains</a> comfiguration
+Authorized client domains are by defined by the <a
+href="uce.html#relay_domains"> relay_domains</a> configuration
 parameter. The default setting trusts clients with hostnames below
 the domain(s) listed in <a href="#mydestination">mydestination</a>.
 
@@ -315,18 +308,54 @@ top-level domain).
 <a name="mynetworks"> <h2> My own networks </h2> </a>
 
 The <b>mynetworks</b> parameter lists all networks that this machine
-is attached to. This information can be used by the <a href="uce.html">
-anti-UCE</a> features to distinguish between relay authorized
-clients and relay unauthorized strangers.
+somehow trusts. This information can be used by the <a href="uce.html">
+anti-UCE</a> features to recognize trusted SMTP clients that are
+allowed to relay mail through Postfix.
 
 <p>
 
-By default, <b>mynetworks</b> is set to the class A, B or C networks
-that the machine is attached to. For example, for my machines at
-home, the result is: <b>168.100.0.0/16 127.0.0.0/8.  </b> However,
-network <b>168.100</b> is owned by my ISP. Of course I do not want
-to consider all their customer systems as relay authorized clients,
-so I use instead:
+You can specify the list of trusted networks in the <b>main.cf</b>
+file, or you can let Postfix deduce the list for you. The default
+is to let Postfix do the work for you.
+
+<p>
+
+<dl>
+
+<dt> Default:
+
+<dd> <b>mynetworks_style = subnet</b>
+
+<p>
+
+<dt>The meaning of the styles is as follows:
+
+<p>
+
+<dl>
+
+<dt> <b>class</b> <dd> Trust SMTP clients in the class A/B/C networks
+that Postfix is connected to.
+
+<p>
+
+<dt> <b>subnet</b> (default) <dd> Trust SMTP clients in the IP
+subnetworks that Postfix is connected to.
+
+<p>
+
+<dt> <b>host</b> <dd> Trust only the local machine.
+
+</dl>
+
+</dl>
+
+<p>
+
+To specify the list of trusted networks by hand, specify 
+network blocks in CIDR (network/mask) notation, for example:
+
+<p>
 
 <dl>
 
@@ -346,9 +375,14 @@ as if it is addressed to a domain listed in <b> $mydestination.
 
 The default is to listen on all active interfaces.  If you run
 mailers on virtual interfaces, you will have to specify what
-interfaces to listen on. This includes the non-virtual mailer that
-receives mail for the machine itself as well: it should never listen
-on the virtual interfaces or you would have a mailer loop.
+interfaces to listen on. 
+
+<p>
+
+You even have to specify explicit machine interfaces for the
+non-virtual mailer that receives mail for the machine itself: the
+non-virtual mailer should never listen on the virtual interfaces
+or you would have a mailer loop.
 
 <dl>
 
diff --git a/postfix/html/faq.html b/postfix/html/faq.html
index 6f2dc9829..0e39f9d05 100644
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@@ -24,6 +24,8 @@
 
 <li><a href="#example_config">Example configurations</a>
 
+<li><a href="#warnings">Postfix warnings and error messages</a>
+
 <li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
 
 <li><a href="#moby">Running hundreds of Postfix processes</a>
@@ -74,6 +76,26 @@
 
 </ul>
 
+<p>
+
+<a name="warnings"><h3>Postfix warnings and error messages</h3>
+
+<ul>
+
+<li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
+
+<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
+
+<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
+
+<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
+
+<li><a href="#noalias">What does "fatal: open database /etc/aliases.db" mean?</a>
+
+</ul>
+
+<p>
+
 <a name="sendmail_incompatibility"><h3>Sendmail incompatibility</h3>
 
 <ul>
@@ -116,16 +138,7 @@ distribution list</a>
 
 <ul>
 
-<li><a href="#incoming">Too much mail in the incoming queue</a>
-
-<li><a href="#delay">Postfix responds slowly to incoming SMTP connections</a>
-
-</ul>
-
-
-<ul>
-
-<li><a href="#incoming">Too much mail in the incoming queue</a>
+<li><a href="#incoming">Mail stays queued in the incoming queue</a>
 
