postfix-2.9-20110212

2025-08-22 18:07:41 +00:00 · 2011-02-12 00:00:00 -05:00 · 2011-02-12 00:00:00 -05:00 · 1b9ba18ece
commit 1b9ba18ece
parent 1ac00dbaf1
34 changed files with 1006 additions and 559 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -16576,3 +16576,18 @@ Apologies for any names omitted.
 	Bugfix (introduced Postfix 2.8): segfault with smtpd_tls_loglevel
 	>= 3. Files: tls/tls_server.c, tls.h, smtpd.c, tlsproxy.c.
 	Cleanup: read/write deadline support for single_server TLS
 	applications (i.e. smtpd(8), smtp(8)).  File: tls/tls_bio_ops.c.
 20110212
 	Infrastructure: run-time switch for read/write deadline
 	support. Files: util/vstream.[hc], global/smtp_stream.[hc],
 	tls/tls_bio_ops.c.
 	Cleanup: configurable read/write deadline support with
 	smtpd_per_record_deadline (normal: "no", overload: "yes")
 	and smtp_per_record_deadline (default: "no").  Files:
 	global/mail_params.h, smtpd/smtpd.c, smtp/smtp.c,
 	smtp/smtp_proto.c, proto/postconf.proto, mantools/postlink.
--- a/postfix/README_FILES/MILTER_README
+++ b/postfix/README_FILES/MILTER_README
@ -12,10 +12,11 @@ is queued.
 The reason for adding Milter support to Postfix is that there exists a large
 collection of applications, not only to block unwanted mail, but also to verify
-authenticity (examples: DomainKeys Identified Mail (DKIM), SenderID+SPF and
+authenticity (examples: OpenDKIM, DomainKeys Identified Mail (DKIM),
-DomainKeys) or to digitally sign mail (examples: DomainKeys Identified Mail
+SenderID+SPF and DomainKeys) or to digitally sign mail (examples: OpenDKIM,
-(DKIM), DomainKeys). Having yet another Postfix-specific version of all that
+DomainKeys Identified Mail (DKIM), DomainKeys). Having yet another Postfix-
-software is a poor use of human and system resources.
+specific version of all that software is a poor use of human and system
 resources.
 The Milter protocol has evolved over time, and different Postfix versions
 implement different feature sets. See the workarounds and limitations sections
@ -92,8 +93,15 @@ such a library, but Sendmail does.
    Sendmail libmilter library by default. With other systems, libmilter may be
    provided by a package (called "sendmail-devel" on some Linux systems).
-    Once libmilter is installed, applications such as dkim-milter and sid-
+    Once libmilter is installed, applications such as OpenDKIM, dkim-milter and
-    milter build out of the box without requiring any tinkering:
+    sid-milter build out of the box without requiring any tinkering:
        $ ggzzccaatt ooppeennddkkiimm--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
        $ ccdd ooppeennddkkiimm--xx..yy..zz
        $ ..//ccoonnffiigguurree ......ooppttiioonnss......
        $ mmaakkee
        [...lots of output omitted...]
        $ mmaakkee iinnssttaallll
        $ ggzzccaatt ddkkiimm--mmiilltteerr--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
        $ ccdd ddkkiimm--mmiilltteerr--xx..yy..zz
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@ -318,11 +318,12 @@ in SMTP engine anyway. This is to make postscreen(8) logging more informative.
 When a client sends multiple commands, postscreen(8) logs this as:
-    CCOOMMMMAANNDD PPIIPPEELLIINNIINNGG aafftteerr time ffrroomm [address]:port
+    CCOOMMMMAANNDD PPIIPPEELLIINNIINNGG ffrroomm [address]:port aafftteerr command: text
 Translation: the SMTP client at [address]:port sent multiple SMTP commands,
 instead of sending one command and then waiting for the server to reply. This
-happened time seconds after the "220 " server greeting was sent.
+happened after the client sent command. The text shows part of the input that
 was sent too early; it is not logged with Postfix 2.8.
 The postscreen_pipelining_action parameter specifies the action that is taken
 next. See "When tests fail after the 220 SMTP server greeting" below.
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -14,6 +14,30 @@ specifies the release date of a stable release or snapshot release.
 If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
 before proceeding.
 Major changes with snapshot 20110130
 ====================================
 Support for per-record deadlines.  These change the behavior of
 Postfix timeout parameters, from a time limit per read or write
 system call, to a time limit to send or receive a complete record
 (an SMTP command line, SMTP response line, SMTP message content
 line, or TLS protocol message).  This limits the impact from hostile
 peers that trickle data one byte at a time.
 The new configuration parameters and their default settings are:
 smtpd_per_record_deadline (normal: no, overload: yes),
 smtp_per_record_deadline (no), and lmtp_per_record_deadline (no).
 Note: when per-record deadlines are enabled, a short timeout may
 cause problems with TLS over very slow network connections.  The
 reasons are that a TLS protocol message can be up to 16 kbytes long
 (with TLSv1), and that an entire TLS protocol message must be sent
 or received within the per-record deadline.
 Per-record deadlines were introduced with postscreen(8). This program
 does not receive mail, and therefore has no problems with TLS over
 slow connections.
 Incompatible changes with snapshot 20110130
 ===========================================
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -9,6 +9,8 @@ Wish list:
 	Don't forget Apple's code donation for fetching mail from
 	IMAP server.
 	Update MILTER_README with pointer to OpenDKIM.
 	postconf command-line option to show the compile-time
 	settings (CCARGS, AUXLIBS) in case binary packages
 	don't install the makedefs.out file.
--- a/postfix/html/MILTER_README.html
+++ b/postfix/html/MILTER_README.html
@ -28,11 +28,13 @@ SMTP commands (HELO, MAIL FROM, etc.) as well as mail content
 <p> The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
 <a href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>)
 or to digitally sign mail (examples: <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>).
@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called
 "sendmail-devel" on some Linux systems).  </p>
 <p> Once libmilter is installed, applications such as <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a> and
 <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
 build out of the box without requiring any tinkering:</p>
 <blockquote>
 <pre>
 $ <b>gzcat opendkim-<i>x.y.z</i>.tar.gz | tar xf -</b>
 $ <b>cd opendkim-<i>x.y.z</i></b>
 $ <b>./configure ...<i>options</i>...</b>
 $ <b>make</b>
 [...<i>lots of output omitted</i>...]
 $ <b>make install</b>
 </pre>
 </blockquote>
 <blockquote>
 <pre>
 $ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@ -432,13 +432,14 @@ logging more informative. </p>
 as: </p>
 <pre>
-    <b>COMMAND PIPELINING after</b> <i>time</i> <b>from</b> <i>[address]:port</i>
+    <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
 </pre>
-<p> Translation: the SMTP client at <i>[address]:port</i> sent multiple
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
-SMTP commands, instead of sending one command and then waiting for
+multiple SMTP commands, instead of sending one command and then
-the server to reply. This happened <i>time</i> seconds after the
+waiting for the server to reply. This happened after the client
-"220 " server greeting was sent. </p>
+sent <i>command</i>. The <i>text</i> shows part of the input that
 was sent too early; it is not logged with Postfix 2.8. </p>
 <p> The <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> parameter specifies the action
 that is taken next.  See "<a href="#fail_after_220">When tests fail
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@ -295,6 +295,16 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
              DNS Resolver options for the Postfix SMTP client.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
              Change the behavior of the smtp_*_timeout time lim-
              its, from a time limit per  read  or  write  system
              call,  to  a time limit to read or write a complete
              record (an SMTP command line, SMTP  response  line,
              SMTP  message  content  line,  or TLS protocol mes-
              sage).
 <b>MIME PROCESSING CONTROLS</b>
       Available in Postfix version 2.0 and later:
@ -692,6 +702,16 @@ SMTP(8)                                                                SMTP(8)
              Time  limit  for  connection cache connect, send or
              receive operations.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
              Change the behavior of the smtp_*_timeout time lim-
              its,  from  a  time  limit per read or write system
              call, to a time limit to read or write  a  complete
              record  (an  SMTP command line, SMTP response line,
              SMTP message content line,  or  TLS  protocol  mes-
              sage).
 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
              The  increment  in  verbose  logging  level  when a
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -4034,6 +4034,17 @@ configuration parameter. See there for details. </p>
 <p> This feature is available in Postfix 2.5 and later. </p>
 </DD>
 <DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a>
 (default: no)</b></DT><DD>
 <p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>
 configuration parameter.  See there for details. </p>
 <p> This feature is available in Postfix 2.8 and later.  </p>
 </DD>
 <DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a>
@ -9545,6 +9556,29 @@ available.  </p>
 <a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter.  </p>
 </DD>
 <DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a>
 (default: no)</b></DT><DD>
 <p> Change the behavior of the smtp_*_timeout time limits, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.  </p>
 <p> Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.  </p>
 <p> This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no". </p>
 </DD>
 <DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
@ -12697,6 +12731,29 @@ DNS lookup and increases the maximal inbound delivery rate. </p>
 <p> This feature is available in Postfix 2.3 and later.  </p>
 </DD>
 <DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a>
 (default: normal: no, overload: yes)</b></DT><DD>
 <p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time limit, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.  </p>
 <p> Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.  </p>
 <p> This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no". </p>
 </DD>
 <DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a>
--- a/postfix/html/postscreen.8.html
+++ b/postfix/html/postscreen.8.html
@ -76,7 +76,8 @@ POSTSCREEN(8)                                                    POSTSCREEN(8)
       Support for AUTH may be added in the future.  In the  mean
       time, if you need to make these services available on port
       25, then do not enable  the  optional  "after  220  server
-       greeting" tests.
+       greeting" tests, and do not use DNSBLs that reject traffic
       from dial-up and residential networks.
       The optional "after 220  server  greeting"  tests  involve
       <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s  built-in SMTP protocol engine. When these
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@ -295,6 +295,16 @@ SMTP(8)                                                                SMTP(8)
       <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
              DNS Resolver options for the Postfix SMTP client.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
              Change the behavior of the smtp_*_timeout time lim-
              its, from a time limit per  read  or  write  system
              call,  to  a time limit to read or write a complete
              record (an SMTP command line, SMTP  response  line,
              SMTP  message  content  line,  or TLS protocol mes-
              sage).
 <b>MIME PROCESSING CONTROLS</b>
       Available in Postfix version 2.0 and later:
@ -692,6 +702,16 @@ SMTP(8)                                                                SMTP(8)
              Time  limit  for  connection cache connect, send or
              receive operations.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
              Change the behavior of the smtp_*_timeout time lim-
              its,  from  a  time  limit per read or write system
              call, to a time limit to read or write  a  complete
              record  (an  SMTP command line, SMTP response line,
              SMTP message content line,  or  TLS  protocol  mes-
              sage).
 <b>TROUBLE SHOOTING CONTROLS</b>
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
              The  increment  in  verbose  logging  level  when a
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@ -153,6 +153,16 @@ SMTPD(8)                                                              SMTPD(8)
              A mechanism to transform commands from remote  SMTP
              clients.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
              Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
              limit, from a time limit per read or  write  system
              call,  to  a time limit to read or write a complete
              record (an SMTP command line, SMTP  response  line,
              SMTP  message  content  line,  or TLS protocol mes-
              sage).
