postfix-2.9-20110212

2025-08-22 09:57:34 +00:00 · 2011-02-12 00:00:00 -05:00 · 2011-02-12 00:00:00 -05:00 · 1b9ba18ece
commit 1b9ba18ece
parent 1ac00dbaf1
34 changed files with 1006 additions and 559 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -16576,3 +16576,18 @@ Apologies for any names omitted.

 	Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
 	>= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
+
+	Cleanup: read/write deadline support for single_server TLS
+	applications (i.e. smtpd(8), smtp(8)).  File: tls/tls_bio_ops.c.
+
+20110212
+
+	Infrastructure: run-time switch for read/write deadline
+	support. Files: util/vstream.[hc], global/smtp_stream.[hc],
+	tls/tls_bio_ops.c.
+
+	Cleanup: configurable read/write deadline support with
+	smtpd_per_record_deadline (normal: "no", overload: "yes")
+	and smtp_per_record_deadline (default: "no").  Files:
+	global/mail_params.h, smtpd/smtpd.c, smtp/smtp.c,
+	smtp/smtp_proto.c, proto/postconf.proto, mantools/postlink.
--- a/postfix/README_FILES/MILTER_README
+++ b/postfix/README_FILES/MILTER_README
@ -12,10 +12,11 @@ is queued.

 The reason for adding Milter support to Postfix is that there exists a large
 collection of applications, not only to block unwanted mail, but also to verify
-authenticity (examples: DomainKeys Identified Mail (DKIM), SenderID+SPF and
-DomainKeys) or to digitally sign mail (examples: DomainKeys Identified Mail
-(DKIM), DomainKeys). Having yet another Postfix-specific version of all that
-software is a poor use of human and system resources.
+authenticity (examples: OpenDKIM, DomainKeys Identified Mail (DKIM),
+SenderID+SPF and DomainKeys) or to digitally sign mail (examples: OpenDKIM,
+DomainKeys Identified Mail (DKIM), DomainKeys). Having yet another Postfix-
+specific version of all that software is a poor use of human and system
+resources.

 The Milter protocol has evolved over time, and different Postfix versions
 implement different feature sets. See the workarounds and limitations sections
@ -92,8 +93,15 @@ such a library, but Sendmail does.
    Sendmail libmilter library by default. With other systems, libmilter may be
    provided by a package (called "sendmail-devel" on some Linux systems).

-    Once libmilter is installed, applications such as dkim-milter and sid-
-    milter build out of the box without requiring any tinkering:
+    Once libmilter is installed, applications such as OpenDKIM, dkim-milter and
+    sid-milter build out of the box without requiring any tinkering:
+
+        $ ggzzccaatt ooppeennddkkiimm--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
+        $ ccdd ooppeennddkkiimm--xx..yy..zz
+        $ ..//ccoonnffiigguurree ......ooppttiioonnss......
+        $ mmaakkee
+        [...lots of output omitted...]
+        $ mmaakkee iinnssttaallll

        $ ggzzccaatt ddkkiimm--mmiilltteerr--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
        $ ccdd ddkkiimm--mmiilltteerr--xx..yy..zz
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@ -318,11 +318,12 @@ in SMTP engine anyway. This is to make postscreen(8) logging more informative.

 When a client sends multiple commands, postscreen(8) logs this as:

-    CCOOMMMMAANNDD PPIIPPEELLIINNIINNGG aafftteerr time ffrroomm [address]:port
+    CCOOMMMMAANNDD PPIIPPEELLIINNIINNGG ffrroomm [address]:port aafftteerr command: text

 Translation: the SMTP client at [address]:port sent multiple SMTP commands,
 instead of sending one command and then waiting for the server to reply. This
-happened time seconds after the "220 " server greeting was sent.
+happened after the client sent command. The text shows part of the input that
+was sent too early; it is not logged with Postfix 2.8.

 The postscreen_pipelining_action parameter specifies the action that is taken
 next. See "When tests fail after the 220 SMTP server greeting" below.
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -14,6 +14,30 @@ specifies the release date of a stable release or snapshot release.
 If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
 before proceeding.

+Major changes with snapshot 20110130
+====================================
+
+Support for per-record deadlines.  These change the behavior of
+Postfix timeout parameters, from a time limit per read or write
+system call, to a time limit to send or receive a complete record
+(an SMTP command line, SMTP response line, SMTP message content
+line, or TLS protocol message).  This limits the impact from hostile
+peers that trickle data one byte at a time.
+
+The new configuration parameters and their default settings are:
+smtpd_per_record_deadline (normal: no, overload: yes),
+smtp_per_record_deadline (no), and lmtp_per_record_deadline (no).
+
+Note: when per-record deadlines are enabled, a short timeout may
+cause problems with TLS over very slow network connections.  The
+reasons are that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be sent
+or received within the per-record deadline.
+
+Per-record deadlines were introduced with postscreen(8). This program
+does not receive mail, and therefore has no problems with TLS over
+slow connections.
+
 Incompatible changes with snapshot 20110130
 ===========================================

--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -9,6 +9,8 @@ Wish list:
 	Don't forget Apple's code donation for fetching mail from
 	IMAP server.

+	Update MILTER_README with pointer to OpenDKIM.
+
 	postconf command-line option to show the compile-time
 	settings (CCARGS, AUXLIBS) in case binary packages
 	don't install the makedefs.out file.
--- a/postfix/html/MILTER_README.html
+++ b/postfix/html/MILTER_README.html
@ -28,11 +28,13 @@ SMTP commands (HELO, MAIL FROM, etc.) as well as mail content
 <p> The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
 <a href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>)
 or to digitally sign mail (examples: <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>).
@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called
 "sendmail-devel" on some Linux systems).  </p>

 <p> Once libmilter is installed, applications such as <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a> and
 <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
 build out of the box without requiring any tinkering:</p>

+<blockquote>
+<pre>
+$ <b>gzcat opendkim-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd opendkim-<i>x.y.z</i></b>
+$ <b>./configure ...<i>options</i>...</b>
+$ <b>make</b>
+[...<i>lots of output omitted</i>...]
+$ <b>make install</b>
+</pre>
+</blockquote>
+
 <blockquote>
 <pre>
 $ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@ -432,13 +432,14 @@ logging more informative. </p>
 as: </p>

 <pre>
-    <b>COMMAND PIPELINING after</b> <i>time</i> <b>from</b> <i>[address]:port</i>
+    <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
 </pre>

-<p> Translation: the SMTP client at <i>[address]:port</i> sent multiple
-SMTP commands, instead of sending one command and then waiting for
-the server to reply. This happened <i>time</i> seconds after the
-"220 " server greeting was sent. </p>
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
+multiple SMTP commands, instead of sending one command and then
+waiting for the server to reply. This happened after the client
+sent <i>command</i>. The <i>text</i> shows part of the input that
+was sent too early; it is not logged with Postfix 2.8. </p>

 <p> The <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> parameter specifies the action
 that is taken next.  See "<a href="#fail_after_220">When tests fail
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@ -295,11 +295,21 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
              DNS Resolver options for the Postfix SMTP client.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+              Change the behavior of the smtp_*_timeout time lim-
+              its, from a time limit per  read  or  write  system
+              call,  to  a time limit to read or write a complete
+              record (an SMTP command line, SMTP  response  line,
+              SMTP  message  content  line,  or TLS protocol mes-
+              sage).
+
 <b>MIME PROCESSING CONTROLS</b>
       Available in Postfix version 2.0 and later:

       <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
-              Disable  the  conversion of 8BITMIME format to 7BIT
+              Disable the conversion of 8BITMIME format  to  7BIT
              format.

       <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@ -314,108 +324,108 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
-              Send the non-standard  XFORWARD  command  when  the
-              Postfix  SMTP  server EHLO response announces XFOR-
+              Send  the  non-standard  XFORWARD  command when the
+              Postfix SMTP server EHLO response  announces  XFOR-
              WARD support.

 <b>SASL AUTHENTICATION CONTROLS</b>
       <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
-              Enable SASL  authentication  in  the  Postfix  SMTP
+              Enable  SASL  authentication  in  the  Postfix SMTP
              client.

       <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
-              Optional  SMTP  client lookup tables with one user-
-              name:password entry per remote hostname or  domain,
+              Optional SMTP client lookup tables with  one  user-
+              name:password  entry per remote hostname or domain,
              or sender address when sender-dependent authentica-
              tion is enabled.

       <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
-              Postfix SMTP client SASL security  options;  as  of
-              Postfix  2.3 the list of available features depends
-              on the SASL client implementation that is  selected
+              Postfix  SMTP  client  SASL security options; as of
+              Postfix 2.3 the list of available features  depends
+              on  the SASL client implementation that is selected
              with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.

       Available in Postfix version 2.2 and later:

       <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
-              If  non-empty, a Postfix SMTP client filter for the
-              remote SMTP server's list of  offered  SASL  mecha-
+              If non-empty, a Postfix SMTP client filter for  the
+              remote  SMTP  server's  list of offered SASL mecha-
              nisms.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
              Enable sender-dependent authentication in the Post-
-              fix SMTP client; this is available only  with  SASL
-              authentication,   and   disables   SMTP  connection
-              caching to ensure that mail from different  senders
+              fix  SMTP  client; this is available only with SASL
+              authentication,  and   disables   SMTP   connection
+              caching  to ensure that mail from different senders
              will use the appropriate credentials.

       <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
-              Implementation-specific  information that the Post-
-              fix SMTP client passes through to the SASL  plug-in
-              implementation     that     is     selected    with
+              Implementation-specific information that the  Post-
+              fix  SMTP client passes through to the SASL plug-in
+              implementation    that     is     selected     with
              <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.

       <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
-              The SASL plug-in type that the Postfix SMTP  client
+              The  SASL plug-in type that the Postfix SMTP client
              should use for authentication.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
-              An  optional table to prevent repeated SASL authen-
-              tication failures with the same remote SMTP  server
+              An optional table to prevent repeated SASL  authen-
+              tication  failures with the same remote SMTP server
              hostname, username and password.

       <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
-              The  maximal  age  of  an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+              The maximal  age  of  an  <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
              entry before it is removed.

       <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
-              When a remote SMTP server rejects a SASL  authenti-
-              cation  request  with  a 535 reply code, defer mail
-              delivery instead of returning  mail  as  undeliver-
+              When  a remote SMTP server rejects a SASL authenti-
+              cation request with a 535 reply  code,  defer  mail
+              delivery  instead  of  returning mail as undeliver-
              able.

 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed  information  about STARTTLS configuration may be
+       Detailed information about STARTTLS configuration  may  be
       found in the <a href="TLS_README.html">TLS_README</a> document.

       <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
              The default SMTP TLS security level for the Postfix
-              SMTP  client;  when a non-empty value is specified,
-              this    overrides    the    obsolete     parameters
+              SMTP client; when a non-empty value  is  specified,
+              this     overrides    the    obsolete    parameters
              <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,         <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,         and
              <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.

       <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>           ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
       <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
              sessions.

       <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
-              Time limit for Postfix SMTP client write  and  read
-              operations  during  TLS  startup and shutdown hand-
+              Time  limit  for Postfix SMTP client write and read
+              operations during TLS startup  and  shutdown  hand-
              shake procedures.

       <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
-              A file  containing  CA  certificates  of  root  CAs
-              trusted  to sign either remote SMTP server certifi-
+              A  file  containing  CA  certificates  of  root CAs
+              trusted to sign either remote SMTP server  certifi-
              cates or intermediate CA certificates.

       <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
-              Directory with  PEM  format  certificate  authority
-              certificates  that  the Postfix SMTP client uses to
+              Directory  with  PEM  format  certificate authority
+              certificates that the Postfix SMTP client  uses  to
              verify a remote SMTP server certificate.

       <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
-              File with the Postfix SMTP client  RSA  certificate
+              File  with  the Postfix SMTP client RSA certificate
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
-              The  minimum TLS cipher grade that the Postfix SMTP
+              The minimum TLS cipher grade that the Postfix  SMTP
              client will use with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -424,43 +434,43 @@ SMTP(8)                                                                SMTP(8)
              levels.

       <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
-              Additional list  of  ciphers  or  cipher  types  to
-              exclude  from the SMTP client cipher list at manda-
+              Additional  list  of  ciphers  or  cipher  types to
+              exclude from the SMTP client cipher list at  manda-
              tory TLS security levels.

       <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
-              File with the Postfix SMTP client  DSA  certificate
+              File  with  the Postfix SMTP client DSA certificate
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
-              File  with  the Postfix SMTP client DSA private key
+              File with the Postfix SMTP client DSA  private  key
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
-              File with the Postfix SMTP client RSA  private  key
+              File  with  the Postfix SMTP client RSA private key
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
-              Enable  additional  Postfix  SMTP client logging of
+              Enable additional Postfix SMTP  client  logging  of
              TLS activity.

       <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
-              Log the hostname  of  a  remote  SMTP  server  that
-              offers  STARTTLS,  when  TLS is not already enabled
+              Log  the  hostname  of  a  remote  SMTP server that
+              offers STARTTLS, when TLS is  not  already  enabled
              for that server.

       <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
              TLS security policy by next-hop destination; when a
-              non-empty value is specified,  this  overrides  the
+              non-empty  value  is  specified, this overrides the
              obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.

       <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              List  of  SSL/TLS  protocols  that the Postfix SMTP
+              List of SSL/TLS protocols  that  the  Postfix  SMTP
              client will use with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
-              The verification depth for remote SMTP server  cer-
+              The  verification depth for remote SMTP server cer-
              tificates.

       <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -468,7 +478,7 @@ SMTP(8)                                                                SMTP(8)
              for the "secure" TLS security level.

       <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
              SMTP client TLS session cache.