 <li><a href="#delay">Postfix responds slowly to incoming SMTP connections</a>
 
@@ -163,7 +176,7 @@ domains with "relay access denied"</a>
 
 <ul>
 
-<li><a href="#dns-again">All remote mail stays queued with: Host not found, try again</a>
+<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
 
 <li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
 
@@ -179,6 +192,8 @@ domains with "relay access denied"</a>
 
 <li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
 
+<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
+
 <li><a href="#bogus">Postfix accepts mail for non-existing local users</a>
 
 <li><a href="#some_local">Delivering some users locally while
@@ -197,6 +212,8 @@ distribution list</a>
 
 <li><a href="#owner-foo">Postfix ignores the owner-list alias</a>
 
+<li><a href="#noalias">What does "fatal: open database /etc/aliases.db" mean?</a>
+
 </ul>
 
 <a name="mailing_lists"><h3>Mailing lists</h3>
@@ -295,7 +312,7 @@ mailbox</a>
 <a name="stand_alone"><h3>Stand-alone machine</h3>
 
 Out of the box, Postfix should work without change on a stand-alone
-machine that is has direct Internet access.  At least, that is how
+machine that has direct Internet access.  At least, that is how
 Postfix installs when you download the Postfix source code. If you
 are on a firewalled intranet, or if your machine is dial-up connected
 only a small part of the time, see the respective sections.
@@ -836,6 +853,19 @@ delivery agent deals with undeliverable mail.
 
 <hr>
 
+<a name="noalias"><h3>What does "fatal: open database /etc/aliases.db" mean?</h3></a>
+
+Your aliases database is corrupt or it is missing. Execute the 
+following command as root:
+
+<p>
+
+<pre>
+    # newaliases
+</pre>
+
+<hr>
+
 <a name="moby-freebsd"><h3>Running hundreds of Postfix processes on FreeBSD</h3></a>
 
 With hundreds of Postfix processes, the kernel will eventually
@@ -883,6 +913,10 @@ is likely to run out of process slots.
 
 <p>
 
+The following information is kernel version dependent.
+
+<p>
+
 To set parameters at boot time on Linux systems that have
 <b>/etc/sysctl.conf</b>, add the following lines:
 
@@ -911,7 +945,7 @@ commands as <b>root</b>:
 
 <hr>
 
-<a name="incoming"><h3>Too much mail in the incoming queue</h3></a>
+<a name="incoming"><h3>Mail stays queued in the incoming queue</h3></a>
 
 <blockquote>
 
@@ -934,14 +968,16 @@ You solve the problem by getting faster disks.
 
 <p>
 
-I am still solving the scheduling problem from the software side.
+I am still solving the scheduling problem from the software side,
+but don't hold your breath.
 
 <p>
 
 Currently, the workaround is to configure multiple IP addresses
-per machine, and to run one Postfix instance per IP address.  The
-Postfix instances can't share queue directories, but sharing mailbox
-directories is OK.
+per machine, and to run one Postfix instance per IP address, each
+instance preferably on a different disk.  The Postfix instances
+can't share queue directories, but sharing mailbox directories is
+OK.
 
 <p>
 
@@ -962,9 +998,10 @@ depending on the interface that it is supposed to handle.
 <p>
 
 <pre>
-    queue_directory = /my/own/queue/directory
-    myhostname = foo1.my.domain
-    inet_interfaces = $myhostname
+    /my/own/main.cf:
+	queue_directory = /my/own/queue/directory
+	myhostname = foo1.my.domain
+	inet_interfaces = $myhostname
 </pre>
 
 <hr>
@@ -1347,7 +1384,8 @@ host.
 
