diff --git a/postfix/HISTORY b/postfix/HISTORY
index 2ef5bb07b..97a948047 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23324,3 +23324,9 @@ Apologies for any names omitted.
to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
+
+20180217
+
+ Cleanup: added missing *_maps parameters to the default
+ proxy_read_maps setting. Files: global/mail_params.h,
+ mantools/missing-proxy-read-maps.
diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README
index f2a88b8f4..13c161832 100644
--- a/postfix/README_FILES/FORWARD_SECRECY_README
+++ b/postfix/README_FILES/FORWARD_SECRECY_README
@@ -195,8 +195,8 @@ Linux). If the remote SMTP server supports cipher suites with forward secrecy
between the server and client will resist decryption even if the server's long-
term authentication keys are later compromised.
-Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
-list of candidate curves can be changed via the "tls_eecdh_auto_curves"
+Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
+of candidate curves can be changed via the "tls_eecdh_auto_curves"
configuration parameter, which can be used to select a prioritized list of
supported curves (most preferred first) on both the Postfix SMTP server and
SMTP client. The default list is suitable for most users.
diff --git a/postfix/RELEASE_NOTES-3.3 b/postfix/RELEASE_NOTES-3.3
index 874a30444..e3762d8d4 100644
--- a/postfix/RELEASE_NOTES-3.3
+++ b/postfix/RELEASE_NOTES-3.3
@@ -1,13 +1,13 @@
This is the Postfix 3.3 (stable) release.
The stable Postfix release is called postfix-3.3.x where 3=major
-release number, 3=minor release number, x=patchlevel. The stable
+release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day). Patches are never issued for snapshot releases;
+mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
@@ -30,30 +30,37 @@ Major changes - compatibility safety net
[20180106] With compatibility_level < 1, the Postfix SMTP server
now warns for mail that would be blocked by the Postfix 2.10
-smtpd_relay_restrictions feature. This extends the safety net for
-sites that upgrade from earlier Postfix versions (questions on the
-postfix-users list show a steady trickle). See COMPATIBILITY_README
-for details.
+smtpd_relay_restrictions feature, without blocking that mail. This
+extends the compatibility safety net for sites that upgrade from
+earlier Postfix versions (questions on the postfix-users list show
+there is a steady trickle). See COMPATIBILITY_README for details.
Major changes - configuration
-----------------------------
-[20170617] The postconf command warns about unknown parameter names
-in a Postfix database configuration file, specified as an absolute
-pathname.
+[20170617] The postconf command now warns about unknown parameter
+names in a Postfix database configuration file. As with other unknown
+parameter names, these warnings can help to find typos early.
[20180113] New read-only service_name parameter that contains the
-master.cf service name. This parameter is set only in daemon
-processes. This allows, for example, setting the syslog_name in
-master.cf with "-o syslog_name=postfix/$service_name" for the
-"submission", "smtps", and "relay" services.
+master.cf service name of a Postfix daemon process (it that is empty
+in a non-daemon process). This can make Postfix SMTP server logging
+logging distinct by setting the syslog_name in master.cf with "-o
+syslog_name=postfix/$service_name" for the "submission" and "smtps"
+services, and can make Postfix SMTP client distinct by setting "-o
+syslog_name=postfix/$service_name" for the "relay" service.
Major changes - container support
---------------------------------
[20171218] Preliminary support to run Postfix in the foreground,
-with "postfix start-fg". This requires that multi-instance support
-is disabled.
+with "postfix start-fg". This requires that Postfix multi-instance
+support is disabled. To receive Postfix syslog information on the
+container's host, mount the host's /dev/log socket inside the
+container (example: "docker run -v /dev/log:/dev/log ..."), and
+specify a distinct Postfix "syslog_name" prefix that identifies the
+logging from the Postfix instance. Postfix does not log systemd
+events.
Major changes - database support
---------------------------------
@@ -80,32 +87,32 @@ Major changes - invisible changes
---------------------------------
[20170617] Additional paranoia in the VSTRING implementation: a
-null byte after the end of vstring buffers so that C-style string
-operations won't scribble past the end; earlier detection of bad
-length and precision format string specifiers (this just improves
-error handling, as format strings cannot be specified externally).