 <b>ADDRESS REWRITING CONTROLS</b>
       See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for  a  detailed
       discussion of Postfix address rewriting.
@ -842,6 +852,16 @@ SMTPD(8)                                                              SMTPD(8)
              sions that a remote SMTP client is allowed to nego-
              tiate with this service per time unit.
       Available in Postfix version 2.9 and later:
       <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
              Change  the  behavior  of  the  <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>  time
              limit,  from  a time limit per read or write system
              call, to a time limit to read or write  a  complete
              record  (an  SMTP command line, SMTP response line,
              SMTP message content line,  or  TLS  protocol  mes-
              sage).
 <b>TARPIT CONTROLS</b>
       When  a  remote SMTP client makes errors, the Postfix SMTP
       server can insert delays before responding. This can  help
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -2236,6 +2236,11 @@ The LMTP-specific version of the smtp_nested_header_checks
 configuration parameter. See there for details.
 .PP
 This feature is available in Postfix 2.5 and later.
 .SH lmtp_per_record_deadline (default: no)
 The LMTP-specific version of the smtp_per_record_deadline
 configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.8 and later.
 .SH lmtp_pix_workaround_delay_time (default: 10s)
 The LMTP-specific version of the smtp_pix_workaround_delay_time
 configuration parameter.  See there for details.
@ -5499,6 +5504,23 @@ This feature is available in Postfix 2.5 and later.
 .SH smtp_never_send_ehlo (default: no)
 Never send EHLO at the start of an SMTP session. See also the
 smtp_always_send_ehlo parameter.
 .SH smtp_per_record_deadline (default: no)
 Change the behavior of the smtp_*_timeout time limits, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.
 .PP
 Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.
 .PP
 This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no".
 .SH smtp_pix_workaround_delay_time (default: 10s)
 How long the Postfix SMTP client pauses before sending
 ".<CR><LF>" in order to work around the PIX firewall
@ -7912,6 +7934,23 @@ lookup is disabled.  Turning off name lookup reduces delays due to
 DNS lookup and increases the maximal inbound delivery rate.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_per_record_deadline (default: normal: no, overload: yes)
 Change the behavior of the smtpd_timeout time limit, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.
 .PP
 Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.
 .PP
 This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no".
 .SH smtpd_policy_service_max_idle (default: 300s)
 The time after which an idle SMTPD policy service connection is
 closed.
--- a/postfix/man/man8/postscreen.8
+++ b/postfix/man/man8/postscreen.8
@ -82,7 +82,8 @@ XFORWARD.
 Support for AUTH may be added in the future.
 In the mean time, if you need to make these services available
 on port 25, then do not enable the optional "after 220
-server greeting" tests.
+server greeting" tests, and do not use DNSBLs that reject
 traffic from dial-up and residential networks.
 The optional "after 220 server greeting" tests involve
 \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@ -256,6 +256,13 @@ An optional workaround for routers that break TCP window scaling.
 Available in Postfix version 2.8 and later:
 .IP "\fBsmtp_dns_resolver_options (empty)\fR"
 DNS Resolver options for the Postfix SMTP client.
 .PP
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtp_per_record_deadline (no)\fR"
 Change the behavior of the smtp_*_timeout time limits, from a
 time limit per read or write system call, to a time limit to read
 or write a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "MIME PROCESSING CONTROLS"
 .na
 .nf
@ -547,6 +554,13 @@ Available in Postfix version 2.3 and later:
 .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
 Time limit for connection cache connect, send or receive
 operations.
 .PP
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtp_per_record_deadline (no)\fR"
 Change the behavior of the smtp_*_timeout time limits, from a
 time limit per read or write system call, to a time limit to read
 or write a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "TROUBLE SHOOTING CONTROLS"
 .na
 .nf
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@ -143,6 +143,13 @@ An optional workaround for routers that break TCP window scaling.
 Available in Postfix version 2.7 and later:
 .IP "\fBsmtpd_command_filter (empty)\fR"
 A mechanism to transform commands from remote SMTP clients.
 .PP
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
 Change the behavior of the smtpd_timeout time limit, from a
 time limit per read or write system call, to a time limit to read
 or write a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "ADDRESS REWRITING CONTROLS"
 .na
 .nf
@ -673,6 +680,13 @@ Available in Postfix version 2.3 and later:
 The maximal number of new (i.e., uncached) TLS sessions that a
 remote SMTP client is allowed to negotiate with this service per
 time unit.
 .PP
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
 Change the behavior of the smtpd_timeout time limit, from a
 time limit per read or write system call, to a time limit to read
 or write a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "TARPIT CONTROLS"
 .na
 .nf
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@ -631,6 +631,7 @@ while (<>) {
    s;\bsmtp_body_checks\b;<a href="postconf.5.html#smtp_body_checks">$&</a>;g;
    s;\bsmtp_reply_filter\b;<a href="postconf.5.html#smtp_reply_filter">$&</a>;g;
    s;\bsmtp_address_preference\b;<a href="postconf.5.html#smtp_address_preference">$&</a>;g;
    s;\bsmtp_per_record_deadline\b;<a href="postconf.5.html#smtp_per_record_deadline">$&</a>;g;
    s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
    s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
    s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;
@ -667,6 +668,7 @@ while (<>) {
    s;\bsmtpd_tls_wrappermode\b;<a href="postconf.5.html#smtpd_tls_wrappermode">$&</a>;g;
    s;\bsmtpd_use_tls\b;<a href="postconf.5.html#smtpd_use_tls">$&</a>;g;
    s;\bsmtpd_reject_footer\b;<a href="postconf.5.html#smtpd_reject_footer">$&</a>;g;
    s;\bsmtpd_per_record_deadline\b;<a href="postconf.5.html#smtpd_per_record_deadline">$&</a>;g;
    s;\btls_daemon_random_bytes\b;<a href="postconf.5.html#tls_daemon_random_bytes">$&</a>;g;
    s;\btls_daemon_random_source\b;<a href="postconf.5.html#tls_daemon_random_source">$&</a>;g;
    s;\btls_ran[-</Bb>]*\n* *[<Bb>]*dom_bytes\b;<a href="postconf.5.html#tls_random_bytes">$&</a>;g;
--- a/postfix/proto/MILTER_README.html
+++ b/postfix/proto/MILTER_README.html
@ -28,11 +28,13 @@ SMTP commands (HELO, MAIL FROM, etc.) as well as mail content
 <p> The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
 <a href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>)
 or to digitally sign mail (examples: <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">DomainKeys
 Identified Mail (DKIM)</a>, <a
 href="http://sourceforge.net/projects/dk-milter/">DomainKeys</a>).
@ -212,10 +214,22 @@ other systems, libmilter may be provided by a package (called
 "sendmail-devel" on some Linux systems).  </p>
 <p> Once libmilter is installed, applications such as <a
 href="http://www.opendkim.org/">OpenDKIM</a>, <a
 href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a> and
 <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
 build out of the box without requiring any tinkering:</p>
 <blockquote>
 <pre>
 $ <b>gzcat opendkim-<i>x.y.z</i>.tar.gz | tar xf -</b>
 $ <b>cd opendkim-<i>x.y.z</i></b>
 $ <b>./configure ...<i>options</i>...</b>
 $ <b>make</b>
 [...<i>lots of output omitted</i>...]
 $ <b>make install</b>
 </pre>
 </blockquote>
 <blockquote>
 <pre>
 $ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@ -432,13 +432,14 @@ logging more informative. </p>
 as: </p>
 <pre>
-    <b>COMMAND PIPELINING after</b> <i>time</i> <b>from</b> <i>[address]:port</i>
+    <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
 </pre>
-<p> Translation: the SMTP client at <i>[address]:port</i> sent multiple
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
-SMTP commands, instead of sending one command and then waiting for
+multiple SMTP commands, instead of sending one command and then
-the server to reply. This happened <i>time</i> seconds after the
+waiting for the server to reply. This happened after the client
-"220 " server greeting was sent. </p>
+sent <i>command</i>. The <i>text</i> shows part of the input that
 was sent too early; it is not logged with Postfix 2.8. </p>
 <p> The postscreen_pipelining_action parameter specifies the action
 that is taken next.  See "<a href="#fail_after_220">When tests fail
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -14011,3 +14011,47 @@ service performs plaintext &lt;=&gt; TLS ciphertext conversion. <p>
 <p> This feature is available in Postfix 2.8 and later. </p>
 %PARAM smtpd_per_record_deadline normal: no, overload: yes
 <p> Change the behavior of the smtpd_timeout time limit, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.  </p>
 <p> Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.  </p>
 <p> This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no". </p>
 %PARAM smtp_per_record_deadline no
 <p> Change the behavior of the smtp_*_timeout time limits, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).  This
 limits the impact from hostile peers that trickle data one byte at
 a time.  </p>
 <p> Note: when per-record deadlines are enabled, a short timeout
 may cause problems with TLS over very slow network connections.
 The reasons are that a TLS protocol message can be up to 16 kbytes
 long (with TLSv1), and that an entire TLS protocol message must be
 sent or received within the per-record deadline.  </p>
 <p> This feature is available in Postfix 2.9 and later. With older
 Postfix releases, the behavior is as if this parameter is set to
 "no". </p>
 %PARAM lmtp_per_record_deadline no
 <p> The LMTP-specific version of the smtp_per_record_deadline
 configuration parameter.  See there for details. </p>
 <p> This feature is available in Postfix 2.8 and later.  </p>
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@ -3583,6 +3583,19 @@ extern bool var_tlsp_tls_set_sessid;
 #define DEF_SMTPD_REJ_FOOTER	""
 extern char *var_smtpd_rej_footer;
 /*
  * Per-record time limit support.
  */
 #define VAR_SMTPD_REC_DEADLINE	"smtpd_per_record_deadline"
 #define DEF_SMTPD_REC_DEADLINE	"${stress?yes}${stress:no}"
 extern bool var_smtpd_rec_deadline;
 #define VAR_SMTP_REC_DEADLINE	"smtp_per_record_deadline"
 #define DEF_SMTP_REC_DEADLINE	0
 #define VAR_LMTP_REC_DEADLINE	"lmtp_per_record_deadline"
 #define DEF_LMTP_REC_DEADLINE	0
 extern bool var_smtp_rec_deadline;
 /* LICENSE
 /* .ad
 /* .fi
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20110207"
+#define MAIL_RELEASE_DATE	"20110212"
 #define MAIL_VERSION_NUMBER	"2.9"
 #ifdef SNAPSHOT
--- a/postfix/src/global/smtp_stream.c
+++ b/postfix/src/global/smtp_stream.c
@ -6,9 +6,10 @@
 /* SYNOPSIS
 /*	#include <smtp_stream.h>
 /*
-/*	void	smtp_timeout_setup(stream, timeout)
+/*	void	smtp_stream_setup(stream, timeout, enable_deadline)
 /*	VSTREAM *stream;
 /*	int	timeout;
 /*	int	enable_deadline;
 /*
 /*	void	smtp_printf(stream, format, ...)
 /*	VSTREAM *stream;
@ -44,16 +45,24 @@
 /*	VSTREAM *stream;
 /*	char	*format;
 /*	va_list	ap;
 /* LEGACY API
 /*	void	smtp_timeout_setup(stream, timeout)
 /*	VSTREAM *stream;
 /*	int	timeout;
 /*	int	enable_deadline;
 /* DESCRIPTION
 /*	This module reads and writes text records delimited by CR LF,
 /*	with error detection: timeouts or unexpected end-of-file.
 /*	A trailing CR LF is added upon writing and removed upon reading.
 /*
-/*	smtp_timeout_setup() arranges for a time limit on the smtp read
+/*	smtp_stream_setup() prepares the specified stream for SMTP read
 /*	and write operations described below.
 /*	This routine alters the behavior of streams as follows:
 /* .IP \(bu
-/*	The read/write total time limit is set to the specified value.
+/*	When enable_deadline is non-zero, the stream is configured
 /*	to enforce a total time limit for each smtp_stream read/write
 /*	operation. Otherwise, the stream is configured to enforce
 /*	a time limit for each individual read/write system call.
 /* .IP \f(bu
 /*	The stream is configured to use double buffering.
 /* .IP \f(bu
@ -90,6 +99,9 @@
 /*	The stream is not flushed.
 /*
 /*	smtp_vprintf() is the machine underneath smtp_printf().
 /*
 /*	smtp_timeout_setup() is a backwards-compatibility interface
 /*	for programs that don't require per-record deadline support.
 /* DIAGNOSTICS
 /* .fi
 /* .ad
@ -102,7 +114,7 @@
 /* .IP SMTP_ERR_EOF
 /*	An I/O error happened, or the peer has disconnected unexpectedly.
 /* .IP SMTP_ERR_TIME
-/*	The time limit specified to smtp_timeout_setup() was exceeded.
+/*	The time limit specified to smtp_stream_setup() was exceeded.
 /* .PP
 /*	Additional error codes that may be used by applications:
 /* .IP SMTP_ERR_QUIET
@ -166,9 +178,8 @@ static void smtp_timeout_reset(VSTREAM *stream)
     * in the buffer. Such system calls would really hurt when receiving or
     * sending body content one line at a time.
     */
-    vstream_control(stream,
+    if (vstream_fstat(stream, VSTREAM_FLAG_DEADLINE))
-		    VSTREAM_CTL_TIME_LIMIT, stream->timeout,
+	vstream_control(stream, VSTREAM_CTL_START_DEADLINE, VSTREAM_CTL_END);
 		    VSTREAM_CTL_END);
 }
 /* smtp_longjmp - raise an exception */
@ -190,13 +201,21 @@ static NORETURN smtp_longjmp(VSTREAM *stream, int err, const char *context)
    vstream_longjmp(stream, err);
 }
-/* smtp_timeout_setup - configure timeout trap */
+/* smtp_stream_setup - configure timeout trap */
-void    smtp_timeout_setup(VSTREAM *stream, int maxtime)
+void    smtp_stream_setup(VSTREAM *stream, int maxtime, int enable_deadline)
 {
    const char *myname = "smtp_stream_setup";
    if (msg_verbose)
 	msg_info("%s: maxtime=%d enable_deadline=%d",
 		 myname, maxtime, enable_deadline);
    vstream_control(stream,
 		    VSTREAM_CTL_DOUBLE,
 		    VSTREAM_CTL_TIMEOUT, maxtime,
 		    enable_deadline ? VSTREAM_CTL_START_DEADLINE
 		    : VSTREAM_CTL_STOP_DEADLINE,
 		    VSTREAM_CTL_EXCEPT,
 		    VSTREAM_CTL_END);
 }
--- a/postfix/src/global/smtp_stream.h
+++ b/postfix/src/global/smtp_stream.h
@ -32,7 +32,7 @@
 #define SMTP_ERR_QUIET	3		/* silent cleanup (application) */
 #define SMTP_ERR_NONE	4		/* non-error case */
-extern void smtp_timeout_setup(VSTREAM *, int);
+extern void smtp_stream_setup(VSTREAM *, int, int);
 extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...);
 extern void smtp_flush(VSTREAM *);
 extern int smtp_fgetc(VSTREAM *);
@ -43,6 +43,9 @@ extern void smtp_fputc(int, VSTREAM *);
 extern void smtp_vprintf(VSTREAM *, const char *, va_list);
 #define smtp_timeout_setup(stream, timeout) \
 	smtp_stream_setup((stream), (timeout), 0)
 #define SMTP_GET_FLAG_NONE	0
 #define SMTP_GET_FLAG_SKIP	(1<<0)	/* skip over excess input */
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@ -68,7 +68,8 @@
 /*	Support for AUTH may be added in the future.
 /*	In the mean time, if you need to make these services available
 /*	on port 25, then do not enable the optional "after 220
-/*	server greeting" tests.
+/*	server greeting" tests, and do not use DNSBLs that reject
 /*	traffic from dial-up and residential networks.
 /*
 /*	The optional "after 220 server greeting" tests involve
 /*	\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
--- a/postfix/src/postscreen/postscreen_tests.c
+++ b/postfix/src/postscreen/postscreen_tests.c
@ -175,8 +175,8 @@ void    psc_parse_tests(PSC_STATE *state,
    /*
     * Parse the cache entry, and allow for older postscreen versions that
-     * implemented fewer tests. We pretend that these tests were disabled
+     * implemented fewer tests. We pretend that the newer tests were disabled
-     * when the cache entry was written.
+     * at the time that the cache entry was written.
     * 
     * Flag the cache entry as "new" when the cache entry has fields for all
     * enabled tests, but the remote SMTP client has not yet passed all those
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@ -108,5 +108,6 @@
 	VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr,
 	VAR_LMTP_SASL_AUTH_SOFT_BOUNCE, DEF_LMTP_SASL_AUTH_SOFT_BOUNCE, &var_smtp_sasl_auth_soft_bounce,
 	VAR_LMTP_ASSUME_FINAL, DEF_LMTP_ASSUME_FINAL, &var_lmtp_assume_final,
 	VAR_LMTP_REC_DEADLINE, DEF_LMTP_REC_DEADLINE, &var_smtp_rec_deadline,
 	0,
    };
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@ -234,6 +234,13 @@
 /*	Available in Postfix version 2.8 and later:
 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
 /*	DNS Resolver options for the Postfix SMTP client.
 /* .PP
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
 /*	Change the behavior of the smtp_*_timeout time limits, from a
 /*	time limit per read or write system call, to a time limit to read
 /*	or write a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* MIME PROCESSING CONTROLS
 /* .ad
 /* .fi
@ -513,6 +520,13 @@
 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
 /*	Time limit for connection cache connect, send or receive
 /*	operations.
 /* .PP
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
 /*	Change the behavior of the smtp_*_timeout time limits, from a
 /*	time limit per read or write system call, to a time limit to read
 /*	or write a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* TROUBLE SHOOTING CONTROLS
 /* .ad
 /* .fi
@ -815,6 +829,7 @@ char   *var_smtp_body_chks;
 char   *var_smtp_resp_filter;
 bool    var_lmtp_assume_final;
 char   *var_smtp_dns_res_opt;
 bool    var_smtp_rec_deadline;
 /* Special handling of 535 AUTH errors. */
 char   *var_smtp_sasl_auth_cache_name;
--- a/postfix/src/smtp/smtp_params.c
+++ b/postfix/src/smtp/smtp_params.c
@ -112,5 +112,6 @@
 	VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr,
 	VAR_SMTP_SASL_AUTH_SOFT_BOUNCE, DEF_SMTP_SASL_AUTH_SOFT_BOUNCE, &var_smtp_sasl_auth_soft_bounce,
 	VAR_LMTP_ASSUME_FINAL, DEF_LMTP_ASSUME_FINAL, &var_lmtp_assume_final,
 	VAR_SMTP_REC_DEADLINE, DEF_SMTP_REC_DEADLINE, &var_smtp_rec_deadline,
 	0,
    };
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@ -295,7 +295,8 @@ int     smtp_helo(SMTP_STATE *state)
    /*
     * Prepare for disaster.
     */
-    smtp_timeout_setup(state->session->stream, var_smtp_helo_tmout);
+    smtp_stream_setup(state->session->stream, var_smtp_helo_tmout,
 		      var_smtp_rec_deadline);
    if ((except = vstream_setjmp(state->session->stream)) != 0)
 	return (smtp_stream_except(state, except, where));
@ -642,7 +643,8 @@ int     smtp_helo(SMTP_STATE *state)
 	    /*
 	     * Prepare for disaster.
 	     */
-	    smtp_timeout_setup(state->session->stream, var_smtp_starttls_tmout);
+	    smtp_stream_setup(state->session->stream, var_smtp_starttls_tmout,
 			      var_smtp_rec_deadline);
 	    if ((except = vstream_setjmp(state->session->stream)) != 0)
 		return (smtp_stream_except(state, except,
 					"receiving the STARTTLS response"));
@ -1216,8 +1218,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 	|| send_state > SMTP_STATE_QUIT)
 	msg_panic("%s: bad sender state %d (receiver state %d)",
 		  myname, send_state, recv_state);
-    smtp_timeout_setup(session->stream,
+    smtp_stream_setup(session->stream, *xfer_timeouts[send_state],
-		       *xfer_timeouts[send_state]);
+		      var_smtp_rec_deadline);
    if ((except = vstream_setjmp(session->stream)) != 0) {
 	msg_warn("smtp_proto: spurious flush before read in send state %d",
 		 send_state);
@ -1570,8 +1572,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 		 */
 #define LOST_CONNECTION_INSIDE_DATA (except == SMTP_ERR_EOF)
-		smtp_timeout_setup(session->stream,
+		smtp_stream_setup(session->stream, *xfer_timeouts[recv_state],
-				   *xfer_timeouts[recv_state]);
+				  var_smtp_rec_deadline);
 		if (LOST_CONNECTION_INSIDE_DATA) {
 		    if (vstream_setjmp(session->stream) != 0)
 			RETURN(smtp_stream_except(state, SMTP_ERR_EOF,
@ -1879,8 +1881,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
 	 */
 	if (send_state == SMTP_STATE_DOT && nrcpt > 0) {
-	    smtp_timeout_setup(session->stream,
+	    smtp_stream_setup(session->stream, var_smtp_data1_tmout,
-			       var_smtp_data1_tmout);
+			      var_smtp_rec_deadline);
 	    if ((except = vstream_setjmp(session->stream)) == 0) {
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -127,6 +127,13 @@
 /*	Available in Postfix version 2.7 and later:
 /* .IP "\fBsmtpd_command_filter (empty)\fR"
 /*	A mechanism to transform commands from remote SMTP clients.
