postfix-2.9-20110615

postfix/HISTORY

@@ -16828,3 +16828,16 @@ Apologies for any names omitted.
 	Cleanup: removed the PSC_STATE_FLAG_CACHE_EXPIRED flag.
 	Nothing uses this anymore. Files: postscreen/postscreen.h,
 	postscreen/postscreen_state.c, postscreen/postscreen_tests.c.
+
+20110614
+
+	Linux kernel version 3 support. Linus Torvalds has reset
+	the counters for reasons not related to changes in code.
+	Files: makedefs, util/sys_defs.h.
+
+20110615
+
+	Workaround: some Spamhaus RHSBL rejects lookups with "No
+	IP queries" even if the name has an alphanumerical prefix.
+	We play safe, and skip both RHSBL and RHSWL queries for
+	names ending in a numerical suffix.  File: smtpd/smtpd_check.c.

postfix/README_FILES/MULTI_INSTANCE_README

@@ -327,7 +327,7 @@ This uses the postmulti(1) command to invoke postconf(1) in the context
 (MAIL_CONFIG=/etc/postfix-out) of the output instance.
 
   * Lines 1-2: With "authorized_submit_users = root", the superuser can test
-    the postix-out instance with "postmulti -i postfix-out -x sendmail -bv
+    the postfix-out instance with "postmulti -i postfix-out -x sendmail -bv
     recipient...", but otherwise local submission remains disabled.
 
   * Lines 1-2: With "master_service_disable =", the "inet" listeners are re-

postfix/WISHLIST

@@ -15,7 +15,30 @@ Wish list:
 	close-on-exec flags.  This could be a way to mitigate the
 	impact of memory/file leaks, and to implement "postfix
 	reload" support for master(8) features that currently don't
-	support this.
+	support this. 
+
+	Sub-second time resolution. The first benefit is to make
+	per-destination rate delays more usable. Other applications
+	will come up once the support exists. The straightforward
+	approach is to represent all time intervals in milliseconds,
+	and to update all code that makes system calls with a time
+	argument (as well as the compiled-in upper and lower time
+	parameter bounds, which are currently in seconds).
+	Unfortunately, that limits he maximum time interval to less
+	than 25 days on 32-bit systems, and is likely to break
+	compatibility (for starters, it cannot even deal with the
+	compiled-in 100d upper bound on the queue file lifetime).
+	A second option is to have a "compatibility" time base
+	switch between milliseconds and seconds; this means extra
+	changes to all code that makes system calls with a time
+	argument, and the way that the compiled-in upper and lower
+	bounds are specified.  Some of this can be encapsulated in
+	macros like time_to_sec(t), time_to_msec(t) and sec_to_time(t).
+	Finally, it is relatively easy to replace the events(3)
+	interface to use "double" for the time delay arguments, but
+	it is a major pain to convert all main.cf time parameters
+	into doubles (converting only some leads to a documentation
+	nightmare).
 
 	postscreen: wait for DNS completion after early HANGUP
 	and log DNSBL.
@@ -34,7 +57,6 @@ Wish list:
 	whitelisting database before the primary MX connection is
 	closed, because a client may still make a mistake.
 
-
 	Don't forget Apple's code donation for fetching mail from
 	IMAP server.
 

postfix/html/MULTI_INSTANCE_README.html

@@ -420,7 +420,7 @@ context (MAIL_CONFIG=/etc/postfix-out) of the output instance.  </p>
 <ul>
 
 <li> <p> Lines 1-2: With "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root", the
-superuser can test the postix-out instance with "postmulti -i
+superuser can test the postfix-out instance with "postmulti -i
 postfix-out -x sendmail -bv recipient...", but otherwise local
 submission remains disabled.  </p>
 

postfix/html/TLS_README.html

@@ -865,9 +865,9 @@ cipher from a list supplied by the server. </p>
 <p> By default, the OpenSSL server selects the client's most preferred
 cipher that the server supports. With SSLv3 and later, the server
 may choose its own most preferred cipher that is supported (offered)
-by the client. Setting "<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = yes" enables server
+by the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server
 cipher preferences. The default OpenSSL behaviour applies with
-"<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = no". </p>
+"<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = no". </p>
 
 <p> While server cipher selection may in some cases lead to a more secure
 or performant cipher choice, there is some risk of interoperability

postfix/html/postconf.5.html

@@ -15404,7 +15404,7 @@ instead of the client's cipher preference order. </p>
 <p> By default, the OpenSSL server selects the client's most preferred
 cipher that the server supports. With SSLv3 and later, the server may
 choose its own most preferred cipher that is supported (offered) by
-the client. Setting "<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher
+the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher
 preferences. </p>
 