 <a name="backup"><h3>Configuring Postfix as backup MX host</h3></a>
 
-When you are SECONDARY MX for some other domain this is all you need:
+When you are <b>secondary mx</b> for a <b>remote site</b> this is
+all you need:
 
 <p>
 
@@ -1356,12 +1394,14 @@ When you are SECONDARY MX for some other domain this is all you need:
         the.backed-up.domain.name        IN      MX 100 your.machine.name
 
     /etc/postfix/main.cf:
-        relay_domains = the.backed-up.domain.name
+        relay_domains = $mydestination the.backed-up.domain.name
+	smtpd_recipient_restrictions = permit_mynetworks check_relay_domains
 </pre>
 
 <p>
 
-When you are PRIMARY MX for some other domain you also need:
+When you are <b>primary mx</b> for a <b>remote site</b> you also
+need:
 
 <p>
 
@@ -1381,11 +1421,11 @@ types Postfix supports, use the command <b>postconf -m</b>.
 
 <hr>
 
-<a name="dns-again"><h3>All remote mail stays queued with: Host not found, try again</h3></a>
+<a name="dns-again"><h3>Mail stays queued with: Host not found, try again</h3></a>
 
 <blockquote>
 
-When I connect send mail to a remote address, the following happens:
+When I send mail to a remote address, the following happens:
 
 <p>
 
@@ -1397,15 +1437,35 @@ When I connect send mail to a remote address, the following happens:
 	service error for domain recip.domain: Host not found, try again)
 </pre>
 
+<p>
+
+However, I can nslookup the hostname just fine.
+
 </blockquote>
 
 <p>
 
+There can be several different problems.
+
+<p>
+
+<ul>
+
+<li> First of all, the result of nslookup for the hostname may be
+irrelevant. Postfix is required to look up the MX record first. So
+your nslookup test should begin with asking for the MX record. Some
+DNS servers are broken and produce no reply when asked for a
+non-existent MX record.
+
+<p> <li>
+
 Check out your Postfix <b>master.cf</b> file. If the SMTP client
 runs chrooted, then it needs a bunch of files inside the Postfix
 queue directory.  Examples are in the source distribution in the
 <b>examples</b> subdirectory.
 
+</ul>
+
 <hr>
 
 <a name="timeouts"><h3>Mail fails consistently with timeout or lost connection</h3></a>
@@ -1641,7 +1701,36 @@ specify:
 <p>
 
 To enable the <b>comsat</b> network service, uncomment the
-corresponding entry in the <b>inetd.conf</b> file.
+corresponding entry in the <b>inetd.conf</b> file, and <b>kill -HUP</b>
+the <b>inetd</b> process.
+
+<hr>
+
+<a name="nisdom"><h3>What does "NIS domain name not set - NIS lookups disabled" mean?</h3>
+
+<p>
+
+The warning message means that NIS (Network Information Service)
+is not enabled on your machine.  That is perfectly OK. It's just
+hard for Postfix to find out about these things ahead of time.
+
+<p>
+
+To disable the <b>NIS</b> client code in the Postfix local delivery agent,
+update the corresponding section in the <b>main.cf</b> file and specify
+one of the following, depending on the type of aliases file:
+
+<p>
+
+<pre>
+/etc/postfix/main.cf:
+    alias_maps = $alias_database
+</pre>
+
+<p>
+
+This forces Postfix to use only the local aliases database, if one
+is defined.
 
 <hr>
 
diff --git a/postfix/html/uce.html b/postfix/html/uce.html
index 1fe7b0cbf..6333a381c 100644
--- a/postfix/html/uce.html
+++ b/postfix/html/uce.html
@@ -109,7 +109,8 @@ is allowed in message headers.
 <dt>Syntax:
 
 <dd>Specify a list of zero or more lookup tables. Whenever a header
-matches a table, a REJECT result means reject the message. 
+matches a table, a REJECT result means reject the message, and a 
+SKIP result means delete the header from the message.
 
 <p>
 
diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c
index 52cf7e61b..ed04630aa 100644
--- a/postfix/src/global/mail_params.c
+++ b/postfix/src/global/mail_params.c
@@ -282,7 +282,7 @@ void    mail_params_init()
 	VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 1, 0,
 	VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
 	VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
-	VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 1, 0,
+	VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
 	VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
 	VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
 	VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 02eb7fd6a..294fd1fc5 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -530,6 +530,10 @@ extern int var_init_dest_concurrency;
 #define DEF_DEST_CON_LIMIT	10
 extern int var_dest_con_limit;
 
+#define VAR_LOCAL_CON_LIMIT	"local" _DEST_CON_LIMIT
+#define DEF_LOCAL_CON_LIMIT	2
+extern int var_local_con_lim;
+
  /*
   * Queue manager: default number of recipients per transaction.
   */
@@ -540,6 +544,7 @@ extern int var_dest_rcpt_limit;
 
 #define VAR_LOCAL_RCPT_LIMIT	"local" _DEST_RCPT_LIMIT	/* XXX */
 #define DEF_LOCAL_RCPT_LIMIT	1	/* XXX */
+extern int var_local_rcpt_lim;
 
  /*
   * Queue manager: default delay before retrying a dead transport.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 291dc89bd..d1dadc6b3 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20010224"
+#define DEF_MAIL_VERSION	"Snapshot-20010225"
 extern char *var_mail_version;
 
 /* LICENSE
diff --git a/postfix/src/master/master_sig.c b/postfix/src/master/master_sig.c
index 0ad0fa7b1..a113b13c6 100644
--- a/postfix/src/master/master_sig.c
+++ b/postfix/src/master/master_sig.c
@@ -56,6 +56,17 @@
 
 /* Local stuff. */
 
+#ifdef USE_SIG_PIPE
+#include <errno.h>
+#include <fcntl.h>
+#include <iostuff.h>
+
+int     master_sig_pipe[2];
+
+#define SIG_PIPE_WRITE_FD master_sig_pipe[1]
+#define SIG_PIPE_READ_FD master_sig_pipe[0]
+#endif
+
 int     master_gotsigchld;
 int     master_gotsighup;
 
@@ -99,6 +110,29 @@ static void master_sigchld(int sig, int code, struct sigcontext * scp)
 
 #else
 
+#ifdef USE_SIG_PIPE
+
+/* master_sigchld - force wakeup from select() */
+
+static void master_sigchld(int sig)
+{
+    if (write(SIG_PIPE_WRITE_FD, "", 1) != 1)
+	msg_warn("write to SIG_PIPE_WRITE_FD failed: %m");
+}
+
+/* master_sig_event - called upon return from select() */
+
+static void master_sig_event(int unused_event, char *unused_context)
+{
+    char    c[1];
+
+    while (read(SIG_PIPE_READ_FD, c, 1) > 0)
+	 /* void */ ;
+    master_gotsigchld = 1;
+}
+
+#else
+
 static void master_sigchld(int sig)
 {
 
@@ -111,6 +145,7 @@ static void master_sigchld(int sig)
     master_gotsigchld = sig;
 }
 
+#endif
 #endif
 
 /* master_sigdeath - die, women and children first */
@@ -174,6 +209,14 @@ void    master_sigsetup(void)
 	if (sigaction(sigs[i], &action, (struct sigaction *) 0) < 0)
 	    msg_fatal("%s: sigaction(%d): %m", myname, sigs[i]);
 
+#ifdef USE_SIG_PIPE
+    if (pipe(master_sig_pipe))
+	msg_fatal("pipe: %m");
+    non_blocking(SIG_PIPE_WRITE_FD, NON_BLOCKING);
+    non_blocking(SIG_PIPE_READ_FD, NON_BLOCKING);
+    event_enable_read(SIG_PIPE_READ_FD, master_sig_event, (char *) 0);
+#endif
+
     /*
      * Intercept SIGHUP (re-read config file) and SIGCHLD (child exit).
      */
diff --git a/postfix/src/nqmgr/qmgr.c b/postfix/src/nqmgr/qmgr.c
index c7cbd62c5..030c82d2d 100644
--- a/postfix/src/nqmgr/qmgr.c
+++ b/postfix/src/nqmgr/qmgr.c
@@ -332,6 +332,8 @@ char   *var_relocated_maps;
 char   *var_virtual_maps;
 char   *var_defer_xports;
 bool    var_allow_min_user;
+int     var_local_con_lim;
+int     var_local_rcpt_lim;
 
 static QMGR_SCAN *qmgr_incoming;
 static QMGR_SCAN *qmgr_deferred;
@@ -530,6 +532,8 @@ int     main(int argc, char **argv)
 	VAR_INIT_DEST_CON, DEF_INIT_DEST_CON, &var_init_dest_concurrency, 1, 0,
 	VAR_DEST_CON_LIMIT, DEF_DEST_CON_LIMIT, &var_dest_con_limit, 0, 0,
 	VAR_DEST_RCPT_LIMIT, DEF_DEST_RCPT_LIMIT, &var_dest_rcpt_limit, 0, 0,
+	VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0,
+	VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0,
 	0,
     };
     static CONFIG_BOOL_TABLE bool_table[] = {
diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in
index c5d00c038..1cf467723 100644
--- a/postfix/src/postconf/Makefile.in
+++ b/postfix/src/postconf/Makefile.in
@@ -94,12 +94,10 @@ postconf.o: bool_vars.h
 postconf.o: int_vars.h
 postconf.o: str_vars.h
 postconf.o: raw_vars.h
-postconf.o: local_vars.h
 postconf.o: smtp_vars.h
 postconf.o: time_table.h
 postconf.o: bool_table.h
 postconf.o: int_table.h
 postconf.o: str_table.h
-postconf.o: local_table.h
 postconf.o: smtp_table.h
 postconf.o: raw_table.h
diff --git a/postfix/src/postconf/local_table.h b/postfix/src/postconf/local_table.h
deleted file mode 100644
index c612ab7d1..000000000
--- a/postfix/src/postconf/local_table.h
+++ /dev/null
@@ -1 +0,0 @@
-    "local_destination_concurrency_limit", "$default_destination_concurrency_limit", &var_local_destination_concurrency_limit, 0, 0,
diff --git a/postfix/src/postconf/local_vars.h b/postfix/src/postconf/local_vars.h
deleted file mode 100644
index c09dc1473..000000000
--- a/postfix/src/postconf/local_vars.h
+++ /dev/null
@@ -1 +0,0 @@
-char   *var_local_destination_concurrency_limit;
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 512ed8ed9..da7d5625e 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -130,7 +130,6 @@ DICT   *text_table;
  /*
   * Manually extracted.
   */
-#include "local_vars.h"
 #include "smtp_vars.h"
 
  /*
@@ -153,7 +152,6 @@ static CONFIG_INT_TABLE int_table[] = {
 
 static CONFIG_STR_TABLE str_table[] = {
 #include "str_table.h"
-#include "local_table.h"		/* XXX */
 #include "smtp_table.h"			/* XXX */
     0,
 };
diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c
index 97488cd63..7513aa368 100644
--- a/postfix/src/qmgr/qmgr.c
+++ b/postfix/src/qmgr/qmgr.c
@@ -292,6 +292,7 @@ bool    var_allow_min_user;
 int     var_qmgr_fudge;
 int     var_qmgr_hog;
 int     var_local_rcpt_lim;		/* XXX */
+int     var_local_con_lim;		/* XXX */
 
 static QMGR_SCAN *qmgr_incoming;
 static QMGR_SCAN *qmgr_deferred;
@@ -489,6 +490,7 @@ int     main(int argc, char **argv)
 	VAR_QMGR_FUDGE, DEF_QMGR_FUDGE, &var_qmgr_fudge, 10, 100,
 	VAR_QMGR_HOG, DEF_QMGR_HOG, &var_qmgr_hog, 10, 100,
 	VAR_LOCAL_RCPT_LIMIT, DEF_LOCAL_RCPT_LIMIT, &var_local_rcpt_lim, 0, 0,
+	VAR_LOCAL_CON_LIMIT, DEF_LOCAL_CON_LIMIT, &var_local_con_lim, 0, 0,
 	0,
     };
     static CONFIG_BOOL_TABLE bool_table[] = {
diff --git a/postfix/src/util/inet_addr_local.c b/postfix/src/util/inet_addr_local.c
index 5eca34397..0a3cb22a8 100644
--- a/postfix/src/util/inet_addr_local.c
+++ b/postfix/src/util/inet_addr_local.c
@@ -15,8 +15,8 @@
 /*	specified address list. The result value is the number of
 /*	active interfaces found.
 /*
-/*	The mask_list is either a null pointer, or it is an list
-/*	that receives the netmasks corresponding to the address list.
+/*	The mask_list is either a null pointer, or it is a list that
+/*	receives the netmasks of the interface addresses that were found.
 /* DIAGNOSTICS
 /*	Fatal errors: out of memory.
 /* SEE ALSO
@@ -46,6 +46,7 @@
 #include <sys/sockio.h>
 #endif
 #include <errno.h>
+#include <string.h>
 
 /* Utility library. */
 
@@ -61,12 +62,15 @@
 #ifdef _SIZEOF_ADDR_IFREQ
 #define NEXT_INTERFACE(ifr) ((struct ifreq *) \
 	((char *) ifr + _SIZEOF_ADDR_IFREQ(*ifr)))
+#define IFREQ_SIZE(ifr)	_SIZEOF_ADDR_IFREQ(*ifr)
 #else
 #ifdef HAS_SA_LEN
 #define NEXT_INTERFACE(ifr) ((struct ifreq *) \
 	((char *) ifr + sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len))
+#define IFREQ_SIZE(ifr)	(sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len)
 #else
 #define NEXT_INTERFACE(ifr) (ifr + 1)
+#define IFREQ_SIZE(ifr)	sizeof(ifr[0])
 #endif
 #endif
 
@@ -82,6 +86,7 @@ int     inet_addr_local(INET_ADDR_LIST *addr_list, INET_ADDR_LIST *mask_list)
     VSTRING *buf = vstring_alloc(1024);
     int     initial_count = addr_list->used;
     struct in_addr addr;
+    struct ifreq *ifr_mask;
 
     if ((sock = socket(PF_INET, SOCK_DGRAM, 0)) < 0)
 	msg_fatal("%s: socket: %m", myname);
@@ -126,10 +131,13 @@ int     inet_addr_local(INET_ADDR_LIST *addr_list, INET_ADDR_LIST *mask_list)
 	    if (addr.s_addr != INADDR_ANY) {	/* has IP address */
 		inet_addr_list_append(addr_list, &addr);
 		if (mask_list) {
-		    if (ioctl(sock, SIOCGIFNETMASK, ifr) < 0)
+		    ifr_mask = (struct ifreq *) mymalloc(IFREQ_SIZE(ifr));
+		    memcpy((char *) ifr_mask, (char *) ifr, IFREQ_SIZE(ifr));
+		    if (ioctl(sock, SIOCGIFNETMASK, ifr_mask) < 0)
 			msg_fatal("%s: ioctl SIOCGIFNETMASK: %m", myname);
-		    addr = ((struct sockaddr_in *) & ifr->ifr_addr)->sin_addr;
+		    addr = ((struct sockaddr_in *) & ifr_mask->ifr_addr)->sin_addr;
 		    inet_addr_list_append(mask_list, &addr);
+		    myfree((char *) ifr_mask);
 		}
 	    }
 	}