       <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -480,9 +490,9 @@ SMTP(8)                                                                SMTP(8)
              for the "verify" TLS security level.

       <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              server in order to seed its internal pseudo  random
              number generator (PRNG).

       <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -494,7 +504,7 @@ SMTP(8)                                                                SMTP(8)
              ciphers.

       <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
-              The  OpenSSL  cipherlist  for "LOW" or higher grade
+              The OpenSSL cipherlist for "LOW"  or  higher  grade
              ciphers.

       <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -502,38 +512,38 @@ SMTP(8)                                                                SMTP(8)
              ciphers.

       <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
-              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
+              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
              that provide authentication without encryption.

       Available in Postfix version 2.4 and later:

       <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
       <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
              sessions with a verified server certificate.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
-              List of acceptable remote SMTP  server  certificate
-              fingerprints  for  the  "fingerprint"  TLS security
+              List  of  acceptable remote SMTP server certificate
+              fingerprints for  the  "fingerprint"  TLS  security
              level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).

       <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
-              The message  digest  algorithm  used  to  construct
+              The  message  digest  algorithm  used  to construct
              remote SMTP server certificate fingerprints.

       Available in Postfix version 2.6 and later:

       <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
-              List  of TLS protocols that the Postfix SMTP client
-              will exclude  or  include  with  opportunistic  TLS
+              List of TLS protocols that the Postfix SMTP  client
+              will  exclude  or  include  with  opportunistic TLS
              encryption.

       <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
-              The  minimum TLS cipher grade that the Postfix SMTP
-              client will use with opportunistic TLS  encryption.
+              The minimum TLS cipher grade that the Postfix  SMTP
+              client  will use with opportunistic TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
              File with the Postfix SMTP client ECDSA certificate
@ -546,40 +556,40 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.7 and later:

       <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
-              Try  to  detect  a mail hijacking attack based on a
-              TLS protocol vulnerability  (CVE-2009-3555),  where
-              an  attacker  prepends  malicious HELO, MAIL, RCPT,
+              Try to detect a mail hijacking attack  based  on  a
+              TLS  protocol  vulnerability (CVE-2009-3555), where
+              an attacker prepends malicious  HELO,  MAIL,  RCPT,
              DATA commands to a Postfix SMTP client TLS session.

       Available in Postfix version 2.8 and later:

       <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
-              List  or  bit-mask  of  OpenSSL bug work-arounds to
+              List or bit-mask of  OpenSSL  bug  work-arounds  to
              disable.

 <b>OBSOLETE STARTTLS CONTROLS</b>
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
       bility with Postfix versions before 2.3. Support for these
       will be removed in a future release.

       <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
-              Opportunistic mode: use  TLS  when  a  remote  SMTP
-              server  announces  STARTTLS support, otherwise send
+              Opportunistic  mode:  use  TLS  when  a remote SMTP
+              server announces STARTTLS support,  otherwise  send
              the mail in the clear.

       <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
-              Enforcement mode: require that remote SMTP  servers
-              use  TLS  encryption,  and  never  send mail in the
+              Enforcement  mode: require that remote SMTP servers
+              use TLS encryption, and  never  send  mail  in  the
              clear.

       <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
-              With mandatory TLS  encryption,  require  that  the
+              With  mandatory  TLS  encryption,  require that the
              remote SMTP server hostname matches the information
              in the remote SMTP server certificate.

       <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
-              TLS  usage  policy  by  next-hop destination and by
+              TLS usage policy by  next-hop  destination  and  by
              remote SMTP server hostname.

       <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -589,27 +599,27 @@ SMTP(8)                                                                SMTP(8)
 <b>RESOURCE AND RATE CONTROLS</b>
       <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a>      ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
-              The  maximal  number  of parallel deliveries to the
-              same destination  via  the  smtp  message  delivery
+              The maximal number of parallel  deliveries  to  the
+              same  destination  via  the  smtp  message delivery
              transport.

       <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>        ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
-              The  maximal  number  of recipients per message for
+              The maximal number of recipients  per  message  for
              the smtp message delivery transport.

       <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
-              The SMTP client time limit  for  completing  a  TCP
+              The  SMTP  client  time  limit for completing a TCP
              connection,  or  zero  (use  the  operating  system
              built-in time limit).

       <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
-              The SMTP client time limit for sending the HELO  or
-              EHLO  command, and for receiving the initial server
+              The  SMTP client time limit for sending the HELO or
+              EHLO command, and for receiving the initial  server
              response.

       <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
-              The LMTP client time limit  for  sending  the  LHLO
+              The  LMTP  client  time  limit for sending the LHLO
              command,  and  for  receiving  the  initial  server
              response.

@ -618,30 +628,30 @@ SMTP(8)                                                                SMTP(8)
              command, and for receiving the server response.

       <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the MAIL
-              FROM  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  MAIL
+              FROM   command,   and   for  receiving  the  server
              response.

       <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
-              RCPT TO  command,  and  for  receiving  the  server
+              The SMTP client time limit  for  sending  the  SMTP
+              RCPT  TO  command,  and  for  receiving  the server
              response.

       <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
-              DATA  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  SMTP
+              DATA   command,   and   for  receiving  the  server
              response.

       <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
              message content.

       <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
-              The SMTP client time limit  for  sending  the  SMTP
+              The  SMTP  client  time  limit for sending the SMTP
              ".", and for receiving the server response.

       <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the QUIT
+              The SMTP client time limit  for  sending  the  QUIT
              command, and for receiving the server response.

       Available in Postfix version 2.1 and later:
@ -652,12 +662,12 @@ SMTP(8)                                                                SMTP(8)
              lookups, or zero (no limit).

       <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
-              The maximal number of SMTP  sessions  per  delivery
-              request  before  giving up or delivering to a fall-
+              The  maximal  number  of SMTP sessions per delivery
+              request before giving up or delivering to  a  fall-
              back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).

       <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
-              The SMTP client time limit  for  sending  the  RSET
+              The  SMTP  client  time  limit for sending the RSET
              command, and for receiving the server response.

       Available in Postfix version 2.2 and earlier:
@ -669,11 +679,11 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.2 and later:

       <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
-              Permanently enable SMTP connection caching for  the
+              Permanently  enable SMTP connection caching for the
              specified destinations.

       <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
-              Temporarily  enable SMTP connection caching while a
+              Temporarily enable SMTP connection caching while  a
              destination has a high volume of mail in the active
              queue.

@ -683,15 +693,25 @@ SMTP(8)                                                                SMTP(8)

       <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
              When SMTP connection caching is enabled, the amount
-              of  time  that an unused SMTP client socket is kept
+              of time that an unused SMTP client socket  is  kept
              open before it is closed.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
-              Time limit for connection cache  connect,  send  or
+              Time  limit  for  connection cache connect, send or
              receive operations.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+              Change the behavior of the smtp_*_timeout time lim-
+              its,  from  a  time  limit per read or write system
+              call, to a time limit to read or write  a  complete
+              record  (an  SMTP command line, SMTP response line,
+              SMTP message content line,  or  TLS  protocol  mes-
+              sage).
+
 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
              The  increment  in  verbose  logging  level  when a
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -4034,6 +4034,17 @@ configuration parameter. See there for details. </p>
 <p> This feature is available in Postfix 2.5 and later. </p>


+</DD>
+
+<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
+
+
 </DD>

 <DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a>
@ -9545,6 +9556,29 @@ available.  </p>
 <a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter.  </p>


+</DD>
+
+<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.  </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.  </p>
+
+<p> This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". </p>
+
+
 </DD>

 <DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
@ -12697,6 +12731,29 @@ DNS lookup and increases the maximal inbound delivery rate. </p>
 <p> This feature is available in Postfix 2.3 and later.  </p>


+</DD>
+
+<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a>
+(default: normal: no, overload: yes)</b></DT><DD>
+
+<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time limit, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.  </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.  </p>
+
+<p> This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". </p>
+
+
 </DD>

 <DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a>
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@ -76,64 +76,65 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
       Support for AUTH may be added in the future.  In the  mean
       time, if you need to make these services available on port
       25, then do not enable  the  optional  "after  220  server
-       greeting" tests.
+       greeting" tests, and do not use DNSBLs that reject traffic
+       from dial-up and residential networks.

-       The  optional  "after  220  server greeting" tests involve
-       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When  these
+       The optional "after 220  server  greeting"  tests  involve
+       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s  built-in SMTP protocol engine. When these
       tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
-       rary whitelist but it cannot not hand off the "live"  con-
-       nection  to a Postfix SMTP server process in the middle of
-       a session.   Instead,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  defers  attempts  to
-       deliver  mail  with a 4XX status, and waits for the client
-       to disconnect.  The next time a good client  connects,  it
-       will  be  allowed to talk to a Postfix SMTP server process
-       to deliver mail. <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  mitigates  the  impact  of
-       this  limitation  by  giving  such tests a long expiration
+       rary  whitelist but it cannot not hand off the "live" con-
+       nection to a Postfix SMTP server process in the middle  of
+       a  session.   Instead,  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  defers  attempts to
+       deliver mail with a 4XX status, and waits for  the  client
+       to  disconnect.   The next time a good client connects, it
+       will be allowed to talk to a Postfix SMTP  server  process
+       to  deliver  mail.  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  mitigates the impact of
+       this limitation by giving such  tests  a  long  expiration
       time.

 <b>CONFIGURATION PARAMETERS</b>
-       Changes to <a href="postconf.5.html">main.cf</a> are not  picked  up  automatically,  as
-       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  processes  may  run for several hours.  Use
+       Changes  to  <a href="postconf.5.html">main.cf</a>  are  not picked up automatically, as
+       <a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for  several  hours.   Use
       the command "postfix reload" after a configuration change.

-       The  text  below  provides  only  a parameter summary. See
+       The text below provides  only  a  parameter  summary.  See
       <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.

       NOTE:  Some  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  parameters  implement  stress-
-       dependent  behavior.   This  is  supported  only  when the
-       default parameter value is stress-dependent (that  is,  it
-       looks  like  ${stress?X}${stress:Y}, or it is the $<i>name</i> of
+       dependent behavior.   This  is  supported  only  when  the
+       default  parameter  value is stress-dependent (that is, it
+       looks like ${stress?X}${stress:Y}, or it is the  $<i>name</i>  of
       an  smtpd  parameter  with  a  stress-dependent  default).
-       Other  parameters always evaluate as if the <b>stress</b> parame-
+       Other parameters always evaluate as if the <b>stress</b>  parame-
       ter value is the empty string.

 <b>COMPATIBILITY CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
-              A mechanism to transform commands from remote  SMTP
+              A  mechanism to transform commands from remote SMTP
              clients.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a>  ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
-              Lookup  tables,  indexed  by the remote SMTP client
-              address, with case insensitive lists of  EHLO  key-
-              words  (pipelining,  starttls, auth, etc.) that the
-              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will  not  send  in  the  EHLO
+              Lookup tables, indexed by the  remote  SMTP  client
+              address,  with  case insensitive lists of EHLO key-
+              words (pipelining, starttls, auth, etc.)  that  the
+              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server  will  not  send  in the EHLO
              response to a remote SMTP client.

       <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
       <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
-              A  case insensitive list of EHLO keywords (pipelin-
-              ing, starttls, auth, etc.) that  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
-              server  will  not  send  in  the EHLO response to a
+              A case insensitive list of EHLO keywords  (pipelin-
+              ing,  starttls,  auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              server will not send in  the  EHLO  response  to  a
              remote SMTP client.

 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
-              List  of   characters   that   are   permitted   in
+              List   of   characters   that   are   permitted  in
              <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.

       <b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
-              Optional  information  that is appended after a 4XX
+              Optional information that is appended after  a  4XX
              or 5XX server response.

       <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@ -141,9 +142,9 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
              be returned to the sender.

 <b>PERMANENT WHITE/BLACKLIST TEST</b>
-       This  test  is  executed  immediately  after a remote SMTP
-       client connects. If a client is  permanently  whitelisted,
-       the  client  will  be  handed off immediately to a Postfix
+       This test is executed  immediately  after  a  remote  SMTP
+       client  connects.  If a client is permanently whitelisted,
+       the client will be handed off  immediately  to  a  Postfix
       SMTP server process.

       <b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
@ -151,45 +152,45 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
              addresses.

       <b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
-              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
-              client  is   permanently   blacklisted   with   the
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
+              client   is   permanently   blacklisted   with  the
              <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.

 <b>BEFORE-GREETING TESTS</b>
-       These  tests  are  executed  before the remote SMTP client
+       These tests are executed before  the  remote  SMTP  client
       receives the "220 servername" greeting. If no tests remain
-       after  the successful completion of this phase, the client
-       will be handed off immediately to a  Postfix  SMTP  server
+       after the successful completion of this phase, the  client
+       will  be  handed  off immediately to a Postfix SMTP server
       process.

       <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
-              The  name  of  the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
+              The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service  entry  in  mas-
              ter.cf.

       <b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
-              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
+              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
              client's  combined  DNSBL  score  is  equal  to  or
-              greater than  a  threshold  (as  defined  with  the
+              greater  than  a  threshold  (as  defined  with the
              <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
              <a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).

       <b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
-              A mapping  from  actual  DNSBL  domain  name  which
-              includes  a  secret  password,  to the DNSBL domain
+              A  mapping  from  actual  DNSBL  domain  name which
+              includes a secret password,  to  the  DNSBL  domain
              name  that  postscreen  will  reply  with  when  it
              rejects mail.

       <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
-              Optional  list of DNS white/blacklist domains, fil-
+              Optional list of DNS white/blacklist domains,  fil-
              ters and weight factors.

       <b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
-              The inclusive lower  bound  for  blocking  an  SMTP
+              The  inclusive  lower  bound  for  blocking an SMTP
              client,  based  on  its  combined  DNSBL  score  as
-              defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>  parameter.
+              defined  with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.

       <b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
-              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
              client speaks before its turn within the time spec-
              ified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.

@ -197,39 +198,39 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
              The  <i>text</i>  in  the  optional  "220-<i>text</i>..."  server
              response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
              Postfix SMTP server's "220 text..." response, in an
-              attempt to confuse bad SMTP clients  so  that  they
+              attempt  to  confuse  bad SMTP clients so that they
              speak before their turn (pre-greet).

       <b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
-              an SMTP client to send a command before  its  turn,
-              and  for  DNS  blocklist  lookup  results to arrive
-              (default: up to 2 seconds under  stress,  up  to  6
+              an  SMTP  client to send a command before its turn,
+              and for DNS  blocklist  lookup  results  to  arrive
+              (default:  up  to  2  seconds under stress, up to 6
              seconds otherwise).

       <b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
-              The  internal  service  that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> forwards
+              The internal service  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  forwards
              allowed connections to.

 <b>AFTER-GREETING TESTS</b>
-       These tests are executed  after  the  remote  SMTP  client
+       These  tests  are  executed  after  the remote SMTP client
       receives the "220 servername" greeting. If a client passes
-       all tests  during  this  phase,  it  will  receive  a  4XX
-       response  to  RCPT  TO commands until the client hangs up.
+       all  tests  during  this  phase,  it  will  receive  a 4XX
+       response to RCPT TO commands until the  client  hangs  up.
       After this, the client will be allowed to talk directly to
       a Postfix SMTP server process.

       <b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
-              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
-              client sends a bare newline character, that  is,  a
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
+              client  sends  a bare newline character, that is, a
              newline not preceded by carriage return.

       <b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
-              Enable  "bare  newline"  SMTP protocol tests in the
+              Enable "bare newline" SMTP protocol  tests  in  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
-              Disable the SMTP VRFY command in the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              Disable  the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
              daemon.

       <b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
@ -237,157 +238,157 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
              siders in violation of the SMTP protocol.

       <b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
-              Require that a remote SMTP  client  sends  HELO  or
+              Require  that  a  remote  SMTP client sends HELO or
              EHLO before commencing a MAIL transaction.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
-              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
-              client sends non-SMTP commands  as  specified  with
+              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
+              client  sends  non-SMTP  commands as specified with
              the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
-              Enable    "non-SMTP    command"    tests   in   the
+              Enable   "non-SMTP   command"    tests    in    the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

       <b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
-              The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes  when  an  SMTP
-              client  sends  multiple commands instead of sending
-              one command and waiting for the server to  respond.
+              The  action  that  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+              client sends multiple commands instead  of  sending
+              one  command and waiting for the server to respond.

       <b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
-              Enable  "pipelining"  SMTP  protocol  tests  in the
+              Enable "pipelining"  SMTP  protocol  tests  in  the
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.

 <b>CACHE CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
-              The amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  cache
+              The  amount  of  time  between  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
              cleanup runs.

       <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>                   (btree:$data_direc-</b>
       <b>tory/postscreen_cache)</b>
-              Persistent  storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
+              Persistent storage  for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>  server
              decisions.

       <b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
-              expired  temporary  whitelist  entry  before  it is
+              expired temporary  whitelist  entry  before  it  is
              removed.

       <b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful "bare newline" SMTP proto-
              col test.

       <b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful DNS blocklist test.

       <b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
-              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
              result from a successful PREGREET test.

       <b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
-              result  from  a  successful "non_smtp_command" SMTP
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+              result from a  successful  "non_smtp_command"  SMTP
              protocol test.

       <b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
-              The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use  the
+              The  amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
              result from a successful "pipelining" SMTP protocol
              test.

 <b>RESOURCE CONTROLS</b>
       <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
-              Upon input, long lines are chopped up  into  pieces
-              of  at  most this length; upon delivery, long lines
+              Upon  input,  long lines are chopped up into pieces
+              of at most this length; upon delivery,  long  lines
              are reconstructed.

       <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
       <b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
-              How many simultaneous  connections  any  client  is
+              How  many  simultaneous  connections  any client is
              allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.

       <b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
-              The  limit on the total number of commands per SMTP
-              session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP  protocol
+              The limit on the total number of commands per  SMTP
+              session  for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
              engine.

       <b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
-              The  time limit to read an entire command line with
+              The time limit to read an entire command line  with
              <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.

       <b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
-              The number of clients that can be waiting for  ser-
+              The  number of clients that can be waiting for ser-
              vice from a real SMTP server process.

       <b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
-              The  number  of non-whitelisted clients that can be
-              waiting for a decision whether  they  will  receive
+              The number of non-whitelisted clients that  can  be
+              waiting  for  a  decision whether they will receive
              service from a real SMTP server process.

       <b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
-              How  much  time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
-              respond to an SMTP client command or to  perform  a
+              How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may  take  to
+              respond  to  an SMTP client command or to perform a
              cache operation before it is terminated by a built-
              in watchdog timer.

 <b>STARTTLS CONTROLS</b>
       <b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
-              The SMTP TLS security level for  the  <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
-              server;  when  a non-empty value is specified, this
+              The  SMTP  TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+              server; when a non-empty value is  specified,  this
              overrides       the       obsolete       parameters
              <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.

       <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
-              The  name  of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
+              The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry  in  mas-
              ter.cf.

 <b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
-       These parameters  are  supported  for  compatibility  with
+       These  parameters  are  supported  for  compatibility with
       <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.

       <b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
-              Opportunistic  TLS:  announce  STARTTLS  support to
-              SMTP clients, but do not require that  clients  use
+              Opportunistic TLS:  announce  STARTTLS  support  to
+              SMTP  clients,  but do not require that clients use
              TLS encryption.

       <b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
-              Mandatory  TLS:  announce  STARTTLS support to SMTP
-              clients, and require that clients use  TLS  encryp-
+              Mandatory TLS: announce STARTTLS  support  to  SMTP
+              clients,  and  require that clients use TLS encryp-
              tion.

 <b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
              <a href="master.5.html">master.cf</a> configuration files.

       <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
-              The maximal number  of  digits  after  the  decimal
+              The  maximal  number  of  digits  after the decimal
              point when logging sub-second delay values.

       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The  location  of  all  postfix administrative com-
+              The location of  all  postfix  administrative  com-
              mands.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits  for  an incoming connection
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits  for  an  incoming  connection
              before terminating voluntarily.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
              process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
              process.

       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.

       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              The mail system  name  that  is  prepended  to  the
-              process  name  in  syslog  records, so that "smtpd"
+              The  mail  system  name  that  is  prepended to the
+              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".

 <b>SEE ALSO</b>
@ -400,14 +401,14 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
       <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto

 <b>LICENSE</b>
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
       software.

 <b>HISTORY</b>
       This service was introduced with Postfix version 2.8.

-       Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier  work
-       by  Michael Tokarev, in OpenBSD spamd, and in MailChannels
+       Many  ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
+       by Michael Tokarev, in OpenBSD spamd, and in  MailChannels
       Traffic Control.

 <b>AUTHOR(S)</b>
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@ -295,11 +295,21 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
              DNS Resolver options for the Postfix SMTP client.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+              Change the behavior of the smtp_*_timeout time lim-
+              its, from a time limit per  read  or  write  system
+              call,  to  a time limit to read or write a complete
+              record (an SMTP command line, SMTP  response  line,
+              SMTP  message  content  line,  or TLS protocol mes-
+              sage).
+
 <b>MIME PROCESSING CONTROLS</b>
       Available in Postfix version 2.0 and later:

       <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
-              Disable  the  conversion of 8BITMIME format to 7BIT
+              Disable the conversion of 8BITMIME format  to  7BIT
              format.

       <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@ -314,108 +324,108 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
-              Send the non-standard  XFORWARD  command  when  the
-              Postfix  SMTP  server EHLO response announces XFOR-
+              Send  the  non-standard  XFORWARD  command when the
+              Postfix SMTP server EHLO response  announces  XFOR-
              WARD support.

 <b>SASL AUTHENTICATION CONTROLS</b>
       <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
-              Enable SASL  authentication  in  the  Postfix  SMTP
+              Enable  SASL  authentication  in  the  Postfix SMTP
              client.

       <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
-              Optional  SMTP  client lookup tables with one user-
-              name:password entry per remote hostname or  domain,
+              Optional SMTP client lookup tables with  one  user-
+              name:password  entry per remote hostname or domain,
              or sender address when sender-dependent authentica-
              tion is enabled.

       <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
-              Postfix SMTP client SASL security  options;  as  of
-              Postfix  2.3 the list of available features depends
-              on the SASL client implementation that is  selected
+              Postfix  SMTP  client  SASL security options; as of
+              Postfix 2.3 the list of available features  depends
+              on  the SASL client implementation that is selected
              with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.

       Available in Postfix version 2.2 and later:

       <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
-              If  non-empty, a Postfix SMTP client filter for the
-              remote SMTP server's list of  offered  SASL  mecha-
+              If non-empty, a Postfix SMTP client filter for  the
+              remote  SMTP  server's  list of offered SASL mecha-
              nisms.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
              Enable sender-dependent authentication in the Post-
-              fix SMTP client; this is available only  with  SASL
-              authentication,   and   disables   SMTP  connection
-              caching to ensure that mail from different  senders
+              fix  SMTP  client; this is available only with SASL
+              authentication,  and   disables   SMTP   connection
+              caching  to ensure that mail from different senders
              will use the appropriate credentials.

       <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
-              Implementation-specific  information that the Post-
-              fix SMTP client passes through to the SASL  plug-in
-              implementation     that     is     selected    with
+              Implementation-specific information that the  Post-
+              fix  SMTP client passes through to the SASL plug-in
+              implementation    that     is     selected     with
              <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.

       <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
-              The SASL plug-in type that the Postfix SMTP  client
+              The  SASL plug-in type that the Postfix SMTP client
              should use for authentication.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
-              An  optional table to prevent repeated SASL authen-
-              tication failures with the same remote SMTP  server
+              An optional table to prevent repeated SASL  authen-
+              tication  failures with the same remote SMTP server
              hostname, username and password.

       <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
-              The  maximal  age  of  an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+              The maximal  age  of  an  <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
              entry before it is removed.

       <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
-              When a remote SMTP server rejects a SASL  authenti-
-              cation  request  with  a 535 reply code, defer mail
-              delivery instead of returning  mail  as  undeliver-
+              When  a remote SMTP server rejects a SASL authenti-
+              cation request with a 535 reply  code,  defer  mail
+              delivery  instead  of  returning mail as undeliver-
              able.

 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed  information  about STARTTLS configuration may be
+       Detailed information about STARTTLS configuration  may  be
       found in the <a href="TLS_README.html">TLS_README</a> document.

       <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
              The default SMTP TLS security level for the Postfix
-              SMTP  client;  when a non-empty value is specified,
-              this    overrides    the    obsolete     parameters
+              SMTP client; when a non-empty value  is  specified,
+              this     overrides    the    obsolete    parameters
              <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,         <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,         and
              <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.

       <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>           ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
       <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
              sessions.

       <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
-              Time limit for Postfix SMTP client write  and  read
-              operations  during  TLS  startup and shutdown hand-
+              Time  limit  for Postfix SMTP client write and read
+              operations during TLS startup  and  shutdown  hand-
              shake procedures.

       <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
-              A file  containing  CA  certificates  of  root  CAs
-              trusted  to sign either remote SMTP server certifi-
+              A  file  containing  CA  certificates  of  root CAs
+              trusted to sign either remote SMTP server  certifi-
              cates or intermediate CA certificates.

       <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
-              Directory with  PEM  format  certificate  authority
-              certificates  that  the Postfix SMTP client uses to
+              Directory  with  PEM  format  certificate authority
+              certificates that the Postfix SMTP client  uses  to
              verify a remote SMTP server certificate.

       <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
-              File with the Postfix SMTP client  RSA  certificate
+              File  with  the Postfix SMTP client RSA certificate
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
-              The  minimum TLS cipher grade that the Postfix SMTP
+              The minimum TLS cipher grade that the Postfix  SMTP
              client will use with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -424,43 +434,43 @@ SMTP(8)                                                                SMTP(8)
              levels.

       <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
-              Additional list  of  ciphers  or  cipher  types  to
-              exclude  from the SMTP client cipher list at manda-
+              Additional  list  of  ciphers  or  cipher  types to
+              exclude from the SMTP client cipher list at  manda-
              tory TLS security levels.

       <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
-              File with the Postfix SMTP client  DSA  certificate
+              File  with  the Postfix SMTP client DSA certificate
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
-              File  with  the Postfix SMTP client DSA private key
+              File with the Postfix SMTP client DSA  private  key
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
-              File with the Postfix SMTP client RSA  private  key
+              File  with  the Postfix SMTP client RSA private key
              in PEM format.

       <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
-              Enable  additional  Postfix  SMTP client logging of
+              Enable additional Postfix SMTP  client  logging  of
              TLS activity.

       <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
-              Log the hostname  of  a  remote  SMTP  server  that
-              offers  STARTTLS,  when  TLS is not already enabled
+              Log  the  hostname  of  a  remote  SMTP server that
+              offers STARTTLS, when TLS is  not  already  enabled
              for that server.

       <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
              TLS security policy by next-hop destination; when a
-              non-empty value is specified,  this  overrides  the
+              non-empty  value  is  specified, this overrides the
              obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.

       <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              List  of  SSL/TLS  protocols  that the Postfix SMTP
+              List of SSL/TLS protocols  that  the  Postfix  SMTP
              client will use with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
-              The verification depth for remote SMTP server  cer-
+              The  verification depth for remote SMTP server cer-
              tificates.