 <p> While server cipher selection may in some cases lead to a more secure

postfix/html/smtpd.8.html

@@ -158,7 +158,7 @@ SMTPD(8)                                                              SMTPD(8)
        <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
               Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
               limit, from a time limit per read or  write  system
-              call, to a time limit to send or receive a complete
+              call,  to  a time limit to read or write a complete
               record (an SMTP command line, SMTP  response  line,
               SMTP  message  content  line,  or TLS protocol mes-
               sage).
@@ -568,7 +568,7 @@ SMTPD(8)                                                              SMTPD(8)
 
        Available in Postfix version 2.8 and later:
 
-       <b><a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> (no)</b>
+       <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
               With SSLv3 and later, use the server's cipher pref-
               erence order instead of the client's cipher prefer-
               ence order.
@@ -857,7 +857,7 @@ SMTPD(8)                                                              SMTPD(8)
        <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
               Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
               limit,  from  a time limit per read or write system
-              call, to a time limit to send or receive a complete
+              call, to a time limit to read or write  a  complete
               record  (an  SMTP command line, SMTP response line,
               SMTP message content line,  or  TLS  protocol  mes-
               sage).

postfix/makedefs

@@ -340,6 +340,33 @@ EOF
 		       fi;;
 		esac
 		;;
+    Linux.3*)	SYSTYPE=LINUX3
+		if [ -f /usr/include/db.h ]
+		then
+		    : we are all set
+		elif [ -f /usr/include/db/db.h ]
+		then
+		    CCARGS="$CCARGS -I/usr/include/db"
+		else
+		    # On a properly installed system, Postfix builds
+		    # by including <db.h> and by linking with -ldb
+		    echo "No <db.h> include file found." 1>&2
+		    echo "Install the appropriate db*-devel package first." 1>&2
+		    echo "See the RELEASE_NOTES file for more information." 1>&2
+		    exit 1
+		fi
+		SYSLIBS="-ldb"
+		for name in nsl resolv
+		do
+		    for lib in /usr/lib64 /lib64 /usr/lib /lib
+		    do
+			test -e $lib/lib$name.a -o -e $lib/lib$name.so && {
+			    SYSLIBS="$SYSLIBS -l$name"
+			    break
+			}
+		    done
+		done
+		;;
      GNU.0*|GNU/kFreeBSD.[567]*)
      		SYSTYPE=GNU0
 		# Postfix no longer needs DB 1.85 compatibility

postfix/mantools/postlink

@@ -683,7 +683,7 @@ while (<>) {
     s;\btls_null_cipherlist\b;<a href="postconf.5.html#tls_null_cipherlist">$&</a>;g;
     s;\btls_eecdh_strong_curve\b;<a href="postconf.5.html#tls_eecdh_strong_curve">$&</a>;g;
     s;\btls_eecdh_ultra_curve\b;<a href="postconf.5.html#tls_eecdh_ultra_curve">$&</a>;g;
-    s;\btls_preempt_cipherlist\b;<a href="postconf.5.html#tls_preempts_cipherlist">$&</a>;g;
+    s;\btls_preempt_cipherlist\b;<a href="postconf.5.html#tls_preempt_cipherlist">$&</a>;g;
     s;\btls_disable_workarounds\b;<a href="postconf.5.html#tls_disable_workarounds">$&</a>;g;
     s;\btls_append_default_CA\b;<a href="postconf.5.html#tls_append_default_CA">$&</a>;g;
  

postfix/proto/MULTI_INSTANCE_README.html

@@ -420,7 +420,7 @@ context (MAIL_CONFIG=/etc/postfix-out) of the output instance.  </p>
 <ul>
 
 <li> <p> Lines 1-2: With "authorized_submit_users = root", the
-superuser can test the postix-out instance with "postmulti -i
+superuser can test the postfix-out instance with "postmulti -i
 postfix-out -x sendmail -bv recipient...", but otherwise local
 submission remains disabled.  </p>
 

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110605"
+#define MAIL_RELEASE_DATE	"20110615"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT

postfix/src/smtpd/Makefile.in

@@ -38,7 +38,7 @@ update: ../../libexec/$(PROG)
 	cp $(PROG) ../../libexec
 
 SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o \
-	smtpd_resolve.o
+	smtpd_resolve.o smtpd_expand.o
 
 smtpd_token: smtpd_token.c $(LIBS)
 	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)

postfix/src/smtpd/smtpd_check.c

@@ -3192,6 +3192,7 @@ static const SMTPD_RBL_STATE *find_dnsxl_domain(SMTPD_STATE *state,
     const char *domain;
     const char *reply_addr;
     const char *byte_codes;
+    const char *suffix;
 
