diff --git a/postfix/HISTORY b/postfix/HISTORY
index a7d0460eb..3ee2150d7 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10952,6 +10952,13 @@ Apologies for any names omitted.
 	Code cleanup: generalized the smtp-sink code that simulates
 	server errors. File: smtpstone/smtp-sink.c.
 
+20050629
+
+	Code cleanup: the smtp_mx_session_limit setting (per delivery
+	request session count limit) now ignores sessions that fail
+	to complete the TCP, SMTP, EHLO or TLS handshake (was: TCP
+	and SMTP).  File: smtp/smtp_proto.c.
+
 Open problems:
 
 	Look for systems with XPG basename() declared in <libgen.h>,
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index a1ac3b2e7..ffca91291 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -17,6 +17,13 @@ Incompatibility with Postfix 2.1 and earlier
 If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
 before proceeding.
 
+Incompatibility with snapshot 20050627
+======================================
+
+The Postfix SMTP client no longer applies the smtp_mx_session_limit
+to non-permanent errors during the TCP, SMTP, HELO or TLS handshake.
+Previous versions did that only with TCP and SMTP handshake errors.
+
 Incompatibility with snapshot 20050622
 ======================================
 
@@ -26,9 +33,7 @@ disabled by default. The new limit prevents Postfix from spending
 lots of time trying to connect to lots of bogus MX servers.
 
 The Postfix SMTP error handling of [45]XX server greetings was
-cleaned up. The server reply is now properly reported. As a side
-effect, the failed session now counts towards the limit on the total
-number of sessions per domain name (default: smtp_mx_session_limit=2).
+cleaned up. The server reply is now properly reported. 
 
 Incompatibility with snapshot 20050615
 ======================================
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 9e280791a..0194bfc38 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -6221,8 +6221,9 @@ This feature is available in Postfix 2.1 and later.
 
 <p> The maximal number of SMTP sessions per delivery request before
 giving up or delivering to a fall-back relay host, or zero (no
-limit). This restriction ignores IP addresses that fail to complete
-the SMTP initial handshake.  </p>
+limit). This restriction ignores sessions that fail to complete the
+SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix 2.3 and later).  </p>
 
 <p> This feature is available in Postfix 2.1 and later.  </p>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 9f144a0cf..be80a2de3 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -514,7 +514,7 @@ result is ignored).  Continue long lines by starting the next line
 with whitespace.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the authorized_verp_clients value, and in files
+[] in the authorized_verp_clients value, and in files
 specified with "/file/name".  IP version 6 addresses contain the
 ":" character, and would otherwise be confused with a "type:table"
 pattern.
@@ -1197,7 +1197,7 @@ is unavailable.
 In main.cf specify "relay_transport = relay",
 .IP \(bu
 In master.cf specify "-o fallback_relay =" (i.e., empty) at
-the end of the <tt>relay</tt> entry.
+the end of the relay entry.
 .IP \(bu
 In transport maps, specify "relay:\fInexthop...\fR"
 as the right-hand side for backup or primary MX domain entries.
@@ -1406,11 +1406,11 @@ The network interface addresses that this mail system receives
 mail on. Specify "all" to receive mail on all network
 interfaces (default), and "loopback-only" to receive mail
 on loopback network interfaces only (Postfix 2.2 and later).  The
-parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
+parameter also controls delivery of mail to user@[ip.address].
 .PP
 Note 1: you need to stop and start Postfix when this parameter changes.
 .PP
-Note 2: address information may be enclosed inside <tt>[]</tt>,
+Note 2: address information may be enclosed inside [],
 but this form is not recommended here.
 .PP
 When inet_interfaces specifies just one IPv4 and/or IPv6 address
@@ -2370,7 +2370,7 @@ first match.  Specify "!pattern" to exclude an address or network
 block from the list.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the mynetworks value, and in files specified with
+[] in the mynetworks value, and in files specified with
 "/file/name".  IP version 6 addresses contain the ":" character,
 and would otherwise be confused with a "type:table" pattern.
 .PP
@@ -3192,7 +3192,7 @@ automatically used as the smtp_bind_address.  This supports virtual
 IP hosting, but can be a problem on multi-homed firewalls. See the
 inet_interfaces documentation for more detail.
 .PP
-Note 2: address information may be enclosed inside <tt>[]</tt>,
+Note 2: address information may be enclosed inside [],
 but this form is not recommended here.
 .SH smtp_bind_address6 (default: empty)
 An optional numerical network address that the SMTP client should
@@ -3219,7 +3219,7 @@ automatically used as the smtp_bind_address6.  This supports virtual
 IP hosting, but can be a problem on multi-homed firewalls. See the
 inet_interfaces documentation for more detail.
 .PP
-Note 2: address information may be enclosed inside <tt>[]</tt>,
+Note 2: address information may be enclosed inside [],
 but this form is not recommended here.
 .SH smtp_connect_timeout (default: 30s)
 The SMTP client time limit for completing a TCP connection, or
@@ -3443,8 +3443,9 @@ This feature is available in Postfix 2.1 and later.
 .SH smtp_mx_session_limit (default: 2)
 The maximal number of SMTP sessions per delivery request before
 giving up or delivering to a fall-back relay host, or zero (no
-limit). This restriction ignores IP addresses that fail to complete
-the SMTP initial handshake.
+limit). This restriction ignores sessions that fail to complete the
+SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix 2.3 and later).
 .PP
 This feature is available in Postfix 2.1 and later.
 .SH smtp_never_send_ehlo (default: no)
@@ -3870,7 +3871,7 @@ result is ignored).  Continue long lines by starting the next line
 with whitespace.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in
+[] in the smtpd_authorized_verp_clients value, and in
 files specified with "/file/name".  IP version 6 addresses contain
 the ":" character, and would otherwise be confused with a "type:table"
 pattern.
@@ -3896,7 +3897,7 @@ result is ignored).  Continue long lines by starting the next line
 with whitespace.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in
+[] in the smtpd_authorized_xclient_hosts value, and in
 files specified with "/file/name".  IP version 6 addresses contain
 the ":" character, and would otherwise be confused with a "type:table"
 pattern.
@@ -3921,7 +3922,7 @@ result is ignored).  Continue long lines by starting the next line
 with whitespace.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in
+[] in the smtpd_authorized_xforward_hosts value, and in
 files specified with "/file/name".  IP version 6 addresses contain
 the ":" character, and would otherwise be confused with a "type:table"
 pattern.
@@ -3986,7 +3987,7 @@ list of network blocks, hostnames or .domain names (the initial
 dot causes the domain to match any name below it).
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and
+[] in the smtpd_client_event_limit_exceptions value, and
 in files specified with "/file/name".  IP version 6 addresses
 contain the ":" character, and would otherwise be confused with a
 "type:table" pattern.
@@ -4773,7 +4774,7 @@ matches a lookup string (the lookup result is ignored).  Continue
 long lines by starting the next line with whitespace.
 .PP
 Note: IP version 6 address information must be specified inside
-<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in
+[] in the smtpd_sasl_exceptions_networks value, and in
 files specified with "/file/name".  IP version 6 addresses contain
 the ":" character, and would otherwise be confused with a "type:table"
 pattern.
diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man
index acb182f35..4b83cb519 100755
--- a/postfix/mantools/postconf2man
+++ b/postfix/mantools/postconf2man
@@ -63,6 +63,8 @@ while(<>) {
     $block =~ s/<li>\s*/\n.IP \\(bu\n/g;
     $block =~ s/<dt>\s*/\n.IP "/g;
     $block =~ s/\s*<\/dt>/"/g;
+    $block =~ s/<tt>\s*//g;
+    $block =~ s/\s*<\/tt>//g;
     $block =~ s/<blockquote>/\n.na\n.nf\n.in +4\n/g;
     $block =~ s/<\/blockquote>/\n.in -4\n.fi\n.ad\n/g;
     $block =~ s/\n<br>/\n.br\n/g;
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 16bc0f1c2..5068d3fdd 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -3840,8 +3840,9 @@ This feature is available in Postfix 2.1 and later.
 
 <p> The maximal number of SMTP sessions per delivery request before
 giving up or delivering to a fall-back relay host, or zero (no
-limit). This restriction ignores IP addresses that fail to complete
-the SMTP initial handshake.  </p>
+limit). This restriction ignores sessions that fail to complete the
+SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix 2.3 and later).  </p>
 
 <p> This feature is available in Postfix 2.1 and later.  </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b9c6453ab..bd8e503cd 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20050627"
+#define MAIL_RELEASE_DATE	"20050629"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index da041c0be..1af797bf5 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -653,18 +653,22 @@ int     smtp_connect(SMTP_STATE *state)
 		|| (session = smtp_reuse_addr(state, addr, port)) == 0)
 		session = smtp_connect_addr(dest, addr, port, why, sess_flags);
 	    if ((state->session = session) != 0) {
-		if (++sess_count == var_smtp_mxsess_limit)
-		    next = 0;
-		state->final_server = (cpp[1] == 0 && next == 0);
 		if (addr->pref == domain_best_pref)
 		    session->features |= SMTP_FEATURE_BEST_MX;
+		/* Don't count handshake errors towards the session limit. */
+		state->final_server = (cpp[1] == 0 && next == 0);
 		if ((session->features & SMTP_FEATURE_FROM_CACHE) == 0
 		    && smtp_helo(state, misc_flags) != 0) {
 		    if (vstream_ferror(session->stream) == 0
 			&& vstream_feof(session->stream) == 0)
 			smtp_quit(state);
-		} else
+		} else {
+		    /* Do count delivery errors towards the session limit. */
+		    if (++sess_count == var_smtp_mxsess_limit)
+			next = 0;
+		    state->final_server = (cpp[1] == 0 && next == 0);
 		    smtp_xfer(state);
+		}
 		smtp_cleanup_session(state);
 	    } else {
 		msg_info("%s (port %d)", STR(why->reason), ntohs(port));
diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c
index 1a0f3165c..586cb4247 100644
--- a/postfix/src/util/dict_db.c
+++ b/postfix/src/util/dict_db.c
@@ -547,6 +547,15 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags,
 	      "compiled against %d.%d.%d, run-time linked against %d.%d.%d",
 		  DB_VERSION_MAJOR, DB_VERSION_MINOR, DB_VERSION_PATCH,
 		  major_version, minor_version, patch_version);
+    if (msg_verbose) {
+	msg_info("Compiled against Berkeley DB: %d.%d.%d\n",
+		 DB_VERSION_MAJOR, DB_VERSION_MINOR, DB_VERSION_PATCH);
+	msg_info("Run-time linked against Berkeley DB: %d.%d.%d\n",
+		 major_version, minor_version, patch_version);
+    }
+#else
+    if (msg_verbose)
+	msg_info("Compiled against Berkeley DB version 1");
 #endif
 
     db_path = concatenate(path, ".db", (char *) 0);
diff --git a/postfix/src/util/events.c b/postfix/src/util/events.c
index c502245b7..379e31c7f 100644
--- a/postfix/src/util/events.c
+++ b/postfix/src/util/events.c
@@ -17,7 +17,7 @@
 /*	int	delay;
 /*
 /*	int	event_cancel_timer(callback, context)
-/*	void	(*callback)(char *context);
+/*	void	(*callback)(int event, char *context);
 /*	char	*context;
 /*
 /*	void	event_enable_read(fd, callback, context)
@@ -63,7 +63,7 @@
 /*	The event argument is equal to EVENT_TIME.
 /*	Only one timer request can be active per (callback, context) pair.
 /*	Calling event_request_timer() with an existing (callback, context)
-/*	pair does not schedule a new event, but updates the moment of
+/*	pair does not schedule a new event, but updates the time of event
 /*	delivery. The result is the absolute time at which the timer is
 /*	scheduled to go off.
 /*