+null byte after the end of vstring buffers (this is a safety net
+so that C-style string operations won't scribble past the end);
+earlier detection of bad length and precision format string specifiers
+(these are the result of programming error, as Postfix format strings
+cannot be specified externally).
Major changes - milter support
------------------------------
-[20170221] The Postfix Milter client no longer encloses single-letter
-macro names inside {}, even though this form is supported since
-Sendmail version 8.7.
-
[20171223] Milter applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
Major changes - mixed IPv6/IPv4 support
---------------------------------------
-[20170505] Workaround for mail delivery problems with destinations
-that announce primarily IPv6 MX addresses but that are unreachable
-over IPv6, when the smtp_address_limit eliminates most or all IPv4
-addresses. This includes the case that Postfix IPv6 support is
-turned on, but the local machine has no IPv6 connectivity.
+[20170505] Workaround for mail delivery problems when 1) both Postfix
+IPv6 and IPv4 support are enabled, 2) some destination announces
+more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
+the destination is unreachable over IPv6, and 4) Postfix runs into
+the smtp_mx_address_limit before it can try to deliver over IPv4.
-The Postfix SMTP client will now attempt to schedule similar numbers
-of IPv4 and IPv6 addresses. Specify "smtp_balance_mx_inet_protocols
+When both Postfix IPv6 and IPv4 support are enabled, the Postfix
+SMTP client will now relax MX preferences so that it can schedule
+similar numbers of IPv4 and IPv6 destination addresses. This ensures
+that an IPv6 connectivity problem will not prevent mail from being
+delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
= no" to disable this workaround.
Major changes - xclient
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index e9ae0082d..42106f2c3 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -2,12 +2,11 @@ Wish list:
Things to do before the stable release:
- Spell-check, double-word check, and HTML validator check.
+ Spell-check, double-word check, HTML validator check,
+ mantools/missing-proxy-read-maps check.
Disable -DSNAPSHOT and -DNONPROD in makedefs.
- Add $smtpd_sender_login_maps to proxy_read_maps.
-
After I/O error, store errno in VSTREAM object before errno
may be overwritten.
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html
index b18d892d5..eb183c10e 100644
--- a/postfix/html/FORWARD_SECRECY_README.html
+++ b/postfix/html/FORWARD_SECRECY_README.html
@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
if the server's long-term authentication keys are later
compromised.
- Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+
Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 6525088b9..093a3c6b5 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -3228,12 +3228,10 @@ address.
Note: with Postfix ≤ 3.2 the "setting enable_original_recipient
= no" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address).
-
-
This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to yes.
Postfix versions before 2.0 have no support for the original recipient
@@ -16102,7 +16100,7 @@ code when an address probe failed due to a temporary problem
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit).
This feature breaks for
aliased addresses with "enable_original_recipient = no" (Postfix
-≤ 3.2).
This feature is avaiable in Postfix 2.1 and later.
+≤ 3.2).
This feature is available in Postfix 2.1 and later.
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 6490d99f1..b2dff862e 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2031,10 +2031,9 @@ address.
Note: with Postfix <= 3.2 the "setting enable_original_recipient
= \fBno\fR" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address).
-.br
.PP
This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to \fByes\fR.
@@ -10927,7 +10926,7 @@ This feature breaks for
aliased addresses with "enable_original_recipient = no" (Postfix
<= 3.2).
.br
-This feature is avaiable in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and later.
.br
.br
.PP
diff --git a/postfix/mantools/missing-proxy-read-maps b/postfix/mantools/missing-proxy-read-maps
new file mode 100755
index 000000000..a76963d30
--- /dev/null
+++ b/postfix/mantools/missing-proxy-read-maps
@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+# Compares the list of parameter names that end in _maps in
+# proxy_read_maps, against the list of all parameter names that end
+# in _maps, and outputs the missing mail_params.h lines.