       <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -468,7 +478,7 @@ SMTP(8)                                                                SMTP(8)
              for the "secure" TLS security level.

       <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
              SMTP client TLS session cache.

       <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -480,9 +490,9 @@ SMTP(8)                                                                SMTP(8)
              for the "verify" TLS security level.

       <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              server in order to seed its internal pseudo  random
              number generator (PRNG).

       <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -494,7 +504,7 @@ SMTP(8)                                                                SMTP(8)
              ciphers.

       <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
-              The  OpenSSL  cipherlist  for "LOW" or higher grade
+              The OpenSSL cipherlist for "LOW"  or  higher  grade
              ciphers.

       <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -502,38 +512,38 @@ SMTP(8)                                                                SMTP(8)
              ciphers.

       <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
-              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
+              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
              that provide authentication without encryption.

       Available in Postfix version 2.4 and later:

       <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
       <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
-              The SASL authentication security options  that  the
-              Postfix  SMTP  client  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP client uses  for  TLS  encrypted  SMTP
              sessions with a verified server certificate.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
-              List of acceptable remote SMTP  server  certificate
-              fingerprints  for  the  "fingerprint"  TLS security
+              List  of  acceptable remote SMTP server certificate
+              fingerprints for  the  "fingerprint"  TLS  security
              level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).

       <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
-              The message  digest  algorithm  used  to  construct
+              The  message  digest  algorithm  used  to construct
              remote SMTP server certificate fingerprints.

       Available in Postfix version 2.6 and later:

       <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
-              List  of TLS protocols that the Postfix SMTP client
-              will exclude  or  include  with  opportunistic  TLS
+              List of TLS protocols that the Postfix SMTP  client
+              will  exclude  or  include  with  opportunistic TLS
              encryption.

       <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
-              The  minimum TLS cipher grade that the Postfix SMTP
-              client will use with opportunistic TLS  encryption.
+              The minimum TLS cipher grade that the Postfix  SMTP
+              client  will use with opportunistic TLS encryption.

       <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
              File with the Postfix SMTP client ECDSA certificate
@ -546,40 +556,40 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.7 and later:

       <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
-              Try  to  detect  a mail hijacking attack based on a
-              TLS protocol vulnerability  (CVE-2009-3555),  where
-              an  attacker  prepends  malicious HELO, MAIL, RCPT,
+              Try to detect a mail hijacking attack  based  on  a
+              TLS  protocol  vulnerability (CVE-2009-3555), where
+              an attacker prepends malicious  HELO,  MAIL,  RCPT,
              DATA commands to a Postfix SMTP client TLS session.

       Available in Postfix version 2.8 and later:

       <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
-              List  or  bit-mask  of  OpenSSL bug work-arounds to
+              List or bit-mask of  OpenSSL  bug  work-arounds  to
              disable.

 <b>OBSOLETE STARTTLS CONTROLS</b>
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
       bility with Postfix versions before 2.3. Support for these
       will be removed in a future release.

       <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
-              Opportunistic mode: use  TLS  when  a  remote  SMTP
-              server  announces  STARTTLS support, otherwise send
+              Opportunistic  mode:  use  TLS  when  a remote SMTP
+              server announces STARTTLS support,  otherwise  send
              the mail in the clear.

       <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
-              Enforcement mode: require that remote SMTP  servers
-              use  TLS  encryption,  and  never  send mail in the
+              Enforcement  mode: require that remote SMTP servers
+              use TLS encryption, and  never  send  mail  in  the
              clear.

       <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
-              With mandatory TLS  encryption,  require  that  the
+              With  mandatory  TLS  encryption,  require that the
              remote SMTP server hostname matches the information
              in the remote SMTP server certificate.

       <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
              Optional lookup tables with the Postfix SMTP client
-              TLS  usage  policy  by  next-hop destination and by
+              TLS usage policy by  next-hop  destination  and  by
              remote SMTP server hostname.

       <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -589,27 +599,27 @@ SMTP(8)                                                                SMTP(8)
 <b>RESOURCE AND RATE CONTROLS</b>
       <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a>      ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
-              The  maximal  number  of parallel deliveries to the
-              same destination  via  the  smtp  message  delivery
+              The maximal number of parallel  deliveries  to  the
+              same  destination  via  the  smtp  message delivery
              transport.

       <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>        ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
-              The  maximal  number  of recipients per message for
+              The maximal number of recipients  per  message  for
              the smtp message delivery transport.

       <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
-              The SMTP client time limit  for  completing  a  TCP
+              The  SMTP  client  time  limit for completing a TCP
              connection,  or  zero  (use  the  operating  system
              built-in time limit).

       <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
-              The SMTP client time limit for sending the HELO  or
-              EHLO  command, and for receiving the initial server
+              The  SMTP client time limit for sending the HELO or
+              EHLO command, and for receiving the initial  server
              response.

       <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
-              The LMTP client time limit  for  sending  the  LHLO
+              The  LMTP  client  time  limit for sending the LHLO
              command,  and  for  receiving  the  initial  server
              response.

@ -618,30 +628,30 @@ SMTP(8)                                                                SMTP(8)
              command, and for receiving the server response.

       <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the MAIL
-              FROM  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  MAIL
+              FROM   command,   and   for  receiving  the  server
              response.

       <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
-              RCPT TO  command,  and  for  receiving  the  server
+              The SMTP client time limit  for  sending  the  SMTP
+              RCPT  TO  command,  and  for  receiving  the server
              response.

       <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
-              DATA  command,  and  for   receiving   the   server
+              The SMTP client time limit  for  sending  the  SMTP
+              DATA   command,   and   for  receiving  the  server
              response.

       <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
-              The  SMTP  client  time  limit for sending the SMTP
+              The SMTP client time limit  for  sending  the  SMTP
              message content.

       <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
-              The SMTP client time limit  for  sending  the  SMTP
+              The  SMTP  client  time  limit for sending the SMTP
              ".", and for receiving the server response.

       <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
-              The  SMTP  client  time  limit for sending the QUIT
+              The SMTP client time limit  for  sending  the  QUIT
              command, and for receiving the server response.

       Available in Postfix version 2.1 and later:
@ -652,12 +662,12 @@ SMTP(8)                                                                SMTP(8)
              lookups, or zero (no limit).

       <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
-              The maximal number of SMTP  sessions  per  delivery
-              request  before  giving up or delivering to a fall-
+              The  maximal  number  of SMTP sessions per delivery
+              request before giving up or delivering to  a  fall-
              back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).

       <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
-              The SMTP client time limit  for  sending  the  RSET
+              The  SMTP  client  time  limit for sending the RSET
              command, and for receiving the server response.

       Available in Postfix version 2.2 and earlier:
@ -669,11 +679,11 @@ SMTP(8)                                                                SMTP(8)
       Available in Postfix version 2.2 and later:

       <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
-              Permanently enable SMTP connection caching for  the
+              Permanently  enable SMTP connection caching for the
              specified destinations.

       <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
-              Temporarily  enable SMTP connection caching while a
+              Temporarily enable SMTP connection caching while  a
              destination has a high volume of mail in the active
              queue.

@ -683,15 +693,25 @@ SMTP(8)                                                                SMTP(8)

       <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
              When SMTP connection caching is enabled, the amount
-              of  time  that an unused SMTP client socket is kept
+              of time that an unused SMTP client socket  is  kept
              open before it is closed.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
-              Time limit for connection cache  connect,  send  or
+              Time  limit  for  connection cache connect, send or
              receive operations.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+              Change the behavior of the smtp_*_timeout time lim-
+              its,  from  a  time  limit per read or write system
+              call, to a time limit to read or write  a  complete
+              record  (an  SMTP command line, SMTP response line,
+              SMTP message content line,  or  TLS  protocol  mes-
+              sage).
+
 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
              The  increment  in  verbose  logging  level  when a
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -153,46 +153,56 @@ SMTPD(8)                                                              SMTPD(8)
              A mechanism to transform commands from remote  SMTP
              clients.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+              Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
+              limit, from a time limit per read or  write  system
+              call,  to  a time limit to read or write a complete
+              record (an SMTP command line, SMTP  response  line,
+              SMTP  message  content  line,  or TLS protocol mes-
+              sage).
+
 <b>ADDRESS REWRITING CONTROLS</b>
-       See  the  <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
+       See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for  a  detailed
       discussion of Postfix address rewriting.

       <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
-              Enable or disable  recipient  validation,  built-in
+              Enable  or  disable  recipient validation, built-in
              content filtering, or address mapping.

       Available in Postfix version 2.2 and later:

       <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
              Rewrite message header addresses in mail from these
-              clients and update incomplete  addresses  with  the
+              clients  and  update  incomplete addresses with the
              domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
-              rewrite message headers from other clients at  all,
-              or  rewrite  message  headers and update incomplete
-              addresses  with  the  domain   specified   in   the
+              rewrite  message headers from other clients at all,
+              or rewrite message headers  and  update  incomplete
+              addresses   with   the   domain  specified  in  the
              <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.

 <b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       As  of  version 1.0, Postfix can be configured to send new
-       mail to an external  content  filter  AFTER  the  mail  is
-       queued.  This  content  filter  is expected to inject mail
-       back into a (Postfix or other) MTA for  further  delivery.
+       As of version 1.0, Postfix can be configured to  send  new
+       mail  to  an  external  content  filter  AFTER the mail is
+       queued. This content filter is  expected  to  inject  mail
+       back  into  a (Postfix or other) MTA for further delivery.
       See the <a href="FILTER_README.html">FILTER_README</a> document for details.

       <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
-              After  the  message is queued, send the entire mes-
+              After the message is queued, send the  entire  mes-
              sage to the specified <i>transport:destination</i>.

 <b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       As of version 2.1, the Postfix SMTP server can be  config-
-       ured  to send incoming mail to a real-time SMTP-based con-
+       As  of version 2.1, the Postfix SMTP server can be config-
+       ured to send incoming mail to a real-time SMTP-based  con-
       tent filter BEFORE mail is queued.  This content filter is
-       expected  to  inject  mail  back  into  Postfix.   See the
-       <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to  config-
+       expected to  inject  mail  back  into  Postfix.   See  the
+       <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>  document for details on how to config-
       ure and operate this feature.

       <b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
-              The  hostname  and  TCP  port of the mail filtering
+              The hostname and TCP port  of  the  mail  filtering
              proxy server.

       <b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@ -200,8 +210,8 @@ SMTPD(8)                                                              SMTPD(8)
              proxy filter.

       <b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
-              List  of  options that control how the Postfix SMTP
-              server communicates  with  a  before-queue  content
+              List of options that control how the  Postfix  SMTP
+              server  communicates  with  a  before-queue content
              filter.

       <b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
@ -210,24 +220,24 @@ SMTPD(8)                                                              SMTPD(8)

 <b>BEFORE QUEUE MILTER CONTROLS</b>
       As of version 2.3, Postfix supports the Sendmail version 8
-       Milter  (mail  filter) protocol. These content filters run
-       outside Postfix. They can inspect the SMTP command  stream
-       and  the  message  content,  and can request modifications
-       before mail is queued. For details see  the  <a href="MILTER_README.html">MILTER_README</a>
+       Milter (mail filter) protocol. These content  filters  run
+       outside  Postfix. They can inspect the SMTP command stream
+       and the message content,  and  can  request  modifications
+       before  mail  is queued. For details see the <a href="MILTER_README.html">MILTER_README</a>
       document.

       <b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
              A list of Milter (mail filter) applications for new
-              mail that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  server.
+              mail  that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.

       <b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
-              The  mail filter protocol version and optional pro-
-              tocol extensions for communication  with  a  Milter
-              application;  prior to Postfix 2.6 the default pro-
+              The mail filter protocol version and optional  pro-
+              tocol  extensions  for  communication with a Milter
+              application; prior to Postfix 2.6 the default  pro-
              tocol is 2.

       <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
-              The default action  when  a  Milter  (mail  filter)
+              The  default  action  when  a  Milter (mail filter)
              application is unavailable or mis-configured.

       <b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@ -239,190 +249,190 @@ SMTPD(8)                                                              SMTPD(8)
              cations.

       <b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
-              The  time  limit  for  connecting to a Milter (mail
-              filter) application, and for  negotiating  protocol
+              The time limit for connecting  to  a  Milter  (mail
+              filter)  application,  and for negotiating protocol
              options.

       <b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
-              The  time  limit  for  sending an SMTP command to a
+              The time limit for sending an  SMTP  command  to  a
              Milter (mail filter) application, and for receiving
              the response.

       <b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
-              The  time  limit  for  sending message content to a
+              The time limit for sending  message  content  to  a
              Milter (mail filter) application, and for receiving
              the response.

       <b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
-              The  macros  that  are sent to Milter (mail filter)
-              applications after completion of  an  SMTP  connec-
+              The macros that are sent to  Milter  (mail  filter)
+              applications  after  completion  of an SMTP connec-
              tion.

       <b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
-              The  macros  that  are sent to Milter (mail filter)
+              The macros that are sent to  Milter  (mail  filter)
              applications after the SMTP HELO or EHLO command.

       <b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
-              The macros that are sent to  Milter  (mail  filter)
+              The  macros  that  are sent to Milter (mail filter)
              applications after the SMTP MAIL FROM command.

       <b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
-              The  macros  that  are sent to Milter (mail filter)
+              The macros that are sent to  Milter  (mail  filter)
              applications after the SMTP RCPT TO command.

       <b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
-              The macros that are sent to  version  4  or  higher
-              Milter  (mail  filter)  applications after the SMTP
+              The  macros  that  are  sent to version 4 or higher
+              Milter (mail filter) applications  after  the  SMTP
              DATA command.

       <b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
-              The macros that are sent to  version  3  or  higher
-              Milter  (mail filter) applications after an unknown
+              The  macros  that  are  sent to version 3 or higher
+              Milter (mail filter) applications after an  unknown
              SMTP command.

       <b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
-              The macros that are sent to  Milter  (mail  filter)
+              The  macros  that  are sent to Milter (mail filter)
              applications after the end of the message header.

       <b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
-              The  macros  that  are sent to Milter (mail filter)
+              The macros that are sent to  Milter  (mail  filter)
              applications after the message end-of-data.

 <b>GENERAL CONTENT INSPECTION CONTROLS</b>
-       The following parameters are applicable for both  built-in
+       The  following parameters are applicable for both built-in
       and external content filters.

       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
-              Enable  or  disable  recipient validation, built-in
+              Enable or disable  recipient  validation,  built-in
              content filtering, or address mapping.

 <b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       The following parameters are applicable for  both  before-
+       The  following  parameters are applicable for both before-
       queue and after-queue content filtering.

       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
-              What  SMTP  clients are allowed to use the XFORWARD
+              What SMTP clients are allowed to use  the  XFORWARD
              feature.

 <b>SASL AUTHENTICATION CONTROLS</b>
-       Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used  to  authenti-
-       cate  remote  SMTP clients to the Postfix SMTP server, and
-       to authenticate the Postfix SMTP client to a  remote  SMTP
+       Postfix  SASL  support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti-
+       cate remote SMTP clients to the Postfix SMTP  server,  and
+       to  authenticate  the Postfix SMTP client to a remote SMTP
       server.  See the <a href="SASL_README.html">SASL_README</a> document for details.

       <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
-              Enable  inter-operability  with  SMTP  clients that
-              implement an obsolete version of the  AUTH  command
+              Enable inter-operability  with  SMTP  clients  that
+              implement  an  obsolete version of the AUTH command
              (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).

       <b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
-              Enable  SASL  authentication  in  the  Postfix SMTP
+              Enable SASL  authentication  in  the  Postfix  SMTP
              server.

       <b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
-              The name of the Postfix SMTP  server's  local  SASL
+              The  name  of  the Postfix SMTP server's local SASL
              authentication realm.

       <b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
-              Postfix  SMTP  server  SASL security options; as of
-              Postfix 2.3 the list of available features  depends
-              on  the SASL server implementation that is selected
+              Postfix SMTP server SASL security  options;  as  of
+              Postfix  2.3 the list of available features depends
+              on the SASL server implementation that is  selected
              with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.

       <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
-              Optional lookup table with  the  SASL  login  names
+              Optional  lookup  table  with  the SASL login names
              that own sender (MAIL FROM) addresses.

       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
-              What  remote  SMTP  clients the Postfix SMTP server
+              What remote SMTP clients the  Postfix  SMTP  server
              will not offer AUTH support to.

       Available in Postfix version 2.1 and 2.2:

       <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
-              The application name that the Postfix  SMTP  server
+              The  application  name that the Postfix SMTP server
              uses for SASL server initialization.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
-              Report  the  SASL  authenticated  user  name in the
+              Report the SASL  authenticated  user  name  in  the
              <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.

       <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
-              Implementation-specific information that the  Post-
-              fix  SMTP server passes through to the SASL plug-in
-              implementation    that     is     selected     with
+              Implementation-specific  information that the Post-
+              fix SMTP server passes through to the SASL  plug-in
+              implementation     that     is     selected    with
              <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.

       <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
-              The  SASL plug-in type that the Postfix SMTP server
+              The SASL plug-in type that the Postfix SMTP  server
              should use for authentication.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
-              Search path for Cyrus SASL  application  configura-
-              tion  files,  currently  used  only  to  locate the
+              Search  path  for Cyrus SASL application configura-
+              tion files,  currently  used  only  to  locate  the
              $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.

 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed information about STARTTLS configuration  may  be
+       Detailed  information  about STARTTLS configuration may be
       found in the <a href="TLS_README.html">TLS_README</a> document.

       <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
-              The  SMTP  TLS  security level for the Postfix SMTP
-              server; when a non-empty value is  specified,  this
+              The SMTP TLS security level for  the  Postfix  SMTP
+              server;  when  a non-empty value is specified, this
              overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
              <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.

       <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a>         ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
       <b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
-              The SASL authentication security options  that  the
-              Postfix  SMTP  server  uses  for TLS encrypted SMTP
+              The  SASL  authentication security options that the
+              Postfix SMTP server uses  for  TLS  encrypted  SMTP
              sessions.

       <b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b>
-              The time limit for Postfix SMTP  server  write  and
-              read  operations  during  TLS  startup and shutdown
+              The  time  limit  for Postfix SMTP server write and
+              read operations during  TLS  startup  and  shutdown
              handshake procedures.

       <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
-              A file containing (PEM format) CA  certificates  of
-              root  CAs trusted to sign either remote SMTP client
+              A  file  containing (PEM format) CA certificates of
+              root CAs trusted to sign either remote SMTP  client
              certificates or intermediate CA certificates.

       <b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
              A directory containing (PEM format) CA certificates
-              of  root  CAs  trusted  to  sign either remote SMTP
-              client certificates  or  intermediate  CA  certifi-
+              of root CAs trusted  to  sign  either  remote  SMTP
+              client  certificates  or  intermediate  CA certifi-
              cates.

       <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
-              Force  the  Postfix SMTP server to issue a TLS ses-
-              sion id, even when TLS session  caching  is  turned
+              Force the Postfix SMTP server to issue a  TLS  ses-
+              sion  id,  even  when TLS session caching is turned
              off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).

       <b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
-              Ask  a remote SMTP client for a client certificate.
+              Ask a remote SMTP client for a client  certificate.

       <b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
              When TLS encryption is optional in the Postfix SMTP
-              server,  do not announce or accept SASL authentica-
+              server, do not announce or accept SASL  authentica-
              tion over unencrypted connections.

       <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
-              The verification depth for remote SMTP client  cer-
+              The  verification depth for remote SMTP client cer-
              tificates.

       <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
-              File  with  the Postfix SMTP server RSA certificate
+              File with the Postfix SMTP server  RSA  certificate
              in PEM format.

       <b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
@ -430,56 +440,56 @@ SMTPD(8)                                                              SMTPD(8)
              SMTP server cipher list at all TLS security levels.

       <b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
-              File with the Postfix SMTP server  DSA  certificate
+              File  with  the Postfix SMTP server DSA certificate
              in PEM format.

       <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
-              File  with  DH  parameters  that  the  Postfix SMTP
-              server should use with EDH ciphers.
-
-       <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
              File with  DH  parameters  that  the  Postfix  SMTP
              server should use with EDH ciphers.

+       <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
+              File  with  DH  parameters  that  the  Postfix SMTP
+              server should use with EDH ciphers.
+
       <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
-              File  with  the Postfix SMTP server DSA private key
+              File with the Postfix SMTP server DSA  private  key
              in PEM format.

       <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
-              File with the Postfix SMTP server RSA  private  key
+              File  with  the Postfix SMTP server RSA private key
              in PEM format.

       <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
-              Enable  additional  Postfix  SMTP server logging of
+              Enable additional Postfix SMTP  server  logging  of
              TLS activity.

       <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
-              The minimum TLS cipher grade that the Postfix  SMTP
+              The  minimum TLS cipher grade that the Postfix SMTP
              server will use with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
-              Additional  list  of  ciphers  or  cipher  types to
-              exclude from the SMTP server cipher list at  manda-
+              Additional list  of  ciphers  or  cipher  types  to
+              exclude  from the SMTP server cipher list at manda-
              tory TLS security levels.

       <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
-              The  SSL/TLS protocols accepted by the Postfix SMTP
+              The SSL/TLS protocols accepted by the Postfix  SMTP
              server with mandatory TLS encryption.

       <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
              Request  that  the  Postfix  SMTP  server  produces
              Received:  message headers that include information
-              about the protocol and cipher used, as well as  the
-              client  CommonName  and  client  certificate issuer
+              about  the protocol and cipher used, as well as the
+              client CommonName  and  client  certificate  issuer
              CommonName.

       <b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
-              With mandatory TLS encryption,  require  a  trusted
-              remote  SMTP  client  certificate in order to allow
+              With  mandatory  TLS  encryption, require a trusted
+              remote SMTP client certificate in  order  to  allow
              TLS connections to proceed.

       <b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
-              Name of the file containing  the  optional  Postfix
+              Name  of  the  file containing the optional Postfix
              SMTP server TLS session cache.

       <b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
@ -487,14 +497,14 @@ SMTPD(8)                                                              SMTPD(8)
              sion cache information.

       <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
-              Run the Postfix SMTP  server  in  the  non-standard
-              "wrapper"  mode, instead of using the STARTTLS com-
+              Run  the  Postfix  SMTP  server in the non-standard
+              "wrapper" mode, instead of using the STARTTLS  com-
              mand.

       <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server in order to seed its internal pseudo  random
+              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              server  in order to seed its internal pseudo random
              number generator (PRNG).

       <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -506,7 +516,7 @@ SMTPD(8)                                                              SMTPD(8)
              ciphers.

       <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
-              The OpenSSL cipherlist for "LOW"  or  higher  grade
+              The  OpenSSL  cipherlist  for "LOW" or higher grade
              ciphers.

       <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -514,26 +524,26 @@ SMTPD(8)                                                              SMTPD(8)
              ciphers.

       <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
-              The OpenSSL cipherlist  for  "NULL"  grade  ciphers
+              The  OpenSSL  cipherlist  for  "NULL" grade ciphers
              that provide authentication without encryption.

       Available in Postfix version 2.5 and later:

       <b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b>
-              The  message  digest  algorithm  used  to construct
+              The message  digest  algorithm  used  to  construct
              client-certificate         fingerprints         for
              <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.

       Available in Postfix version 2.6 and later:

       <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
-              List  of TLS protocols that the Postfix SMTP server
-              will exclude  or  include  with  opportunistic  TLS
+              List of TLS protocols that the Postfix SMTP  server
+              will  exclude  or  include  with  opportunistic TLS
              encryption.

       <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
-              The  minimum TLS cipher grade that the Postfix SMTP
-              server will use with opportunistic TLS  encryption.
+              The minimum TLS cipher grade that the Postfix  SMTP
+              server  will use with opportunistic TLS encryption.

       <b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
              File with the Postfix SMTP server ECDSA certificate
@ -544,7 +554,7 @@ SMTPD(8)                                                              SMTPD(8)
              in PEM format.

       <b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
-              The   Postfix   SMTP   server  security  grade  for
+              The  Postfix  SMTP  server   security   grade   for
              ephemeral elliptic-curve Diffie-Hellman (EECDH) key
              exchange.

@ -564,22 +574,22 @@ SMTPD(8)                                                              SMTPD(8)
              ence order.

       <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
-              List  or  bit-mask  of  OpenSSL bug work-arounds to
+              List or bit-mask of  OpenSSL  bug  work-arounds  to
              disable.

 <b>OBSOLETE STARTTLS CONTROLS</b>
-       The following configuration parameters exist for  compati-
+       The  following configuration parameters exist for compati-
       bility with Postfix versions before 2.3. Support for these
       will be removed in a future release.

       <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
-              Opportunistic TLS:  announce  STARTTLS  support  to
-              SMTP  clients,  but do not require that clients use
+              Opportunistic  TLS:  announce  STARTTLS  support to
+              SMTP clients, but do not require that  clients  use
              TLS encryption.

       <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
-              Mandatory TLS: announce STARTTLS  support  to  SMTP
-              clients,  and  require that clients use TLS encryp-
+              Mandatory  TLS:  announce  STARTTLS support to SMTP
+              clients, and require that clients use  TLS  encryp-
              tion.

       <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
@ -587,68 +597,68 @@ SMTPD(8)                                                              SMTPD(8)
              server TLS cipher list.

 <b>VERP SUPPORT CONTROLS</b>
-       With  VERP  style  delivery,  each  recipient of a message
+       With VERP style delivery,  each  recipient  of  a  message
       receives a customized copy of the message with his/her own
-       recipient  address encoded in the envelope sender address.
+       recipient address encoded in the envelope sender  address.
       The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details  of  Postfix  support for variable envelope return
+       details of Postfix support for  variable  envelope  return
       path addresses.  VERP style delivery is requested with the
-       SMTP  XVERP command or with the "sendmail -V" command-line
-       option and is available in Postfix version 1.1 and  later.
+       SMTP XVERP command or with the "sendmail -V"  command-line
+       option  and is available in Postfix version 1.1 and later.

       <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
              The two default VERP delimiter characters.

       <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The  characters  Postfix  accepts as VERP delimiter
-              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
+              The characters Postfix accepts  as  VERP  delimiter
+              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
              and in SMTP commands.

       Available in Postfix version 1.1 and 2.0:

       <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              What  SMTP clients are allowed to specify the XVERP
+              What SMTP clients are allowed to specify the  XVERP
              command.

       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
-              What SMTP clients are allowed to specify the  XVERP
+              What  SMTP clients are allowed to specify the XVERP
              command.

 <b>TROUBLE SHOOTING CONTROLS</b>
-       The  <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
-       the Postfix mail system. The methods vary from making  the
-       software  log a lot of detail, to running some daemon pro-
+       The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts  of
+       the  Postfix mail system. The methods vary from making the
+       software log a lot of detail, to running some daemon  pro-
       cesses under control of a call tracer or debugger.

       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment  in  verbose  logging  level  when  a
-              remote  client  or  server matches a pattern in the
+              The  increment  in  verbose  logging  level  when a
+              remote client or server matches a  pattern  in  the
              <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.

       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of remote client or  server  hostname
-              or  network address patterns that cause the verbose
-              logging level to increase by the  amount  specified
+              Optional  list  of remote client or server hostname
+              or network address patterns that cause the  verbose
+              logging  level  to increase by the amount specified
              in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.

       <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
-              The  recipient  of  postmaster  notifications about
-              mail delivery problems that are caused  by  policy,
+              The recipient  of  postmaster  notifications  about
+              mail  delivery  problems that are caused by policy,
              resource, software or protocol errors.

       <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
-              What  categories of Postfix-generated mail are sub-
-              ject  to   before-queue   content   inspection   by
+              What categories of Postfix-generated mail are  sub-
+              ject   to   before-queue   content   inspection  by
              <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.

       <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
-              The  list of error classes that are reported to the
+              The list of error classes that are reported to  the
              postmaster.

       <b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
-              Optional information that is  appended  after  each
+              Optional  information  that  is appended after each
              SMTP server 4XX or 5XX response.

       <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@ -658,22 +668,22 @@ SMTPD(8)                                                              SMTPD(8)
       Available in Postfix version 2.1 and later:

       <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
-              What SMTP clients are allowed to  use  the  XCLIENT
+              What  SMTP  clients  are allowed to use the XCLIENT
              feature.

 <b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
-       As  of  Postfix  version 2.0, the SMTP server rejects mail
-       for unknown recipients. This prevents the mail queue  from
-       clogging  up  with  undeliverable  MAILER-DAEMON messages.
-       Additional  information  on   this   topic   is   in   the
+       As of Postfix version 2.0, the SMTP  server  rejects  mail
+       for  unknown recipients. This prevents the mail queue from
+       clogging up  with  undeliverable  MAILER-DAEMON  messages.
+       Additional   information   on   this   topic   is  in  the
       <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.

       <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
-              Display the name of  the  recipient  table  in  the
+              Display  the  name  of  the  recipient table in the
              "User unknown" responses.

       <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
-              Optional  address mapping lookup tables for message
+              Optional address mapping lookup tables for  message
              headers and envelopes.

       <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
@ -684,7 +694,7 @@ SMTPD(8)                                                              SMTPD(8)

       <b><a href="postconf.5.html#mydestination">mydestination</a>  ($<a href="postconf.5.html#myhostname">myhostname</a>,  localhost.$<a href="postconf.5.html#mydomain">mydomain</a>,  local-</b>
       <b>host)</b>
-              The  list  of  domains  that  are delivered via the
+              The list of domains  that  are  delivered  via  the
              $<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.

       <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -693,146 +703,146 @@ SMTPD(8)                                                              SMTPD(8)

       <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
              The network interface addresses that this mail sys-
-              tem receives mail on by way of a proxy  or  network
+              tem  receives  mail on by way of a proxy or network
              address translation unit.

       <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
-              The  Internet protocols Postfix will attempt to use
+              The Internet protocols Postfix will attempt to  use
              when making or accepting connections.

       <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>             (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
       <b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
-              Lookup tables with all names or addresses of  local
-              recipients:  a  recipient address is local when its
-              domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>  or
+              Lookup  tables with all names or addresses of local
+              recipients: a recipient address is local  when  its
+              domain  matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
              $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.

       <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when   a   recipient   address   is   local,    and
-              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>  specifies  a  list of lookup
+              The numerical Postfix  SMTP  server  response  code
+              when    a   recipient   address   is   local,   and
+              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a  list  of  lookup
              tables that does not match the recipient.

-       Parameters concerning known/unknown  recipients  of  relay
+       Parameters  concerning  known/unknown  recipients of relay
       destinations:

       <b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
-              What  destination  domains (and subdomains thereof)
+              What destination domains (and  subdomains  thereof)
              this system will relay mail to.

       <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
-              Optional lookup tables with all valid addresses  in
+              Optional  lookup tables with all valid addresses in
              the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.

       <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
              The numerical Postfix SMTP server reply code when a
-              recipient  address  matches   $<a href="postconf.5.html#relay_domains">relay_domains</a>,   and
-              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>  specifies  a  list  of lookup
+              recipient   address   matches  $<a href="postconf.5.html#relay_domains">relay_domains</a>,  and
+              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies  a  list  of  lookup
              tables that does not match the recipient address.

-       Parameters concerning known/unknown recipients in  virtual
+       Parameters  concerning known/unknown recipients in virtual
       alias domains:

       <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
              Postfix is final destination for the specified list
-              of virtual alias  domains,  that  is,  domains  for
-              which  all  addresses  are  aliased to addresses in
+              of  virtual  alias  domains,  that  is, domains for
+              which all addresses are  aliased  to  addresses  in
              other local or remote domains.

       <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
-              Optional lookup tables  that  alias  specific  mail
-              addresses  or  domains  to  other  local  or remote
+              Optional  lookup  tables  that  alias specific mail
+              addresses or  domains  to  other  local  or  remote
              address.

       <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
              The SMTP server reply code when a recipient address
-              matches     $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and    $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
-              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of  lookup  tables
+              matches    $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and     $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
+              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a>  specifies  a list of lookup tables
              that does not match the recipient address.

-       Parameters  concerning known/unknown recipients in virtual
+       Parameters concerning known/unknown recipients in  virtual
       mailbox domains:

       <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
              Postfix is final destination for the specified list
-              of   domains;  mail  is  delivered  via  the  $<a href="postconf.5.html#virtual_transport">vir</a>-
+              of  domains;  mail  is  delivered  via  the   $<a href="postconf.5.html#virtual_transport">vir</a>-
              <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.

       <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
-              Optional lookup tables with all valid addresses  in
+              Optional  lookup tables with all valid addresses in
              the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.

       <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
              The SMTP server reply code when a recipient address
-              matches   $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and    $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
+              matches    $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and   $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
              <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
              that does not match the recipient address.

 <b>RESOURCE AND RATE CONTROLS</b>
-       The following parameters limit resource usage by the  SMTP
+       The  following parameters limit resource usage by the SMTP
       server and/or control client request rates.

       <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
-              Upon  input,  long lines are chopped up into pieces
-              of at most this length; upon delivery,  long  lines
+              Upon input, long lines are chopped up  into  pieces
+              of  at  most this length; upon delivery, long lines
              are reconstructed.

       <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
-              The  minimal  amount  of free space in bytes in the
+              The minimal amount of free space in  bytes  in  the
              queue file system that is needed to receive mail.

       <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
-              The maximal size in bytes of a  message,  including
+              The  maximal  size in bytes of a message, including
              envelope information.

       <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
-              The  maximal  number of recipients that the Postfix
+              The maximal number of recipients that  the  Postfix
              SMTP server accepts per message delivery request.

       <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
-              The time limit for sending a  Postfix  SMTP  server
-              response  and  for  receiving  a remote SMTP client
+              The  time  limit  for sending a Postfix SMTP server
+              response and for receiving  a  remote  SMTP  client
              request.

       <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
-              The maximal number of lines  in  the  Postfix  SMTP
-              server  command  history  before it is flushed upon
+              The  maximal  number  of  lines in the Postfix SMTP
+              server command history before it  is  flushed  upon
              receipt of EHLO, RSET, or end of DATA.

       Available in Postfix version 2.3 and later:

       <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
              Attempt to look up the remote SMTP client hostname,
-              and  verify  that  the  name  matches the client IP
+              and verify that the  name  matches  the  client  IP
              address.

       The per SMTP client connection count and request rate lim-
       its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
-       vice, and are available in Postfix version 2.2 and  later.
+       vice,  and are available in Postfix version 2.2 and later.

       <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
-              How  many  simultaneous  connections  any client is
+              How many simultaneous  connections  any  client  is
              allowed to make to this service.

       <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
              The  maximal  number  of  connection  attempts  any
-              client  is allowed to make to this service per time
+              client is allowed to make to this service per  time
              unit.

       <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
-              The maximal number  of  message  delivery  requests
-              that  any client is allowed to make to this service
+              The  maximal  number  of  message delivery requests
+              that any client is allowed to make to this  service
              per time unit, regardless of whether or not Postfix
              actually accepts those messages.

       <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
-              The  maximal number of recipient addresses that any
-              client is allowed to send to this service per  time
+              The maximal number of recipient addresses that  any
+              client  is allowed to send to this service per time
              unit, regardless of whether or not Postfix actually
              accepts those recipients.

       <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              Clients      that      are      excluded       from
+              Clients       that      are      excluded      from
              smtpd_client_*_count/rate_limit restrictions.

       Available in Postfix version 2.3 and later:
@ -842,6 +852,16 @@ SMTPD(8)                                                              SMTPD(8)
              sions that a remote SMTP client is allowed to nego-
              tiate with this service per time unit.

+       Available in Postfix version 2.9 and later:
+
+       <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+              Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
+              limit,  from  a time limit per read or write system
+              call, to a time limit to read or write  a  complete
+              record  (an  SMTP command line, SMTP response line,
+              SMTP message content line,  or  TLS  protocol  mes-
+              sage).
+
 <b>TARPIT CONTROLS</b>
       When  a  remote SMTP client makes errors, the Postfix SMTP
       server can insert delays before responding. This can  help
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -2236,6 +2236,11 @@ The LMTP-specific version of the smtp_nested_header_checks
 configuration parameter. See there for details.
 .PP
 This feature is available in Postfix 2.5 and later.
+.SH lmtp_per_record_deadline (default: no)
+The LMTP-specific version of the smtp_per_record_deadline
+configuration parameter.  See there for details.
+.PP
+This feature is available in Postfix 2.8 and later.
 .SH lmtp_pix_workaround_delay_time (default: 10s)
 The LMTP-specific version of the smtp_pix_workaround_delay_time
 configuration parameter.  See there for details.
@ -5499,6 +5504,23 @@ This feature is available in Postfix 2.5 and later.
 .SH smtp_never_send_ehlo (default: no)
 Never send EHLO at the start of an SMTP session. See also the
 smtp_always_send_ehlo parameter.
+.SH smtp_per_record_deadline (default: no)
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.
+.PP
+Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.
+.PP
+This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no".
 .SH smtp_pix_workaround_delay_time (default: 10s)
 How long the Postfix SMTP client pauses before sending
 ".<CR><LF>" in order to work around the PIX firewall
@ -7912,6 +7934,23 @@ lookup is disabled.  Turning off name lookup reduces delays due to
 DNS lookup and increases the maximal inbound delivery rate.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH smtpd_per_record_deadline (default: normal: no, overload: yes)
+Change the behavior of the smtpd_timeout time limit, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.
+.PP
+Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.
+.PP
+This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no".
 .SH smtpd_policy_service_max_idle (default: 300s)
 The time after which an idle SMTPD policy service connection is
 closed.
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@ -82,7 +82,8 @@ XFORWARD.
 Support for AUTH may be added in the future.
 In the mean time, if you need to make these services available
 on port 25, then do not enable the optional "after 220
-server greeting" tests.
+server greeting" tests, and do not use DNSBLs that reject
+traffic from dial-up and residential networks.

 The optional "after 220 server greeting" tests involve
 \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@ -256,6 +256,13 @@ An optional workaround for routers that break TCP window scaling.
 Available in Postfix version 2.8 and later:
 .IP "\fBsmtp_dns_resolver_options (empty)\fR"
 DNS Resolver options for the Postfix SMTP client.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtp_per_record_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to read
+or write a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
 .SH "MIME PROCESSING CONTROLS"
 .na
 .nf
@ -547,6 +554,13 @@ Available in Postfix version 2.3 and later:
 .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
 Time limit for connection cache connect, send or receive
 operations.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtp_per_record_deadline (no)\fR"
+Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to read
+or write a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
 .SH "TROUBLE SHOOTING CONTROLS"
 .na
 .nf
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -143,6 +143,13 @@ An optional workaround for routers that break TCP window scaling.
 Available in Postfix version 2.7 and later:
 .IP "\fBsmtpd_command_filter (empty)\fR"
 A mechanism to transform commands from remote SMTP clients.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout time limit, from a
+time limit per read or write system call, to a time limit to read
+or write a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
 .SH "ADDRESS REWRITING CONTROLS"
 .na
 .nf
@ -673,6 +680,13 @@ Available in Postfix version 2.3 and later:
 The maximal number of new (i.e., uncached) TLS sessions that a
 remote SMTP client is allowed to negotiate with this service per
 time unit.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+Change the behavior of the smtpd_timeout time limit, from a
+time limit per read or write system call, to a time limit to read
+or write a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).
 .SH "TARPIT CONTROLS"
 .na
 .nf
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@ -631,6 +631,7 @@ while (<>) {
    s;\bsmtp_body_checks\b;<a href="postconf.5.html#smtp_body_checks">$&</a>;g;
    s;\bsmtp_reply_filter\b;<a href="postconf.5.html#smtp_reply_filter">$&</a>;g;
    s;\bsmtp_address_preference\b;<a href="postconf.5.html#smtp_address_preference">$&</a>;g;
+    s;\bsmtp_per_record_deadline\b;<a href="postconf.5.html#smtp_per_record_deadline">$&</a>;g;
    s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
    s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
    s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;
@ -667,6 +668,7 @@ while (<>) {
    s;\bsmtpd_tls_wrappermode\b;<a href="postconf.5.html#smtpd_tls_wrappermode">$&</a>;g;
    s;\bsmtpd_use_tls\b;<a href="postconf.5.html#smtpd_use_tls">$&</a>;g;
    s;\bsmtpd_reject_footer\b;<a href="postconf.5.html#smtpd_reject_footer">$&</a>;g;
+    s;\bsmtpd_per_record_deadline\b;<a href="postconf.5.html#smtpd_per_record_deadline">$&</a>;g;
    s;\btls_daemon_random_bytes\b;<a href="postconf.5.html#tls_daemon_random_bytes">$&</a>;g;
    s;\btls_daemon_random_source\b;<a href="postconf.5.html#tls_daemon_random_source">$&</a>;g;
    s;\btls_ran[-</Bb>]*\n* *[<Bb>]*dom_bytes\b;<a href="postconf.5.html#tls_random_bytes">$&</a>;g;
--- a/postfix/proto/MILTER_README.html
+++ b/postfix/proto/MILTER_README.html
@ -28,11 +28,13 @@ SMTP commands (HELO, MAIL FROM, etc.) as well as mail content
 <p> The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
 <a href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>)
 or to digitally sign mail (examples: <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>).
@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called
 "sendmail-devel" on some Linux systems).  </p>