 /* .PP
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
 /*	Change the behavior of the smtpd_timeout time limit, from a
 /*	time limit per read or write system call, to a time limit to read
 /*	or write a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* ADDRESS REWRITING CONTROLS
 /* .ad
 /* .fi
@ -631,6 +638,13 @@
 /*	The maximal number of new (i.e., uncached) TLS sessions that a
 /*	remote SMTP client is allowed to negotiate with this service per
 /*	time unit.
 /* .PP
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
 /*	Change the behavior of the smtpd_timeout time limit, from a
 /*	time limit per read or write system call, to a time limit to read
 /*	or write a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* TARPIT CONTROLS
 /* .ad
 /* .fi
@ -1248,6 +1262,7 @@ char   *var_unk_name_tf_act;
 char   *var_unk_addr_tf_act;
 char   *var_unv_rcpt_tf_act;
 char   *var_unv_from_tf_act;
 bool    var_smtpd_rec_deadline;
 int     smtpd_proxy_opts;
@ -4338,7 +4353,7 @@ static void smtpd_proto(SMTPD_STATE *state)
     * cleans up, but no attempt is made to inform the client of the nature
     * of the problem.
     */
-    smtp_timeout_setup(state->client, var_smtpd_tmout);
+    smtp_stream_setup(state->client, var_smtpd_tmout, var_smtpd_rec_deadline);
    while ((status = vstream_setjmp(state->client)) == SMTP_ERR_NONE)
 	 /* void */ ;
@ -5165,6 +5180,10 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log,
 	0,
    };
    static const CONFIG_NBOOL_TABLE nbool_table[] = {
 	VAR_SMTPD_REC_DEADLINE, DEF_SMTPD_REC_DEADLINE, &var_smtpd_rec_deadline,
 	0,
    };
    static const CONFIG_STR_TABLE str_table[] = {
 	VAR_SMTPD_BANNER, DEF_SMTPD_BANNER, &var_smtpd_banner, 1, 0,
 	VAR_NOTIFY_CLASSES, DEF_NOTIFY_CLASSES, &var_notify_classes, 0, 0,
@ -5281,6 +5300,7 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_STR_TABLE, str_table,
 		       MAIL_SERVER_RAW_TABLE, raw_table,
 		       MAIL_SERVER_BOOL_TABLE, bool_table,
 		       MAIL_SERVER_NBOOL_TABLE, nbool_table,
 		       MAIL_SERVER_TIME_TABLE, time_table,
 		       MAIL_SERVER_PRE_INIT, pre_jail_init,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
--- a/postfix/src/tls/tls_bio_ops.c
+++ b/postfix/src/tls/tls_bio_ops.c
@ -103,6 +103,19 @@
 /* System library. */
 #include <sys_defs.h>
 #include <sys/time.h>
 #ifndef timersub
 /* res = a - b */
 #define timersub(a, b, res) do { \
 	(res)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
 	(res)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
 	if ((res)->tv_usec < 0) { \
 		(res)->tv_sec--; \
 		(res)->tv_usec += 1000000; \
 	} \
    } while (0)
 #endif
 #ifdef USE_TLS
@ -129,6 +142,24 @@ int     tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
    int     err;
    int     retval = 0;
    int     done;
    int     enable_deadline;
    struct timeval time_limit;		/* initial time limit */
    struct timeval time_left;		/* amount of time left */
    struct timeval time_entry;		/* time of tls_bio() entry */
    struct timeval time_now;		/* time after SSL_mumble() call */
    struct timeval time_elapsed;	/* total elapsed time */
    /*
     * Deadline management is simpler than with VSTREAMs, because we don't
     * need to decrement a per-stream time limit. We just work within the
     * budget that is available for this tls_bio() call.
     */
    enable_deadline = vstream_fstat(TLScontext->stream, VSTREAM_FLAG_DEADLINE);
    if (enable_deadline) {
 	time_limit.tv_sec = timeout;
 	time_limit.tv_usec = 0;
 	GETTIMEOFDAY(&time_entry);
    }
    /*
     * If necessary, retry the SSL handshake or read/write operation after
@ -194,12 +225,24 @@ int     tls_bio(int fd, int timeout, TLS_SESS_STATE *TLScontext,
 	    done = 1;
 	    break;
 	case SSL_ERROR_WANT_WRITE:
 	case SSL_ERROR_WANT_READ:
 	    if (enable_deadline) {
 		GETTIMEOFDAY(&time_now);
 		timersub(&time_now, &time_entry, &time_elapsed);
 		timersub(&time_limit, &time_elapsed, &time_left);
 		timeout = time_left.tv_sec + (time_left.tv_usec > 0);
 		if (timeout <= 0) {
 		    errno = ETIMEDOUT;
 		    return (-1);
 		}
 	    }
 	    if (err == SSL_ERROR_WANT_WRITE) {
 		if (write_wait(fd, timeout) < 0)
 		    return (-1);		/* timeout error */
-	    break;
+	    } else {
 	case SSL_ERROR_WANT_READ:
 		if (read_wait(fd, timeout) < 0)
 		    return (-1);		/* timeout error */
 	    }
 	    break;
 	    /*
--- a/postfix/src/util/vstream.c
+++ b/postfix/src/util/vstream.c
@ -138,6 +138,10 @@
 /*
 /*	int	vstream_wr_timeout(stream)
 /*	VSTREAM	*stream;
 /*
 /*	int	vstream_fstat(stream, flags)
 /*	VSTREAM	*stream;
 /*	int	flags;
 /* DESCRIPTION
 /*	The \fIvstream\fR module implements light-weight buffered I/O
 /*	similar to the standard I/O routines.
@ -298,7 +302,7 @@
 /* .IP "VSTREAM_CTL_TIMEOUT (int)
 /*	The deadline for a descriptor to become readable in case of a read
 /*	request, or writable in case of a write request. Specify a value
-/*	<= 0 to disable deadlines.
+/*	of 0 to disable deadlines.
 /* .IP "VSTREAM_CTL_EXCEPT (no value)"
 /*	Enable exception handling with vstream_setjmp() and vstream_longjmp().
 /*	This involves allocation of additional memory that normally isn't
@ -319,12 +323,14 @@
 /*	int. Use an explicit cast to avoid problems on LP64
 /*	environments and other environments where ssize_t is larger
 /*	than int.
-/* .IP "VSTREAM_CTL_TIME_LIMIT (int)"
+/* .IP VSTREAM_CTL_START_DEADLINE
-/*	Specify an upper bound on the total time to complete all
+/*	Change the VSTREAM_CTL_TIMEOUT behavior, to limit the total
-/*	subsequent read or write operations. This is different from
+/*	time for all subsequent file descriptor read or write
-/*	VSTREAM_CTL_TIMEOUT, which specifies a deadline for each
+/*	operations, and recharge the deadline timer.
-/*	read or write operation.  Specify a relative time in seconds,
+/* .IP VSTREAM_CTL_STOP_DEADLINE
-/*	or zero to disable this feature.
+/*	Revert VSTREAM_CTL_TIMEOUT behavior to the default, i.e.
 /*	a time limit for individual file descriptor read or write
 /*	operations.
 /* .PP
 /*	vstream_fileno() gives access to the file handle associated with
 /*	a buffered stream. With streams that have separate read/write
@ -402,6 +408,15 @@
 /*
 /*	vstream_rd_mumble() and vstream_wr_mumble() report on
 /*	read and write error conditions, respectively.
 /*
 /*	vstream_fstat() queries stream status information about
 /*	user-requested features. The \fIflags\fR argument is the
 /*	bitwise OR of one or more of the following, and the result
 /*	value is the bitwise OR of the features that are activated.
 /* .IP VSTREAM_FLAG_DEADLINE
 /*	The deadline feature is activated.
 /* .IP VSTREAM_FLAG_DOUBLE
 /*	The double-buffering feature is activated.
 /* DIAGNOSTICS
 /*	Panics: interface violations. Fatal errors: out of memory.
 /* SEE ALSO
@ -1314,7 +1329,6 @@ void    vstream_control(VSTREAM *stream, int name,...)
    int     old_fd;
    ssize_t req_bufsize = 0;
    VSTREAM *stream2;
    int     time_limit;
 #define SWAP(type,a,b) do { type temp = (a); (a) = (b); (b) = (temp); } while (0)
@ -1377,6 +1391,8 @@ void    vstream_control(VSTREAM *stream, int name,...)
 	    if (stream->timeout == 0)
 		GETTIMEOFDAY(&stream->iotime);
 	    stream->timeout = va_arg(ap, int);
 	    if (stream->timeout < 0)
 		msg_panic("%s: bad timeout %d", myname, stream->timeout);
 	    break;
 	case VSTREAM_CTL_EXCEPT:
 	    if (stream->jbuf == 0)
@ -1428,17 +1444,15 @@ void    vstream_control(VSTREAM *stream, int name,...)
 	     * that we need to do I/O. This avoids a performance hit when
 	     * sending or receiving body content one line at a time.
 	     */
-	case VSTREAM_CTL_TIME_LIMIT:
+	case VSTREAM_CTL_STOP_DEADLINE:
 	    time_limit = va_arg(ap, int);
 	    if (time_limit < 0) {
 		msg_panic("%s: bad time limit: %d", myname, time_limit);
 	    } else if (time_limit == 0) {
 	    stream->buf.flags &= ~VSTREAM_FLAG_DEADLINE;
-	    } else {
+	    break;
 	case VSTREAM_CTL_START_DEADLINE:
 	    if (stream->timeout <= 0)
 		msg_panic("%s: bad timeout %d", myname, stream->timeout);
 	    stream->buf.flags |= VSTREAM_FLAG_DEADLINE;
-		stream->time_limit.tv_sec = time_limit;
+	    stream->time_limit.tv_sec = stream->timeout;
 	    stream->time_limit.tv_usec = 0;
 	    }
 	    break;
 	default:
 	    msg_panic("%s: bad name %d", myname, name);
--- a/postfix/src/util/vstream.h
+++ b/postfix/src/util/vstream.h
@ -126,6 +126,8 @@ extern int vstream_fdclose(VSTREAM *);
 #define vstream_ftime(vp)	((time_t) ((vp)->iotime.tv_sec))
 #define vstream_ftimeval(vp)	((vp)->iotime)
 #define vstream_fstat(vp, fl)	((vp)->buf.flags & (fl))
 extern void vstream_control(VSTREAM *, int,...);
 #define VSTREAM_CTL_END		0
@ -144,7 +146,8 @@ extern void vstream_control(VSTREAM *, int,...);
 #endif
 #define VSTREAM_CTL_BUFSIZE	12
 #define VSTREAM_CTL_SWAP_FD	13
-#define VSTREAM_CTL_TIME_LIMIT	14
+#define VSTREAM_CTL_START_DEADLINE	14
 #define VSTREAM_CTL_STOP_DEADLINE	15
 extern VSTREAM *PRINTFLIKE(1, 2) vstream_printf(const char *,...);
 extern VSTREAM *PRINTFLIKE(2, 3) vstream_fprintf(VSTREAM *, const char *,...);