     /*
      * Extract the domain, tack on the RBL domain name and query the DNS for
@@ -3203,7 +3204,16 @@ static const SMTPD_RBL_STATE *find_dnsxl_domain(SMTPD_STATE *state,
 	    return (SMTPD_CHECK_DUNNO);
     } else
 	domain = what;
-    if (domain[0] == 0)
+
+    /*
+     * XXX Some Spamhaus RHSBL rejects lookups with "No IP queries" even if
+     * the name has an alphanumerical prefix. We play safe, and skip both
+     * RHSBL and RHSWL queries for names ending in a numerical suffix.
+     */
+    if (domain[0] == 0 || valid_hostname(domain, DONT_GRIPE) == 0)
+	return (SMTPD_CHECK_DUNNO);
+    suffix = strrchr(domain, '.');
+    if (alldig(suffix == 0 ? domain : suffix + 1))
 	return (SMTPD_CHECK_DUNNO);
 
     query = vstring_alloc(100);
@@ -3834,8 +3844,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 			 name);
 	    else {
 		cpp += 1;
-		if (state->helo_name
-		    && valid_hostname(state->helo_name, DONT_GRIPE))
+		if (state->helo_name)
 		    status = reject_rbl_domain(state, *cpp, state->helo_name,
 					       SMTPD_NAME_HELO);
 	    }
@@ -5239,6 +5248,7 @@ int     main(int argc, char **argv)
     string_init();
     int_init();
     smtpd_check_init();
+    smtpd_expand_init();
     smtpd_state_init(&state, VSTREAM_IN, "smtpd");
     state.queue_id = "<queue id>";
 

postfix/src/smtpd/smtpd_check.ref

@@ -82,7 +82,7 @@ OK
 >>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname
 OK
 >>> helo 123.123.123.123
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 OK
 >>> #
 >>> # Test the sender restrictions
@@ -317,73 +317,73 @@ OK
 >>> helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname
 OK
 >>> helo [1.2.3.4]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 OK
 >>> helo [321.255.255.255]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[321.255.255.255]>
 501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address
 >>> helo [0.255.255.255]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[0.255.255.255]>
 501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address
 >>> helo [1.2.3.321]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.321]>
 501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address
 >>> helo [1.2.3]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3]>
 501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address
 >>> helo [1.2.3.4.5]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5]>
 501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address
 >>> helo [1..2.3.4]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1..2.3.4]>
 501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address
 >>> helo [.1.2.3.4]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[.1.2.3.4]>
 501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address
 >>> helo [1.2.3.4.5.]
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5.]>
 501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address
 >>> helo 1.2.3.4
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 OK
 >>> helo 321.255.255.255
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<321.255.255.255>
 501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address
 >>> helo 0.255.255.255
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<0.255.255.255>
 501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address
 >>> helo 1.2.3.321
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.321>
 501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address
 >>> helo 1.2.3
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3>
 501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address
 >>> helo 1.2.3.4.5
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5>
 501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address
 >>> helo 1..2.3.4
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1..2.3.4>
 501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address
 >>> helo .1.2.3.4
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<.1.2.3.4>
 501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address
 >>> helo 1.2.3.4.5.
-./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead
+./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
 ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5.>
 501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address
 >>> #

postfix/src/smtpd/smtpd_dnswl.in

@@ -54,3 +54,7 @@ client example.tld 168.100.189.2
 rcpt rname@rdomain
 # Authorized destination - accept.
 rcpt wietse@porcupine.org
+# Numeric TLD - dunno.
+rcpt wietse@12345
+rcpt wietse@12345.porcupine.org
+rcpt wietse@porcupine.12345

postfix/src/smtpd/smtpd_dnswl.ref

@@ -83,3 +83,12 @@ OK
 >>> # Authorized destination - accept.
 >>> rcpt wietse@porcupine.org
 OK
+>>> # Numeric TLD - dunno.
+>>> rcpt wietse@12345
+./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar>
+554 5.7.1 <wietse@12345>: Relay access denied
+>>> rcpt wietse@12345.porcupine.org
+OK
+>>> rcpt wietse@porcupine.12345
+./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar>
+554 5.7.1 <wietse@porcupine.12345>: Relay access denied

postfix/src/smtpd/smtpd_exp.ref

@@ -49,8 +49,8 @@ OK
 >>> client foo 127.0.0.2
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
-554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
+554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org
 >>> client foo 127.0.0.1
 OK
 >>> rcpt rname@rdomain

postfix/src/util/sys_defs.h

@@ -708,7 +708,7 @@ extern int initgroups(const char *, int);
  /*
   * LINUX.
   */
-#ifdef LINUX2
+#if defined(LINUX2) || defined(LINUX3)
 #define SUPPORTED
 #include <sys/types.h>
 #define UINT32_TYPE	unsigned int