 <p> Once libmilter is installed, applications such as <a
+href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a> and
 <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
 build out of the box without requiring any tinkering:</p>

+<blockquote>
+<pre>
+$ <b>gzcat opendkim-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd opendkim-<i>x.y.z</i></b>
+$ <b>./configure ...<i>options</i>...</b>
+$ <b>make</b>
+[...<i>lots of output omitted</i>...]
+$ <b>make install</b>
+</pre>
+</blockquote>
+
 <blockquote>
 <pre>
 $ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@ -432,13 +432,14 @@ logging more informative. </p>
 as: </p>

 <pre>
-    <b>COMMAND PIPELINING after</b> <i>time</i> <b>from</b> <i>[address]:port</i>
+    <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
 </pre>

-<p> Translation: the SMTP client at <i>[address]:port</i> sent multiple
-SMTP commands, instead of sending one command and then waiting for
-the server to reply. This happened <i>time</i> seconds after the
-"220 " server greeting was sent. </p>
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
+multiple SMTP commands, instead of sending one command and then
+waiting for the server to reply. This happened after the client
+sent <i>command</i>. The <i>text</i> shows part of the input that
+was sent too early; it is not logged with Postfix 2.8. </p>

 <p> The postscreen_pipelining_action parameter specifies the action
 that is taken next.  See "<a href="#fail_after_220">When tests fail
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -14011,3 +14011,47 @@ service performs plaintext &lt;=&gt; TLS ciphertext conversion. <p>

 <p> This feature is available in Postfix 2.8 and later. </p>

+%PARAM smtpd_per_record_deadline normal: no, overload: yes
+
+<p> Change the behavior of the smtpd_timeout time limit, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.  </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.  </p>
+
+<p> This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". </p>
+
+%PARAM smtp_per_record_deadline no
+
+<p> Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message).  This
+limits the impact from hostile peers that trickle data one byte at
+a time.  </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline.  </p>
+
+<p> This feature is available in Postfix 2.9 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". </p>
+
+%PARAM lmtp_per_record_deadline no
+
+<p> The LMTP-specific version of the smtp_per_record_deadline
+configuration parameter.  See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later.  </p>
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@ -3583,6 +3583,19 @@ extern bool var_tlsp_tls_set_sessid;
 #define DEF_SMTPD_REJ_FOOTER	""
 extern char *var_smtpd_rej_footer;

+ /*
+  * Per-record time limit support.
+  */
+#define VAR_SMTPD_REC_DEADLINE	"smtpd_per_record_deadline"
+#define DEF_SMTPD_REC_DEADLINE	"${stress?yes}${stress:no}"
+extern bool var_smtpd_rec_deadline;
+
+#define VAR_SMTP_REC_DEADLINE	"smtp_per_record_deadline"
+#define DEF_SMTP_REC_DEADLINE	0
+#define VAR_LMTP_REC_DEADLINE	"lmtp_per_record_deadline"
+#define DEF_LMTP_REC_DEADLINE	0
+extern bool var_smtp_rec_deadline;
+
 /* LICENSE
 /* .ad
 /* .fi
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20110207"
+#define MAIL_RELEASE_DATE	"20110212"
 #define MAIL_VERSION_NUMBER	"2.9"

 #ifdef SNAPSHOT
--- a/postfix/src/global/smtp_stream.c
+++ b/postfix/src/global/smtp_stream.c
@ -6,9 +6,10 @@
 /* SYNOPSIS
 /*	#include <smtp_stream.h>
 /*
-/*	void	smtp_timeout_setup(stream, timeout)
+/*	void	smtp_stream_setup(stream, timeout, enable_deadline)
 /*	VSTREAM *stream;
 /*	int	timeout;
+/*	int	enable_deadline;
 /*
 /*	void	smtp_printf(stream, format, ...)
 /*	VSTREAM *stream;
@ -44,16 +45,24 @@
 /*	VSTREAM *stream;
 /*	char	*format;
 /*	va_list	ap;
+/* LEGACY API
+/*	void	smtp_timeout_setup(stream, timeout)
+/*	VSTREAM *stream;
+/*	int	timeout;
+/*	int	enable_deadline;
 /* DESCRIPTION
 /*	This module reads and writes text records delimited by CR LF,
 /*	with error detection: timeouts or unexpected end-of-file.
 /*	A trailing CR LF is added upon writing and removed upon reading.
 /*
-/*	smtp_timeout_setup() arranges for a time limit on the smtp read
+/*	smtp_stream_setup() prepares the specified stream for SMTP read
 /*	and write operations described below.
 /*	This routine alters the behavior of streams as follows:
 /* .IP \(bu
-/*	The read/write total time limit is set to the specified value.
+/*	When enable_deadline is non-zero, the stream is configured
+/*	to enforce a total time limit for each smtp_stream read/write
+/*	operation. Otherwise, the stream is configured to enforce
+/*	a time limit for each individual read/write system call.
 /* .IP \f(bu
 /*	The stream is configured to use double buffering.
 /* .IP \f(bu
@ -90,6 +99,9 @@
 /*	The stream is not flushed.
 /*
 /*	smtp_vprintf() is the machine underneath smtp_printf().
+/*
+/*	smtp_timeout_setup() is a backwards-compatibility interface
+/*	for programs that don't require per-record deadline support.
 /* DIAGNOSTICS
 /* .fi
 /* .ad
@ -102,7 +114,7 @@
 /* .IP SMTP_ERR_EOF
 /*	An I/O error happened, or the peer has disconnected unexpectedly.
 /* .IP SMTP_ERR_TIME
-/*	The time limit specified to smtp_timeout_setup() was exceeded.
+/*	The time limit specified to smtp_stream_setup() was exceeded.
 /* .PP
 /*	Additional error codes that may be used by applications:
 /* .IP SMTP_ERR_QUIET
@ -166,9 +178,8 @@ static void smtp_timeout_reset(VSTREAM *stream)
     * in the buffer. Such system calls would really hurt when receiving or
     * sending body content one line at a time.
     */
-    vstream_control(stream,
-		    VSTREAM_CTL_TIME_LIMIT, stream->timeout,
-		    VSTREAM_CTL_END);
+    if (vstream_fstat(stream, VSTREAM_FLAG_DEADLINE))
+	vstream_control(stream, VSTREAM_CTL_START_DEADLINE, VSTREAM_CTL_END);
 }

 /* smtp_longjmp - raise an exception */
@ -190,13 +201,21 @@ static NORETURN smtp_longjmp(VSTREAM *stream, int err, const char *context)
    vstream_longjmp(stream, err);
 }

-/* smtp_timeout_setup - configure timeout trap */
+/* smtp_stream_setup - configure timeout trap */

-void    smtp_timeout_setup(VSTREAM *stream, int maxtime)
+void    smtp_stream_setup(VSTREAM *stream, int maxtime, int enable_deadline)
 {
+    const char *myname = "smtp_stream_setup";
+
+    if (msg_verbose)
+	msg_info("%s: maxtime=%d enable_deadline=%d",
+		 myname, maxtime, enable_deadline);
+
    vstream_control(stream,
 		    VSTREAM_CTL_DOUBLE,
 		    VSTREAM_CTL_TIMEOUT, maxtime,
+		    enable_deadline ? VSTREAM_CTL_START_DEADLINE
+		    : VSTREAM_CTL_STOP_DEADLINE,
 		    VSTREAM_CTL_EXCEPT,
 		    VSTREAM_CTL_END);
 }
--- a/postfix/src/global/smtp_stream.h
+++ b/postfix/src/global/smtp_stream.h
@ -32,7 +32,7 @@
 #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
 #define SMTP_ERR_NONE	4		/* non-error case */

-extern void smtp_timeout_setup(VSTREAM *, int);
+extern void smtp_stream_setup(VSTREAM *, int, int);
 extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
 extern void smtp_flush(VSTREAM *);
 extern int smtp_fgetc(VSTREAM *);
@ -43,6 +43,9 @@ extern void smtp_fputc(int, VSTREAM *);

 extern void smtp_vprintf(VSTREAM *, const char *, va_list);

+#define smtp_timeout_setup(stream, timeout) \
+	smtp_stream_setup((stream), (timeout), 0)
+
 #define SMTP_GET_FLAG_NONE	0
 #define SMTP_GET_FLAG_SKIP	(1<<0)	/* skip over excess input */

--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@ -68,7 +68,8 @@
 /*	Support for AUTH may be added in the future.
 /*	In the mean time, if you need to make these services available
 /*	on port 25, then do not enable the optional "after 220
-/*	server greeting" tests.
+/*	server greeting" tests, and do not use DNSBLs that reject
+/*	traffic from dial-up and residential networks.
 /*
 /*	The optional "after 220 server greeting" tests involve
 /*	\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
--- a/postfix/src/postscreen/postscreen_tests.c
+++ b/postfix/src/postscreen/postscreen_tests.c
@ -175,8 +175,8 @@ void    psc_parse_tests(PSC_STATE *state,

    /*
     * Parse the cache entry, and allow for older postscreen versions that
-     * implemented fewer tests. We pretend that these tests were disabled
-     * when the cache entry was written.
+     * implemented fewer tests. We pretend that the newer tests were disabled
+     * at the time that the cache entry was written.
     * 
     * Flag the cache entry as "new" when the cache entry has fields for all
     * enabled tests, but the remote SMTP client has not yet passed all those
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@ -108,5 +108,6 @@
 	VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr,
 	VAR_LMTP_SASL_AUTH_SOFT_BOUNCE, DEF_LMTP_SASL_AUTH_SOFT_BOUNCE, &var_smtp_sasl_auth_soft_bounce,
 	VAR_LMTP_ASSUME_FINAL, DEF_LMTP_ASSUME_FINAL, &var_lmtp_assume_final,
+	VAR_LMTP_REC_DEADLINE, DEF_LMTP_REC_DEADLINE, &var_smtp_rec_deadline,
 	0,
    };
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@ -234,6 +234,13 @@
 /*	Available in Postfix version 2.8 and later:
 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
 /*	DNS Resolver options for the Postfix SMTP client.
+/* .PP
+/*	Available in Postfix version 2.9 and later:
+/* .IP "\fBsmtp_per_record_deadline (no)\fR"
+/*	Change the behavior of the smtp_*_timeout time limits, from a
+/*	time limit per read or write system call, to a time limit to read
+/*	or write a complete record (an SMTP command line, SMTP response
+/*	line, SMTP message content line, or TLS protocol message).
 /* MIME PROCESSING CONTROLS
 /* .ad
 /* .fi
@ -513,6 +520,13 @@
 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
 /*	Time limit for connection cache connect, send or receive
 /*	operations.
+/* .PP
+/*	Available in Postfix version 2.9 and later:
+/* .IP "\fBsmtp_per_record_deadline (no)\fR"
+/*	Change the behavior of the smtp_*_timeout time limits, from a
+/*	time limit per read or write system call, to a time limit to read
+/*	or write a complete record (an SMTP command line, SMTP response
+/*	line, SMTP message content line, or TLS protocol message).
 /* TROUBLE SHOOTING CONTROLS
 /* .ad
 /* .fi
@ -815,6 +829,7 @@ char   *var_smtp_body_chks;
 char   *var_smtp_resp_filter;
 bool    var_lmtp_assume_final;
 char   *var_smtp_dns_res_opt;
+bool    var_smtp_rec_deadline;

 /* Special handling of 535 AUTH errors. */
 char   *var_smtp_sasl_auth_cache_name;
--- a/postfix/src/smtp/smtp_params.c
+++ b/postfix/src/smtp/smtp_params.c
@ -112,5 +112,6 @@
 	VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr,
 	VAR_SMTP_SASL_AUTH_SOFT_BOUNCE, DEF_SMTP_SASL_AUTH_SOFT_BOUNCE, &var_smtp_sasl_auth_soft_bounce,
 	VAR_LMTP_ASSUME_FINAL, DEF_LMTP_ASSUME_FINAL, &var_lmtp_assume_final,
+	VAR_SMTP_REC_DEADLINE, DEF_SMTP_REC_DEADLINE, &var_smtp_rec_deadline,
 	0,
    };
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@ -295,7 +295,8 @@ int     smtp_helo(SMTP_STATE *state)
    /*
     * Prepare for disaster.
     */
-    smtp_timeout_setup(state->session->stream, var_smtp_helo_tmout);
+    smtp_stream_setup(state->session->stream, var_smtp_helo_tmout,
+		      var_smtp_rec_deadline);
    if ((except = vstream_setjmp(state->session->stream)) != 0)
 	return (smtp_stream_except(state, except, where));

@ -642,7 +643,8 @@ int     smtp_helo(SMTP_STATE *state)
 	    /*
 	     * Prepare for disaster.
 	     */
-	    smtp_timeout_setup(state->session->stream, var_smtp_starttls_tmout);
+	    smtp_stream_setup(state->session->stream, var_smtp_starttls_tmout,
+			      var_smtp_rec_deadline);
 	    if ((except = vstream_setjmp(state->session->stream)) != 0)
 		return (smtp_stream_except(state, except,
 					"receiving the STARTTLS response"));
@ -1216,8 +1218,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 	|| send_state > SMTP_STATE_QUIT)
 	msg_panic("%s: bad sender state %d (receiver state %d)",
 		  myname, send_state, recv_state);
-    smtp_timeout_setup(session->stream,
-		       *xfer_timeouts[send_state]);
+    smtp_stream_setup(session->stream, *xfer_timeouts[send_state],
+		      var_smtp_rec_deadline);
    if ((except = vstream_setjmp(session->stream)) != 0) {
 	msg_warn("smtp_proto: spurious flush before read in send state %d",
 		 send_state);
@ -1570,8 +1572,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 		 */
 #define LOST_CONNECTION_INSIDE_DATA (except == SMTP_ERR_EOF)

-		smtp_timeout_setup(session->stream,
-				   *xfer_timeouts[recv_state]);
+		smtp_stream_setup(session->stream, *xfer_timeouts[recv_state],
+				  var_smtp_rec_deadline);
 		if (LOST_CONNECTION_INSIDE_DATA) {
 		    if (vstream_setjmp(session->stream) != 0)
 			RETURN(smtp_stream_except(state, SMTP_ERR_EOF,
@ -1879,8 +1881,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 	 */
 	if (send_state == SMTP_STATE_DOT && nrcpt > 0) {

-	    smtp_timeout_setup(session->stream,
-			       var_smtp_data1_tmout);
+	    smtp_stream_setup(session->stream, var_smtp_data1_tmout,
+			      var_smtp_rec_deadline);

 	    if ((except = vstream_setjmp(session->stream)) == 0) {

--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -127,6 +127,13 @@
 /*	Available in Postfix version 2.7 and later:
 /* .IP "\fBsmtpd_command_filter (empty)\fR"
 /*	A mechanism to transform commands from remote SMTP clients.
+/* .PP
+/*	Available in Postfix version 2.9 and later:
+/* .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+/*	Change the behavior of the smtpd_timeout time limit, from a
+/*	time limit per read or write system call, to a time limit to read
+/*	or write a complete record (an SMTP command line, SMTP response
+/*	line, SMTP message content line, or TLS protocol message).
 /* ADDRESS REWRITING CONTROLS
 /* .ad
 /* .fi
@ -631,6 +638,13 @@
 /*	The maximal number of new (i.e., uncached) TLS sessions that a
 /*	remote SMTP client is allowed to negotiate with this service per
 /*	time unit.
+/* .PP
+/*	Available in Postfix version 2.9 and later:
+/* .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
+/*	Change the behavior of the smtpd_timeout time limit, from a
+/*	time limit per read or write system call, to a time limit to read
+/*	or write a complete record (an SMTP command line, SMTP response
+/*	line, SMTP message content line, or TLS protocol message).
 /* TARPIT CONTROLS
 /* .ad
 /* .fi
@ -1248,6 +1262,7 @@ char   *var_unk_name_tf_act;
 char   *var_unk_addr_tf_act;
 char   *var_unv_rcpt_tf_act;
 char   *var_unv_from_tf_act;
+bool    var_smtpd_rec_deadline;

 int     smtpd_proxy_opts;

@ -4338,7 +4353,7 @@ static void smtpd_proto(SMTPD_STATE *state)
     * cleans up, but no attempt is made to inform the client of the nature
     * of the problem.
     */
-    smtp_timeout_setup(state->client, var_smtpd_tmout);
+    smtp_stream_setup(state->client, var_smtpd_tmout, var_smtpd_rec_deadline);

    while ((status = vstream_setjmp(state->client)) == SMTP_ERR_NONE)
 	 /* void */ ;
@ -5165,6 +5180,10 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
 	0,
    };
+    static const CONFIG_NBOOL_TABLE nbool_table[] = {
+	VAR_SMTPD_REC_DEADLINE, DEF_SMTPD_REC_DEADLINE, &var_smtpd_rec_deadline,
+	0,
+    };
    static const CONFIG_STR_TABLE str_table[] = {
 	VAR_SMTPD_BANNER, DEF_SMTPD_BANNER, &var_smtpd_banner, 1, 0,
 	VAR_NOTIFY_CLASSES, DEF_NOTIFY_CLASSES, &var_notify_classes, 0, 0,
@ -5281,6 +5300,7 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_STR_TABLE, str_table,
 		       MAIL_SERVER_RAW_TABLE, raw_table,
 		       MAIL_SERVER_BOOL_TABLE, bool_table,
+		       MAIL_SERVER_NBOOL_TABLE, nbool_table,
 		       MAIL_SERVER_TIME_TABLE, time_table,
 		       MAIL_SERVER_PRE_INIT, pre_jail_init,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
--- a/postfix/src/tls/tls_bio_ops.c
+++ b/postfix/src/tls/tls_bio_ops.c
@ -103,6 +103,19 @@
 /* System library. */

 #include <sys_defs.h>
+#include <sys/time.h>
+
+#ifndef timersub
+/* res = a - b */
+#define timersub(a, b, res) do { \
+	(res)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
+	(res)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
+	if ((res)->tv_usec < 0) { \
+		(res)->tv_sec--; \
+		(res)->tv_usec += 1000000; \
+	} \
+    } while (0)
+#endif

 #ifdef USE_TLS

@ -129,6 +142,24 @@ int     tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
    int     err;
    int     retval = 0;
    int     done;
+    int     enable_deadline;
+    struct timeval time_limit;		/* initial time limit */
+    struct timeval time_left;		/* amount of time left */
+    struct timeval time_entry;		/* time of tls_bio() entry */
+    struct timeval time_now;		/* time after SSL_mumble() call */
+    struct timeval time_elapsed;	/* total elapsed time */
+
+    /*
+     * Deadline management is simpler than with VSTREAMs, because we don't
+     * need to decrement a per-stream time limit. We just work within the
+     * budget that is available for this tls_bio() call.
+     */
+    enable_deadline = vstream_fstat(TLScontext->stream, VSTREAM_FLAG_DEADLINE);
+    if (enable_deadline) {
+	time_limit.tv_sec = timeout;
+	time_limit.tv_usec = 0;
+	GETTIMEOFDAY(&time_entry);
+    }

    /*
     * If necessary, retry the SSL handshake or read/write operation after
@ -194,12 +225,24 @@ int     tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
 	    done = 1;
 	    break;
 	case SSL_ERROR_WANT_WRITE:
-	    if (write_wait(fd, timeout) < 0)
-		return (-1);			/* timeout error */
-	    break;
 	case SSL_ERROR_WANT_READ:
-	    if (read_wait(fd, timeout) < 0)
-		return (-1);			/* timeout error */
+	    if (enable_deadline) {
+		GETTIMEOFDAY(&time_now);
+		timersub(&time_now, &time_entry, &time_elapsed);
+		timersub(&time_limit, &time_elapsed, &time_left);
+		timeout = time_left.tv_sec + (time_left.tv_usec > 0);
+		if (timeout <= 0) {
+		    errno = ETIMEDOUT;
+		    return (-1);
+		}
+	    }
+	    if (err == SSL_ERROR_WANT_WRITE) {
+		if (write_wait(fd, timeout) < 0)
+		    return (-1);		/* timeout error */
+	    } else {
+		if (read_wait(fd, timeout) < 0)
+		    return (-1);		/* timeout error */
+	    }
 	    break;

 	    /*
--- a/postfix/src/util/vstream.c
+++ b/postfix/src/util/vstream.c
@ -138,6 +138,10 @@
 /*
 /*	int	vstream_wr_timeout(stream)
 /*	VSTREAM	*stream;
+/*
+/*	int	vstream_fstat(stream, flags)
+/*	VSTREAM	*stream;
+/*	int	flags;
 /* DESCRIPTION
 /*	The \fIvstream\fR module implements light-weight buffered I/O
 /*	similar to the standard I/O routines.
@ -298,7 +302,7 @@
 /* .IP "VSTREAM_CTL_TIMEOUT (int)
 /*	The deadline for a descriptor to become readable in case of a read
 /*	request, or writable in case of a write request. Specify a value
-/*	<= 0 to disable deadlines.
+/*	of 0 to disable deadlines.
 /* .IP "VSTREAM_CTL_EXCEPT (no value)"
 /*	Enable exception handling with vstream_setjmp() and vstream_longjmp().
 /*	This involves allocation of additional memory that normally isn't
@ -319,12 +323,14 @@
 /*	int. Use an explicit cast to avoid problems on LP64
 /*	environments and other environments where ssize_t is larger
 /*	than int.
-/* .IP "VSTREAM_CTL_TIME_LIMIT (int)"
-/*	Specify an upper bound on the total time to complete all
-/*	subsequent read or write operations. This is different from
-/*	VSTREAM_CTL_TIMEOUT, which specifies a deadline for each
-/*	read or write operation.  Specify a relative time in seconds,
-/*	or zero to disable this feature.
+/* .IP VSTREAM_CTL_START_DEADLINE
+/*	Change the VSTREAM_CTL_TIMEOUT behavior, to limit the total
+/*	time for all subsequent file descriptor read or write
+/*	operations, and recharge the deadline timer.
+/* .IP VSTREAM_CTL_STOP_DEADLINE
+/*	Revert VSTREAM_CTL_TIMEOUT behavior to the default, i.e.
+/*	a time limit for individual file descriptor read or write
+/*	operations.
 /* .PP
 /*	vstream_fileno() gives access to the file handle associated with
 /*	a buffered stream. With streams that have separate read/write
@ -402,6 +408,15 @@
 /*
 /*	vstream_rd_mumble() and vstream_wr_mumble() report on
 /*	read and write error conditions, respectively.
+/*
+/*	vstream_fstat() queries stream status information about
+/*	user-requested features. The \fIflags\fR argument is the
+/*	bitwise OR of one or more of the following, and the result
+/*	value is the bitwise OR of the features that are activated.
+/* .IP VSTREAM_FLAG_DEADLINE
+/*	The deadline feature is activated.
+/* .IP VSTREAM_FLAG_DOUBLE
+/*	The double-buffering feature is activated.
 /* DIAGNOSTICS
 /*	Panics: interface violations. Fatal errors: out of memory.
 /* SEE ALSO
@ -1314,7 +1329,6 @@ void    vstream_control(VSTREAM *stream, int name,...)
    int     old_fd;
    ssize_t req_bufsize = 0;
    VSTREAM *stream2;
-    int     time_limit;

 #define SWAP(type,a,b) do { type temp = (a); (a) = (b); (b) = (temp); } while (0)

@ -1377,6 +1391,8 @@ void    vstream_control(VSTREAM *stream, int name,...)
 	    if (stream->timeout == 0)
 		GETTIMEOFDAY(&stream->iotime);
 	    stream->timeout = va_arg(ap, int);
+	    if (stream->timeout < 0)
+		msg_panic("%s: bad timeout %d", myname, stream->timeout);
 	    break;
 	case VSTREAM_CTL_EXCEPT:
 	    if (stream->jbuf == 0)
@ -1428,17 +1444,15 @@ void    vstream_control(VSTREAM *stream, int name,...)
 	     * that we need to do I/O. This avoids a performance hit when
 	     * sending or receiving body content one line at a time.
 	     */
-	case VSTREAM_CTL_TIME_LIMIT:
-	    time_limit = va_arg(ap, int);
-	    if (time_limit < 0) {
-		msg_panic("%s: bad time limit: %d", myname, time_limit);
-	    } else if (time_limit == 0) {
-		stream->buf.flags &= ~VSTREAM_FLAG_DEADLINE;
-	    } else {
-		stream->buf.flags |= VSTREAM_FLAG_DEADLINE;
-		stream->time_limit.tv_sec = time_limit;
-		stream->time_limit.tv_usec = 0;
-	    }
+	case VSTREAM_CTL_STOP_DEADLINE:
+	    stream->buf.flags &= ~VSTREAM_FLAG_DEADLINE;
+	    break;
+	case VSTREAM_CTL_START_DEADLINE:
+	    if (stream->timeout <= 0)
+		msg_panic("%s: bad timeout %d", myname, stream->timeout);
+	    stream->buf.flags |= VSTREAM_FLAG_DEADLINE;
+	    stream->time_limit.tv_sec = stream->timeout;
+	    stream->time_limit.tv_usec = 0;
 	    break;
 	default:
 	    msg_panic("%s: bad name %d", myname, name);
--- a/postfix/src/util/vstream.h
+++ b/postfix/src/util/vstream.h
@ -126,6 +126,8 @@ extern int vstream_fdclose(VSTREAM *);
 #define vstream_ftime(vp)	((time_t) ((vp)->iotime.tv_sec))
 #define vstream_ftimeval(vp)	((vp)->iotime)

+#define vstream_fstat(vp, fl)	((vp)->buf.flags & (fl))
+
 extern void vstream_control(VSTREAM *, int,...);

 #define VSTREAM_CTL_END		0
@ -144,7 +146,8 @@ extern void vstream_control(VSTREAM *, int,...);
 #endif
 #define VSTREAM_CTL_BUFSIZE	12
 #define VSTREAM_CTL_SWAP_FD	13
-#define VSTREAM_CTL_TIME_LIMIT	14
+#define VSTREAM_CTL_START_DEADLINE	14
+#define VSTREAM_CTL_STOP_DEADLINE	15

 extern VSTREAM *PRINTFLIKE(1, 2) vstream_printf(const char *,...);
 extern VSTREAM *PRINTFLIKE(2, 3) vstream_fprintf(VSTREAM *, const char *,...);