+
+$command = "bin/postconf -dh proxy_read_maps | tr ' ' '\12'";
+open(PROXY_READ_MAPS, "$command|")
+ || die "can't execute $command: !$\n";
+while () {
+ chomp;
+ next unless /\$(.+_maps)$/;
+ $proxy_read_maps{$1} = 1;
+}
+close(PROXY_READ_MAPS) || die "close $command: $!\n";
+
+$mail_params_h = "src/global/mail_params.h";
+open(MAIL_PARAMS, "<$mail_params_h")
+ || die "Open $mail_params_h";
+while ($line = ) {
+ chomp;
+ if ($line =~ /^#define\s+(\S+)\s+"(\S+)"/) {
+ $mail_params{$2} = $1;
+ } elsif ($line =~/^#define\s+(\S+)\s+"address_verify_" VAR_SND_DEF_XPORT_MAPS/) {
+ $mail_params{"address_verify_sender_dependent_default_transport_maps"} = $1;
+ }
+}
+close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
+
+$command = "bin/postconf -H";
+open(ALL_PARAM_NAMES, "$command|")
+ || die "can't execute $command: !$\n";
+while ($param_name = ) {
+ chomp($param_name);
+ next unless ($param_name =~ /_maps$/);
+ next if ($param_name =~ /^(proxy_read|proxy_write)_maps$/);
+ next if defined($proxy_read_maps{$param_name});
+ die "unknown parameter: $param_name\n"
+ unless defined($mail_params{$param_name});
+ print "\t\t\t\t\" \$\" $mail_params{$param_name} \\\n";
+}
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html
index 62593d291..b0d96bd9e 100644
--- a/postfix/proto/FORWARD_SECRECY_README.html
+++ b/postfix/proto/FORWARD_SECRECY_README.html
@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
if the server's long-term authentication keys are later
compromised.
- Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+
Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index a09abb1a5..23f4f63e6 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1427,12 +1427,10 @@ address.
Note: with Postfix ≤ 3.2 the "setting enable_original_recipient
= no" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address).
-
-
This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to yes.
Postfix versions before 2.0 have no support for the original recipient
@@ -6612,7 +6610,7 @@ code when an address probe failed due to a temporary problem
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit).
This feature breaks for
aliased addresses with "enable_original_recipient = no" (Postfix
-≤ 3.2).
This feature is avaiable in Postfix 2.1 and later.
+≤ 3.2).
This feature is available in Postfix 2.1 and later.
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 16a8e1e7f..9b9023288 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -489,11 +489,11 @@ extern char *var_transport_maps;
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
extern char *var_def_transport;
-#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
+#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_default_transport_maps"
#define DEF_SND_DEF_XPORT_MAPS ""
extern char *var_snd_def_xport_maps;
-#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
+#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_default_transport_maps_lookup_key"
#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
extern char *var_null_def_xport_maps_key;
@@ -2389,7 +2389,29 @@ extern int var_local_rcpt_code;
" $" VAR_HELO_CHECKS \
" $" VAR_MAIL_CHECKS \
" $" VAR_RELAY_CHECKS \
- " $" VAR_RCPT_CHECKS
+ " $" VAR_RCPT_CHECKS \
+ " $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+ " $" VAR_VRFY_RELAY_MAPS \
+ " $" VAR_VRFY_XPORT_MAPS \
+ " $" VAR_FBCK_TRANSP_MAPS \
+ " $" VAR_LMTP_EHLO_DIS_MAPS \
+ " $" VAR_LMTP_PIX_BUG_MAPS \
+ " $" VAR_LMTP_SASL_PASSWD \
+ " $" VAR_LMTP_TLS_POLICY \
+ " $" VAR_MAILBOX_CMD_MAPS \
+ " $" VAR_MBOX_TRANSP_MAPS \
+ " $" VAR_PSC_EHLO_DIS_MAPS \
+ " $" VAR_RBL_REPLY_MAPS \
+ " $" VAR_SND_RELAY_MAPS \
+ " $" VAR_SMTP_EHLO_DIS_MAPS \
+ " $" VAR_SMTP_PIX_BUG_MAPS \
+ " $" VAR_SMTP_SASL_PASSWD \
+ " $" VAR_SMTP_TLS_POLICY \
+ " $" VAR_SMTPD_EHLO_DIS_MAPS \
+ " $" VAR_SMTPD_MILTER_MAPS \
+ " $" VAR_VIRT_GID_MAPS \
+ " $" VAR_VIRT_UID_MAPS \
+ " $" VAR_SND_DEF_XPORT_MAPS
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index a63a0419f..7bee76688 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180203"
+#define MAIL_RELEASE_DATE "20180217"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT