snapshot-20010222

2025-09-02 07:05:27 +00:00 · 2001-02-22 00:00:00 -05:00
parent edac954e0e
commit 2ea174ea56
32 changed files with 818 additions and 537 deletions
--- a/postfix/0README
+++ b/postfix/0README
@@ -21,9 +21,7 @@ Purpose of the Postfix mail system
 ==================================
 Postfix aims to be an alternative to the widely-used sendmail
-program.  Sendmail is responsible for 70% of all e-mail delivered
+program.
 on the Internet.  With an estimated 100 million users, that's an
 estimated 10 billion (10^10) messages daily. A stunning number.
 Although IBM supported the Postfix development, it abstains from
 control over its evolution. The goal is to have Postfix installed
@@ -71,15 +69,6 @@ you are welcome to send a postcard to:
 Roadmap of the Postfix source distribution
 ==========================================
 Point your browser at html/index.html for Postfix documentation,
 for manual pages, and for the unavoidable Postfix FAQ. Expect to
 see updated versions on-line at http://www.postfix.org/
 Point your MANPATH environment variable at the `man' directory (use
 an absolute path) for UNIX-style on-line manual pages.  These pages
 are also available through the HTML interface, which allows you to
 navigate faster.
 The RELEASE_NOTES file describes new features, and lists incompatible
 changes with respect to previous Postfix versions.
@@ -91,10 +80,17 @@ not yet implement, and how well it works with other software.
 The HISTORY file gives a detailed log of changes to the software.
 Point your browser at html/index.html for Postfix documentation,
 for manual pages, and for the unavoidable Postfix FAQ. Expect to
 see updated versions on-line at http://www.postfix.org/
 Point your MANPATH environment variable at the `man' directory (use
 an absolute path) for UNIX-style on-line manual pages.  These pages
 are also available through the HTML interface, which allows you to
 navigate faster.
 The PORTING file discusses how to go about porting Postfix to other
-UNIX platforms. Some people are looking into a port to Windows NT.
+UNIX platforms.
 We'll see. This software uses every trick in the book that I learned
 about UNIX.
 The TODO file lists things that still need to be done. If you want
 to set your teeth into one of those problems, drop me a note at
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -4856,7 +4856,7 @@ Apologies for any names omitted.
 20010203
-	Update: null candidate patch from Patrick Rak. Files:
+	Update: null candidate patch from Patrik Rak. Files:
 	nqmgr/qmgr_entry.c nqmgr/qmgr_job.c nqmgr/qmgr_message.c.
 	Cleanup: added one gruesome command to the postlink script
@@ -4869,3 +4869,46 @@ Apologies for any names omitted.
 	Laid the ground work for logging of table accesses. This
 	will give more insight into how Postfix uses its lookup
 	tables. User interface comes later.  File:  util/dict_debug.c.
 20010215
 	The showq output format assumes queue IDs of up to 10
 	characters.  It can be more with large  file systems.
 	Workaround for 11 character queue IDs by Lamont Jones.
 	File: showq/showq.c.
 20010216
 	Bugfix: the pipe delivery agent expanded $size as if it
 	were a recipient, instead of expanding it as $nexthop or
 	as $sender. Reported by Michael Tokarev. File: pipe/pipe.c.
 20010221
 	Bugfix: poor LMTP performance for domains that are listed
 	in $mydestination, because Postfix would send one recipient
 	at a time, with multiple deliveries of recipients of the
 	same message in parallel; a similar problem could exist
 	with firewall relay hosts that forward mail for $mydestination
 	to an inside machine. This behavior is now changed to depend
 	on the transport-specific xxx_destination_recipient_limit
 	parameter.  This also means that you can now get qmail behavior
 	for SMTP deliveries by setting smtp_destination_recipient_limit=1.
 	File:  {qmgr,nqmgr}/qmgr_message.c.
 	Workaround: Solaris socketpair() can fail with EINTR. Added
 	a sane_socketpair.c module that joins the ranks of the other
 	sane_whatever workarounds. Reported by Andrew McNamara.
 	File: util/sane_socketpair.[hc]
 20010222
 	Documentation: the default main.cf file has a prominent
 	warning that mynetworks should be properly configured in
 	order to reject unauthorized mail relay requests from
 	strangers.
 	Documentation: the INSTALL document, section "mandatory
 	configuration file edits" has a section that explains that
 	mynetworks should be properly configured in order to reject
 	unauthorized mail relay requests from strangers.
--- a/postfix/INSTALL
+++ b/postfix/INSTALL
@@ -66,11 +66,13 @@ If your system is supported, it is one of
    Linux RedHat 4.x
    Linux RedHat 5.x
    Linux RedHat 6.x
    Linux RedHat 7.x
    Linux Slackware 3.5
    Linux Slackware 4.0
    Linux Slackware 7.0
    Linux SuSE 5.x
    Linux SuSE 6.x
    Linux SuSE 7.x
    Mac OS X server
    NEXTSTEP 3.x
    NetBSD 1.x
@@ -83,7 +85,7 @@ If your system is supported, it is one of
    Rhapsody 5.x
    SunOS 4.1.x
    SunOS 5.4..5.8 (Solaris 2.4..8)
-    Ultrix 4.x
+    Ultrix 4.x (well, that was long ago)
 or something closely resemblant.
@@ -202,7 +204,8 @@ In order to install or upgrade Postfix:
 - Run the INSTALL.sh script as the super-user:
-    # sh INSTALL.sh
+    # make install              (interactive version, first time install)
    # make install </dev/null   (non-interactive version, for upgrades)
  The INSTALL.sh script offers suggestions for pathnames that you
  can override, either by editing INSTALL.sh or by specifying your
@@ -351,9 +354,10 @@ You can use $parameter before it is given a value. The Postfix
 configuration language uses lazy evaluation, and does not look at
 a parameter value until it is needed at runtime.
-First of all, you must specify what domain will be appended to a
+First of all, you must specify what domain will be appended to an
-local address. The "myorigin" parameter defaults to the local
+unqualified address (i.e. an address without @domain.name). The
-hostname, but that is probably OK only for very small sites.
+"myorigin" parameter defaults to the local hostname, but that is
 probably OK only for very small sites.
 Some examples:
@@ -363,8 +367,8 @@ Some examples:
 In the first case, local mail goes out as user@$myhostname, in
 the second case the sender address is user@$mydomain.
-Next you need to specify what mail addresses are local to the
+Next you need to specify what mail addresses Postfix should deliver
-Postfix system.
+locally.
 Some examples:
@@ -376,6 +380,14 @@ The first example is appropriate for a workstation, the second is
 appropriate for the mailserver for an entire domain. The third
 example should be used when running on a virtual host interface.
 If your machine is on an open network then you must specify what
 client IP addresses are authorized to relay their mail through your
 machine.  The default setting includes all class A, B or C networks
 that the machine is attached to. Often, that gives relay permission
 to too many clients.  My own settings are:
    mynetworks = 168.100.189.0/28, 127.0.0.0/8
 If you're behind a firewall, you should set up a relayhost.  If
 you can, specify the organizational domain name so that Postfix
 can use DNS lookups, and so that it can fall back to a secondary
@@ -403,7 +415,8 @@ and/or dial-up networks.
 Finally, if you haven't used Sendmail prior to using Postfix, you
 will have to build the alias database (with: sendmail -bi, or:
 newaliases). Be sure to set up aliases for root and postmaster that
-forward mail to a real person.
+forward mail to a real person. Postfix has a sample aliases file
 the conf/aliases.
 11 - To chroot or not to chroot
 ==============================
@@ -417,10 +430,13 @@ impenetrable, but every little bit helps.
 With the exception of the Postfix local delivery and `pipe' daemons,
 every Postfix daemon can run chrooted.
-By default, no Postfix daemon runs chrooted.  In order to enable
+Sites with high security requirements should consider to chroot
-chroot operation, edit the file /etc/postfix/master.cf.  It is
+all daemons that talk to the network:  the smtp and smtpd processes,
-highly recommended to chroot the daemons that talk to the network:
+and perhaps also the lmtp client.
-the smtp and smtpd processes.
+
 The default /etc/postfix/master.cf file specifies that no Postfix
 daemon runs chrooted.  In order to enable chroot operation, edit
 the file /etc/postfix/master.cf. Instructions are in the file.
 Note that a chrooted daemon resolves all filenames relative to the
 Postfix queue directory (/var/spool/postfix). For successful use
--- a/postfix/LDAP_README
+++ b/postfix/LDAP_README
@@ -26,6 +26,14 @@ Postfix source tree should work:
    % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
 	AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
 On Solaris 2.x you may have to specify run-time link information,
 otherwise ld.so will not find some of the shared libraries:
    % make tidy
    % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
 	AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lldap \
 		-L/usr/local/lib -R/usr/local/lib -llber"
 The 'make tidy' command is needed only if you have previously built
 Postfix without LDAP support.
--- a/postfix/LINUX_README
+++ b/postfix/LINUX_README
--- a/postfix/LMTP_README
+++ b/postfix/LMTP_README
@@ -1,17 +1,25 @@
 [This file still needs to be updated - some information is obsolete]
-Postfix LMTP support
+1 - Postfix LMTP support
-====================
+========================
 LMTP stands for Local Mail Transfer Protocol, and is detailed in
-RFC2033.  This protocol is used to communicate with the final
+RFC2033.  Postfix uses this protocol to communicate with the final
 delivery agent, which may run on the local host or a remote host.
 This protocol opens up interesting possibilities: one Postfix front
 end machine can drive multiple mailbox back end machines over LMTP.
-As the mail load increases you add Postfix front end systems and
+As the mail load increases, you add more Postfix front end systems
-LMTP mailbox back end systems.  You can use LDAP or mysql to share
+and more LMTP mailbox back end systems.  This is the model that I
-the user database among the front end and back end systems.
+had in mind when I began drafting the design for Postfix - a scalable
 architecture that allows you to keep adding SMTP servers and mailbox
 servers painlessly.
 Such a distributed architecture needs glue to keep things together.
 You can use a networked database LDAP or mysql to share the user
 database among the front end and back end systems. Use a replicated
 database so that no machine becomes a single point of failure for
 the entire mail infrastructure.
 Postfix LMTP support is based on a modified version of the Postfix
 SMTP client. The initial version was by Philip A.  Prindeville of
@@ -21,101 +29,145 @@ much of the documentation.  Wietse Venema reduced the code to its
 present shape.
-Overview
+2 - Overview
-========
+============
 Most of the examples in this document involve the CMU Cyrus IMAP/POP
 server, available from:
    http://asg.web.cmu.edu/cyrus/
-While certainly not the only application that could make use of LMTP,
+While certainly not the only application that could make use of
-it tends to be the most discussed.  These examples are based on the
+LMTP, it tends to be the most discussed.  These examples are based
-forthcoming Cyrus 2.0.10, at least at the time of writing.  The 2.x
+on the forthcoming Cyrus 2.0.10, at least at the time of writing.
-branch of Cyrus places greater emphasis on LMTP delivery than the
+The 2.x branch of Cyrus places greater emphasis on LMTP delivery
-previous releases.  Those using older releases of Cyrus can find a
+than the previous releases.  Those using older releases of Cyrus
-discussion in the appendix of this document.
+can find a discussion in the appendix of this document.
 There are a variety of ways LMTP delivery can be configured in
-Postfix.  The two basic flavors are delivery over UNIX-domain sockets
+Postfix.  The two basic flavors are delivery over UNIX-domain
-and delivery over TCP sockets.  Both flavors can be specified in
+sockets and delivery over TCP sockets.
-either the Postfix main.cf or in a transport map.  The best approach
+
-to use depends upon the arrangement of your servers and the desired
+  o Connections over UNIX-domain sockets limit delivery to LMTP
-level of parallelization.  Please be sure to study this entire
+    servers running on the same machine.
-document as there are trade-offs in convenience and performance with
+
-these different approaches.
+  o Connections over TCP sockets allow you to deliver to LMTP
    servers across a local network.
 The precise syntax for UNIX-domain and TCP connection endpoints is
-given in the lmtp(8) manual page.
+given in the lmtp(8) manual page. Examples are also given in the
 text below.
 Both socket flavors can be specified in either the Postfix main.cf
 file (see section 5) or in a Postfix transport map (section 6).
 What is the best approach for you depends upon the arrangement of
 your servers and the desired level of parallelization.
-Using main.cf configuration
+Please be sure to study this entire document as there are trade-offs
-===========================
+in convenience and in performance with these different approaches.
-This is the simplest LMTP configuration.  
+3 - LMTP over UNIX-domain sockets
 =================================
-1. Delivery mechanisms
+A UNIX-domain socket is specified as the socket type ("unix") and
 a name in the local file system:
-    Postfix supports three mechanisms to deliver mail over LMTP.
+    unix:/path/name
    Each method can use UNIX-domain or TCP sockets as described in
    a later section.
-    mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket)
+The "/path/name" part should be the name of a socket created by
-    mailbox_transport = lmtp:hostname:port   (TCP socket)
+the LMTP server on the local machine. See the specific examples
        The Postfix local delivery agent expands aliases and .forward
        files, and delegates mailbox delivery to the LMTP server.
    local_transport = lmtp:unix:/path/name (UNIX-domain socket)
    local_transport = lmtp:hostname:port   (TCP socket)
        Mail that resolves as local is directly given to the LMTP
        server.  The mail is not processed by the Postfix local
        delivery agent; therefore aliases and .forward files are
        not expanded.
    fallback_transport = lmtp:unix:/path/name (UNIX-domain socket)
    fallback_transport = lmtp:hostname:port   (TCP socket)
 	The Postfix local delivery agent expands aliases and .forward
 	files, and delivers to /var[/spool]/mail/$user for users
 	that have a UNIX account.  Mail for other local users is
 	delegated to the LMTP server.
 2.  LMTP over UNIX-domain sockets.
    The UNIX-domain socket is specified as a name in the local file
    system.  This "/path/name" should be the socket created by the
    LMTP server on the local machine. See the specific examples
 later in this document.
 NOTE:
-	If you run the lmtp client chrooted, the interpretation of
+    If you run the lmtp client chrooted, the interpretation of the
-	the /path/name is relative to the Postfix queue directory
+    /path/name is relative to the Postfix queue directory (typically,
-	(typically, /var/spool/postfix).
+    /var/spool/postfix).
    By default, the Postfix LMTP client does not run chrooted.
-	With LMTP delivery to the local machine there is no good
+    With LMTP delivery to the local machine there is no good reason
-	reason to run the Postfix LMTP client chrooted.
+    to run the Postfix LMTP client chrooted.
-3.  LMTP over TCP sockets.
+4 - LMTP over TCP sockets
 =========================
-    Currently the default TCP port number for this type of connection
+A TCP destination is specified as the socket type ("inet"), the
-    is 24, but this can be customized in the "/etc/services" file.
+destination hostname and the TCP port:
-    Specific examples are given later in this document.
+
    inet:hostname:port
 The "inet:" part can be omitted, as it is the default socket type.
 The destination port can be omitted as well. Currently the default
 TCP port number for this type of connection is 24, but this can be
 customized in the "/etc/services" file.  Specific examples are
 given later in this document.
 NOTE:
-	With connections over TCP sockets, later Cyrus implementations
+    With connections over TCP sockets, later Cyrus LMTP server
-	insist on SASL-style authentication. This means that Postfix
+    implementations insist on SASL-style authentication. This means
-	must be built with SASL support (see SASL_README).  The
+    that Postfix must be built with SASL support (see SASL_README).
-	examples below show how to enable this in the Postfix LMTP
+    The examples below show how to enable this in the Postfix LMTP
    client.
-Examples:
+    Some Cyrus LMTP server implementations do not allow SASL-style
    authentication via plaintext passwords. You will have to jump
    some extra hoops in order to enable MD5 password support, or
    you will have to wait until this restriction is relaxed.
-1.  LMTP over UNIX-domain sockets.
+
 5 - Configuring LMTP using main.cf configuration
 ================================================
 This is the simplest LMTP configuration.  
 5.1 - Delivery mechanisms
 -------------------------
 Postfix main.cf supports three mechanisms to deliver mail over
 LMTP.  Each method can use UNIX-domain or TCP sockets as described
 in a later section.
 main.cf mechanism 1
 -------------------
 mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket example)
 mailbox_transport = lmtp:hostname:port   (TCP socket example)
 Mail that resolves as local (domain is listed in $mydestination)
 is given to the Postfix local delivery agent.  The Postfix local
 delivery agent expands aliases and .forward files, and delegates
 mailbox delivery to the LMTP server.
 main.cf mechanism 2
 -------------------
 local_transport = lmtp:unix:/path/name (UNIX-domain socket example)
 local_transport = lmtp:hostname:port   (TCP socket example)
 Mail that resolves as local (domain is listed in $mydestination)
 is directly given to the LMTP server.  The mail is not processed
 by the Postfix local delivery agent; therefore aliases and .forward
 files are not processed.
 main.cf mechanism 3
 -------------------
 fallback_transport = lmtp:unix:/path/name (UNIX-domain socket example)
 fallback_transport = lmtp:hostname:port   (TCP socket example)
 Mail that resolves as local (domain is listed in $mydestination)
 is given to the Postfix local delivery agent.  The Postfix local
 delivery agent processes aliases and .forward files, and delivers
 to /var[/spool]/mail/$user for users that have a UNIX account.
 Mail for other local users is delegated to the LMTP server.
 5.2 - Examples
 --------------
 5.2.1 - LMTP over UNIX-domain sockets
 -------------------------------------
 To utilize UNIX-domain sockets for the communication between
 Postfix and Cyrus, the corresponding configuration files should
@@ -137,7 +189,8 @@ Examples:
 and .forward files, and delegates mailbox delivery to the Cyrus
 lmtpd server via the socket "/var/imap/socket/lmtp".
-2.  LMTP over TCP sockets.
+5.2.2 - LMTP over TCP sockets
 -----------------------------
 For this example, suppose the following files are configured
 thusly: 
@@ -167,20 +220,19 @@ Examples:
 /etc/postfix/lmtp_sasl_pass:
    localhost.my.domain	username:password
-    Instead of "hash", use the map type of your choice.  Some
+Instead of "hash", use the map type of your choice.  Some systems
-    systems use "dbm" instead.  Use "postconf -m" to find out what
+use "dbm" instead.  Use "postconf -m" to find out what map types
-    map types are supported.
+are supported.
-    With the above settings, the Postfix local delivery agent
+With the above settings, the Postfix local delivery agent expands
-    expands aliases and .forward files, and delegates mailbox
+aliases and .forward files, and delegates mailbox delivery to the
-    delivery to the the Cyrus LMTP server.  Postfix makes a
+the Cyrus LMTP server.  Postfix makes a connection to port 24 on
-    connection to port 24 on the local host, subsequently
+the local host, subsequently transmitting the message to the lmtpd
-    transmitting the message to the lmtpd server managed by the
+server managed by the Cyrus master process.
    Cyrus master process.
-Using transport map configuration
+6 - Configuring LMTP using transport map configuration
-=================================
+======================================================
 This approach is quite similar to specifying the LMTP service in
 the Postfix main.cf configuration file.  However, now we will use
@@ -206,51 +258,55 @@ to route mail for multiple domains to their respective mail retrieval
        transport_maps = hash:/etc/postfix/transport
 For details of the Cyrus LMTP server configuration, see section 5.
 Instead of "hash", use the map type of your choice.  Some systems use
 "dbm" instead.  Use "postconf -m" to find out what map types are
 supported.
-Performance considerations
+7 - Performance considerations
-==========================
+==============================
 Hopefully the preceding discussion has seemed pretty straight
 forward.  Now things get interesting.  After reading the following
-you will see that there are more factors to consider when setting up
+you will see that there are more factors to consider when setting
-LMTP services.
+up LMTP services.
-Single instance message store
+8 - Single instance message store
-=============================
+=================================
 Presently this topic is more pertinent to sites running Cyrus, but
 may be a factor with other applications as well.
 Since 1.6.22, Cyrus has had the feature that if a message containing
-multiple recipients is received via the LMTP protocol, and all these
+multiple recipients is received via the LMTP protocol, and all
-recipients were on the same Cyrus partition, only one instance of
+these recipients were on the same Cyrus partition, only one instance
-this message would be written to the file system.  The other
+of this message would be written to the file system.  The other
 recipients would then see a hard link of this single instance.
-Depending on your user base, this can be considerable motivation to
+Depending on your user base, this can be considerable motivation
-using LMTP. 
+to using LMTP.
-However, there is a catch: currently the Postfix local delivery
+However, there is a catch: the Postfix local delivery agent is
-mechanisms are only designed to handle one recipient at a time, which
+designed to deliver one recipient at a time, which in most cases
-in most cases is more than adequate.  So, if you wish to support
+is more than adequate.  So, if you wish to support single instance
-single instance message store delivery, you will have to use a
+message store delivery, you will have to use a virtual table to
-transport table to map these users to the appropriate LMTP
+map these users to the appropriate LMTP destination (at the time
-destination.
+of writing, the Postfix transport table supports only per-domain
 routing, and not per-recipient routing).
-While the simplest thing to do would be to list the entire domain in
+While the simplest thing to do would be to list the entire domain
-the transport map for LMTP delivery, this by-passes alias expansion
+in the transport map for LMTP delivery, this by-passes alias
-for otherwise local addresses.  If the site is to run software via
+expansion for otherwise local addresses (see section 5.1, delivery
-aliases, like most Mailing List Management (MLM) software, a more
+mechanism 2).  If the site is to run software via aliases, like
-complex solution is required.  Fortunately, a virtual table should do
+most Mailing List Management (MLM) software, a more complex solution
-the trick.
+is required.  A virtual table should do the trick.
 As an example, suppose we wanted to support single instance message
-store delivery for the domain "example.org".  The configuration files
+store delivery for the hosted (not local) domain "example.org".
-for this domain could look something like this:
+The configuration files for this domain could look something like
 this:
    /etc/postfix/virtual:
@@ -287,16 +343,17 @@ for this domain could look something like this:
 Breaking things down, we begin with the address "mlist@example.org",
 which represents a mailing list.  By placing an entry in the virtual
 map to direct this mail to "mlist@localhost", we can override the
-transport map that would by default route all "@example.org" mail to
+transport map that would by default route all "@example.org" mail
-a LMTP server via a UNIX-domain socket.
+to a LMTP server via a UNIX-domain socket.
-To summarize, all mail that is to be processed by an alias entry must 
+To summarize, all mail that is to be processed by an alias entry
-first be diverted with a virtual table entry so that it does not fall 
+must first be diverted with a virtual table entry so that it does
-into the more general routing established by the transport table.
+not fall into the more general routing established by the transport
 table.
-Improving connection caching performance
+9 - Improving connection caching performance
-========================================
+============================================
 After delivering a message via LMTP, Postfix will keep the connection
 open for a while, so that it can be reused for a subsequent delivery.
@@ -309,7 +366,7 @@ one LMTP server. However, if you run multiple LMTP servers, this
 can be an issue.
 You can prevent the LMTP client from switching between servers by
-configuring a separate mail delivery transport for each LMTP server:
+configuring a separate LMTP delivery transport for each LMTP server:
    /etc/postfix/master.cf:
@@ -327,8 +384,8 @@ mail lmtp2 transport for the LMTP server #2, and so on.
        bar.com lmtp2:lmtp2host
-Appendix: Older Cyrus versions
+10 - Appendix: Older Cyrus versions
-==============================
+===================================
 First of all, if you are using a Cyrus 2.x version prior to 2.0.10,
 it would be good to upgrade.  The previous 2.x releases were beta
@@ -407,14 +464,3 @@ you will notice the one significant difference with the Postfix
 configuration is the lack of mention of the UNIX-domain sockets.
 That is because delivery over UNIX-domain sockets is new with Cyrus
 2.x, yet another reason to upgrade.  :-)
 # Local Variables:
 # mode: text
 # mode: flyspell
 # fill-column: 69
 # End:
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,5 +1,44 @@
-Apart from bugfixes this is expected to become the first non-beta
+Incompatible changes with snapshot-20010222
-Postfix release.
+===========================================
 The incoming and deferred queue directories are now hashed by
 default.  This improves the performance considerably under heavy
 load, at the cost of a small but noticeable slowdown when one runs
 "mailq" on an unloaded system.
 Postfix no longer automatically delivers recipients one at a time
 when their domain is listed in $mydestination.  This change solves
 delivery performance problems with delivery via LMTP, and with
 firewall relays that forward all mail for $mydestination to an
 inside host.
 The "one recipient at a time" delivery behavior is now controlled
 by the per-transport recipient limit (xxx_destination_recipient_limit,
 where xxx is the name of the delivery mechanism).  This parameter
 controls the number of recipients that can be sent in one delivery
 (surprise).
 The setting of the per-transport recipient limit also controls the
 meaning of the per-transport destination concurrency limit (named
 xxx_destination_concurrency_limit, where xxx is again the name of
 the delivery mechanism):
 1) When the per-transport recipient limit is 1 (i.e., send one
    recipient per delivery), the per-transport destination concurrency
    limit controls the number of simultaneous deliveries to the
    same recipient.  This is the default behavior for delivery via
    the Postfix local delivery agent.
 2) When the per-transport recipient limit is > 1 (i.e., send
    multiple recipients per delivery), the per-transport destination
    concurrency limit controls the number of simultaneous deliveries
    to the same domain.  This is the default behavior for all other
    Postfix delivery agents.
 The default settings are:  local_destination_recipient_limit = 1,
 local_destination_concurrency_limit = 2. Other delivery transports
 have default recipient limits (50) and have default per-destination
 concurrency limits (10).
 Major changes with snapshot-20010202
 ====================================
--- a/postfix/TODO
+++ b/postfix/TODO
@@ -7,55 +7,30 @@ expanded via :include:).
 postconf -f filename
-more general relocated feature - perhaps better to bounce recipients
+get rid of the relocated feature - perhaps better to bounce recipients
 at the SMTP port.
 use $mydomain when hostname is not FQDN.
 generic daemon that listens on fifo and runs command
 make sendmail/smtpd/cleanup output directory/fifo configurable
 if postdrop scrutinizes input, skip the overhead in the pickup
 daemon.
 luser relay
 add a threshold to sendmail etc. stderr logging, so that class
 "info" messages don't go to stderr.
 need a configurable mailbox locking method with system-specific
 default, so people don't have to recompile just to turn of fcntl()
 locks to work around SUN mailtool.
 implement an UCE control to accept mail if the sender domain sender
 lists us as MX host (rafal wiosna). By the same token, implement
 a control to accept mail when the client hostname/parent domain
 lists us as their MX host.
 with recipient delimiter enabled, append the unmatched recipient
 of @virtual.domain patterns as extension to right-hand recipient,
 for qmail-like virtual mapping.
 received: headers should be generated by the cleanup daemon, and
 client attributes ("with", "from", etc.) should be passed along
 with the message. This guarantees that forwarded/aliased mail gets
 stamped with the queue ID.
 trivial-rewrite etc.: after reload, close the listen socket and
 wait until all clients disconnect.
 In qmgr_entry.c, turn off random walk by default.
 toss double-bounce mail even when mail for the local machine is
 redirected to another box. See mail_addr_double_bounce().
 represent peer as object, not as name + addr arguments
 ignore sender: header when different from envelope?
 smtp client: optionally log every MX host contacted
 remote showq access (cookie in maildrop or print some text to inform
 the user)
@@ -63,48 +38,23 @@ defer: explain mail was bounced after N days
 multiple rewrite processes?
 log relay address in addition to host.
 gethostbyaddr() uses native name services, which can be slow.
 can we detect a client that ignores error responses?
 way to block inbound mail based on recipient suffix?
 when client begins with non-SMTP data, log warning
 when non-SMTP follows ".", log warning.
 On linux syslogd needs -/file/name
 can Postfix implement one switchboard instead of having all these
 little lookup tables?
 make canonical/virtual/etc. table lookup order configurable
 allow /file/name or maptype_mapname in $mydestination
 make protocol errors soft errore? There are a lot of broken mailers
 out there that sometimes croak and sometimes work.
 require @ in sender/rcpt (another restriction)
 figure out a way to pump recipients into qmgr before concurrency
 starts to drop.
 pass on client etc/ attributes along with message to delivery agent
 pass on configurable info into external process environment
 scrutinize file opens in delivery agents just like in qmgr (better:
 open the file and see if someone compromised the vmailer account
 and is racing against us).
 cleanup: don't run out of memory with large amounts of bcc addresses
 cleanup: permit non-empty extra segment, so that mail posting
 software can pass in bcc recipients.
 suspend/resume signals + master status (suspended/running) in PID
 file.  Maybe use FIFO instead. But, that means requests do not
 arrive when the master is stuck.
@@ -134,24 +84,9 @@ access.
 trivial-rewrite: optionally, use DNS to fully qualify hostnames.
 smtp: optionally deal with MX records containing an address instead
 of a name.
 pickup/cleanup/qmgr/local: add options record to control internal
 features such as canonical/virtual mapping, VERPs etcetera.
 smtpd: when deciding if a destination is local, also look at the
 virtual map. Perhaps we should move canonical and virtual lookups
 back into the rewrite service, but under a different name, so they
 do not get in the way if we do not want them.
 Queue manager: do not allocate queue slots when a destination
 already has more than some threshold. This is to prevent a dead or
 slow destination from filling up the queue manager's active queue,
 preventing delivery to other destinations. However, such `fairness'
 strategies should not cause Postfix to lose the benchmark race, so
 we must be fair and smart at the same time :-)
 Add hook for (domain, user database) support. This is needed if
 you have lots of real domains and can't afford a separate master.cf
 delivery agent entry for each domain.
@@ -159,9 +94,6 @@ delivery agent entry for each domain.
 Add support for DBZ databases, using the code from INN. Reportedly,
 GDB handles large numbers of keys poorly.
 Make the number of time bits in the queue ID configurable, or at
 least a little larger.
 Change the front-end to cleanup protocol so that the front-end
 sends the expected message size, and so that the cleanup service
 can report if there is enough space. This is useful only for the
@@ -196,40 +128,11 @@ postfix-script: detect and/or build missing alias database. In
 order to do this we must extract the alias_maps parameter from the
 main.cf file, and create any missing files with the right ownerships.
 SunOS 5.4 sendmail seems to include the null byte in alias keys
 and values, like almost every UNIX system; SunOS 5.5 sendmail does
 not include these nulls.  Need to add support for SunOS 5.4.  NIS
 alias maps always include the null terminator...
 implement the return-receipt-to notification service.
 Implement real address rewriting.
 default alias for mail to non-existent users. How useful is this
 when the postmaster already gets notices of mail that could not be
 delivered by the local mail system? And how do we pass around the
 original envelope recipient once it has been "aliased" to the
 address for non-existent users?
 owner-default alias to capture all mailing list errors.  Or perhaps
 they should just set up the appropriate owner-foo aliases in their
 alias database?
 make mail_params module the main config interface; no calls from
 config.c to routines in mail_params.c
 resolve/rewrite clients should share connection
 postfix-script: make sure permissions of queue (and anything below)
 are sane.
 bounce/defer: provide attribute-value interface, for better logging
 (expanded-from etc.) and non-delivery reports.
 Postfix-Options: header, to turn on qmail-like VERPs. But, these
 must be accessible only for locally-posted mail (not mail that
 arrives via UUCP).
 Maintain per-client short-term host status, so we can slow down
 unreasonable clients
@@ -248,27 +151,10 @@ True ETRN means kick the host out of the queue manager's "dead
 hosts" table & move mail from the "hold" queue for that site to
 the incoming queue.
 Option to make a copy of all mail passing through the mail system.
 The message ID is built by concatenating the time of day in seconds
 with the queue id. We must ensure that a queue id is unique for at
 least one second, otherwise multiple messages will have the same
 message ID. Queue ids will always collide after a while. The NFS
 generation number for the queue file would be useful, but there is
 no portable interface to get it, and we cannot depend on the system
 having NFS support enabled.  If a 1-microsecond resolution is
 sufficient, we could compose the queue ID from the inode number
 plus 6 decimal digits or 5 hex ones for the time in microseconds.
 Or, use a smarter encoding with more bits per character.
 postfix-script: make sure that each queue file matches its file id
 or we might lose mail.
 postfix-script: do database fixups as the unprivileged user
 Put a version file in the conf directory or add option to vmail
 control command to print the version (requires vmconf tool that
 can query main.cf.).
 Maintain a pool of pre-allocated queue files, to eliminate file
 creation and deletion overhead.
--- a/postfix/VIRTUAL_README
+++ b/postfix/VIRTUAL_README
@@ -8,6 +8,10 @@ Purpose of this software
 You can use the virtual delivery agent for mailbox delivery of some
 or all domains that are handled by a machine.
 This mechanism is different from virtual domains that are implemented
 by translating each virtual address into a real local user. For
 that, see the virtual(5) manual page.
 This is what Andrew McNamara wrote when he made the virtual delivery
 agent available.
@@ -16,12 +20,12 @@ It looks up the location, uid and gid of user mailboxes via separate
 maps, and the mailbox location map can specify either mailbox or
 maildir delivery (controlled by trailing slash on mailbox name).
-The agent does not support aliases or .forwards (use the virtual
+The agent does not support user+foo address extensions, aliases or
-table instead), and therefore doesn't support file or program
+.forward files (use the virtual table instead), and therefore
-aliases. This choice was made to simplify and streamline the code
+doesn't support file or program aliases. This choice was made to
-(it allowed me to dispense with 70% of local's code - mostly the
+simplify and streamline the code (it allowed me to dispense with
-bits that are a security headache) - if you need this functionality,
+70% of local's code - mostly the bits that are a security headache)
-this agent isn't for you.
+- if you need this functionality, this agent isn't for you.
 It also doesn't support writing to a common spool as root and then
 chowning the mailbox to the user - I felt this functionality didn't
@@ -30,8 +34,7 @@ fit with my overall aims."
 [End of Andrew McNamara's words]
 The result is the most secure local delivery agent that you will
-find with Postfix. All deliveries are done with the privileges of
+find with Postfix.
 the recipient.
 This delivery agent requires three different lookup tables in order
 to define its recipients. This is because Postfix table lookups
@@ -61,7 +64,8 @@ virtual_mailbox_maps
    If a recipient is not found the mail is returned to the sender.
-    For security reasons, regexp maps are not allowed here.
+    For security reasons, regexp maps are not allowed here, because
    their $1 etc. substitutions would open a security hole.
    The mail administrator is expected to create and chown recipient
    mailbox files or maildir directories ahead of time.
@@ -77,14 +81,16 @@ virtual_uid_maps
    Recipients are looked up in this map to determine the UID (owner
    privileges) to be used when writing to the target mailbox.
-    For security reasons, regexp maps are not allowed here.
+    For security reasons, regexp maps are not allowed here, because
    their $1 etc. substitutions would open a security hole.
 virtual_gid_maps
    Recipients are looked up in this map to determine the GID (group
    privileges) to be used when writing to the target mailbox.
-    For security reasons, regexp maps are not allowed here.
+    For security reasons, regexp maps are not allowed here, because
    their $1 etc. substitutions would open a security hole.
 virtual_mailbox_lock
@@ -107,8 +113,9 @@ Example 1: using the virtual delivery agent for all local mail
 ==============================================================
 This example does not use the Postfix local delivery agent at all.
-With this configuration Postfix does no alias expansion, no .forward
+With this configuration Postfix does no user+foo address extension,
-file expansion, and no lookups of recipients in /etc/passwd.
+no alias expansion, no .forward file expansion, and no lookups of
 recipients in /etc/passwd.
 Instead of "hash" specify "dbm" or "btree", depending on your system
 type.  The command "postconf -m" displays possible lookup table
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -115,14 +115,67 @@ mail_owner = postfix
 # a name matches a lookup key.  Continue long lines by starting the
 # next line with whitespace.
 #
 # DO NOT LIST VIRTUAL DOMAINS HERE. LIST THEM IN THE VIRTUAL FILE
 # INSTEAD. BE SURE TO READ THE ENTIRE VIRTUAL MANUAL PAGE.
 #
 #mydestination = $myhostname, localhost.$mydomain
 #mydestination = $myhostname, localhost.$mydomain $mydomain
 #mydestination = $myhostname, localhost.$mydomain, $mydomain,
 #	mail.$mydomain, www.$mydomain, ftp.$mydomain
 # RELAY CONTROL
 # The mynetworks parameter specifies the list of networks that make
 # up the local neighborhood. The list is used by the anti-UCE software
 # to distinguish local clients from strangers. See permit_mynetworks
 # and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
 #
 # The default is a list of all networks attached to the machine:  a
 # complete class A network (X.0.0.0/8), a complete class B network
 # (X.X.0.0/16), and so on.
 # 
 # YOU MUST CHANGE THIS DEFAULT SETTING IF YOUR ADDRESS BLOCK IS PART
 # OF A LARGER ADDRESS RANGE THAT IS OWNED BY YOUR PROVIDER - IT WOULD
 # CAUSE POSTFIX TO RELAY MAIL FROM ALL THEIR CUSTOMERS.
 # 
 # If you need stricter control than the default, specify a list of
 # network/mask patterns, where the mask specifies the number of bits
 # in the network part of a host address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here.
 #
 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
 #mynetworks = $config_directory/mynetworks
 # The relay_domains parameter restricts what clients this mail system
 # will relay mail from, or what destinations this system will relay
 # mail to.  See the smtpd_recipient_restrictions restriction in the
 # file sample-smtpd.cf for detailed information.
 #
 # By default, Postfix relays mail
 # - from "trusted" clients whose IP address matches $mynetworks, 
 # - from "trusted" clients matching $relay_domains or subdomains thereof,
 # - from untrusted clients to destinations that match $relay_domains
 #   or subdomains thereof, except addresses with sender-specified routing.
 # The default relay_domains value is $mydestination.
 # 
 # In addition to the above, the Postfix SMTP server by default accepts mail
 # that Postfix is final destination for:
 # - destinations that match $inet_interfaces,
 # - destinations that match $mydestination
 # - destinations that match $virtual_maps.
 # These destinations do not need to be listed in $relay_domains.
 # 
 # Specify a list of hosts or domains, /file/name patterns or type:name
 # lookup tables, separated by commas and/or whitespace.  Continue
 # long lines by starting the next line with whitespace. A file name
 # is replaced by its contents; a type:name table is matched when a
 # (parent) domain appears as lookup key.
 #
 # NOTE: Postfix will not automatically forward mail for domains that
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction in the file sample-smtpd.cf.
 #
 #relay_domains = $mydestination
 # INTERNET OR INTRANET
 # The relayhost parameter specifies the default host to send mail to
@@ -322,53 +375,6 @@ mail_owner = postfix
 #header_checks = regexp:/etc/postfix/filename
 #header_checks = pcre:/etc/postfix/filename
 # The relay_domains parameter restricts what clients this mail system
 # will relay mail from, or what destinations this system will relay
 # mail to.  See the smtpd_recipient_restrictions restriction in the
 # file sample-smtpd.cf.
 #
 # By default, Postfix relays mail
 # - from trusted clients whose IP address matches $mynetworks, 
 # - from trusted clients matching $relay_domains or subdomains thereof,
 # - from untrusted clients to destinations that match $relay_domains
 #   or subdomains thereof, except addresses with sender-specified routing.
 # The default relay_domains value is $mydestination.
 # 
 # In addition to the above, the Postfix SMTP server by default accepts mail
 # that Postfix is final destination for:
 # - destinations that match $inet_interfaces,
 # - destinations that match $mydestination
 # - destinations that match $virtual_maps.
 # These destinations do not need to be listed in $relay_domains.
 # 
 # Specify a list of hosts or domains, /file/name patterns or type:name
 # lookup tables, separated by commas and/or whitespace.  Continue
 # long lines by starting the next line with whitespace. A file name
 # is replaced by its contents; a type:name table is matched when a
 # (parent) domain appears as lookup key.
 #
 # NOTE: Postfix will not automatically forward mail for domains that
 # list this system as their primary or backup MX host. See the
 # permit_mx_backup restriction in the file sample-smtpd.cf.
 #
 #relay_domains = $mydestination
 # The mynetworks parameter specifies the list of networks that are
 # local to this machine.  The list is used by the anti-UCE software
 # to distinguish local clients from strangers. See permit_mynetworks
 # and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
 #
 # The default is a list of all networks attached to the machine:  a
 # complete class A network (X.0.0.0/8), a complete class B network
 # (X.X.0.0/16), and so on. If you want stricter control, specify a
 # list of network/mask patterns, where the mask specifies the number
 # of bits in the network part of a host address. You can also specify
 # the absolute pathname of a pattern file instead of listing the
 # patterns here.
 #
 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
 #mynetworks = $config_directory/mynetworks
 # FAST ETRN SERVICE
 #
 # Postfix maintains per-destination logfiles with information about
--- a/postfix/conf/postfix-script-nosgid
+++ b/postfix/conf/postfix-script-nosgid
@@ -145,7 +145,9 @@ reload)
 		exit 1
 	}
 	$INFO refreshing the Postfix mail system
 	$command_directory/postsuper active || exit 1
 	kill -HUP `sed 1q pid/master.pid`
 	$command_directory/postsuper &
 	;;
 flush)
@@ -252,7 +254,8 @@ EOF
 	# See if all queue files are in the right place.
-	$command_directory/postsuper || exit 1
+	$command_directory/postsuper active
 	$command_directory/postsuper &
 	find corrupt -type f -exec $WARN damaged message: {} \;
--- a/postfix/conf/postfix-script-sgid
+++ b/postfix/conf/postfix-script-sgid
@@ -145,7 +145,9 @@ reload)
 		exit 1
 	}
 	$INFO refreshing the Postfix mail system
 	$command_directory/postsuper active || exit 1
 	kill -HUP `sed 1q pid/master.pid`
 	$command_directory/postsuper &
 	;;
 flush)
@@ -253,8 +255,8 @@ EOF
 	# See if all queue files are in the right place.
-
+	$command_directory/postsuper active
-	$command_directory/postsuper || exit 1
+	$command_directory/postsuper &
 	find corrupt -type f -exec $WARN damaged message: {} \;
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@@ -26,6 +26,8 @@
 <li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
 <li><a href="#moby">Running hundreds of Postfix processes</a>
 <li><a href="#performance">Postfix performance</a>
 <li><a href="#receiving">Receiving mail via the network</a>
@@ -99,8 +101,28 @@ distribution list</a>
 </ul>
 <a name="moby"><h3>Running hundreds of Postfix processes</h3>
 <ul>
 <li><a href="#moby-freebsd">Running hundreds of Postfix processes on FreeBSD</a>
 <li><a href="#moby-linux">Running hundreds of Postfix processes on Linux</a>
 </ul>
 <a name="performance"><h3>Postfix performance</h3>
 <ul>
 <li><a href="#incoming">Too much mail in the incoming queue</a>
 <li><a href="#delay">Postfix responds slowly to incoming SMTP connections</a>
 </ul>
 <ul>
 <li><a href="#incoming">Too much mail in the incoming queue</a>
@@ -486,31 +508,39 @@ execute the command <b>postconf mail_version</b>.
 <p>
 How to set up Postfix on the firewall machine so that it relays
-mail for <i>my.domain</i> to a gateway machine on the inside, and
+mail for <i>domain.com</i> to a gateway machine on the inside, and
-so that it refuses mail for <i>*.my.domain</i>? The problem is that
+so that it refuses mail for <i>*.domain.com</i>? The problem is that
-the standard <a href="uce.html#relay_domains">relay_domains</a>
+the default <a href="uce.html#relay_domains">relay_domains</a>
-mail relaying restriction allows mail to <i>*.my.domain</i> when
+mail relaying restriction allows mail to <i>*.domain.com</i> when
-you specify <i>my.domain</i>.
+you specify <i>domain.com</i>.
 <p>
 <ul>
-<li>Specify a null <a href="uce.html#relay_domains">relay_domains</a>
+<li>Specify a <a href="transport.5.html">transport</a> table to
-parameter plus a <a href="transport.5.html">transport</a> table to
+route mail for <i>domain.com</i> to the inside machine.
-route mail for <i>my.domain</i> to the inside machine:
+
 <p>
 Specify explicit settings for <a
 href="uce.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
 and for <a href="basic.html#mynetworks">mynetworks</a> that allow
 local systems to send mail anywhere, and that allow remote systems
 to send mail only to <i>user@domain.com</i>.
 <p>
 <pre>
 /etc/postfix/main.cf:
-    mydestination = $myhostname, my.domain, localhost.my.domain
+    myorigin = domain.com
-    relay_domains =
+    mydestination = domain.com
    transport_maps = hash:/etc/postfix/transport
    mynetworks = 12.34.56.0/24
    smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
 /etc/postfix/transport:
-    my.domain   smtp:inside-gateway.my.domain   (forwards user@domain)
+    domain.com   smtp:inside-gateway.domain.com   (forwards user@domain)
    .my.domain  smtp:inside-gateway.my.domain   (forwards user@firewall)
 /etc/postfix/master.cf:
    Comment out the local delivery agent
@@ -806,6 +836,81 @@ delivery agent deals with undeliverable mail.
 <hr>
 <a name="moby-freebsd"><h3>Running hundreds of Postfix processes on FreeBSD</h3></a>
 With hundreds of Postfix processes, the kernel will eventually
 run out of file handles; after that, it will run out of sockets.
 <p>
 To set kernel parameters at boot time, add the following lines to
 the <b>/boot/loader.conf</b> file (this is specific to FreeBSD 4.x):
 <p>
 <blockquote>
 <pre>
 kern.ipc.maxsockets="5000"
 kern.maxfiles="16384"
 kern.maxfilesperproc="16384"
 kern.ipc.nmbclusters="65536"
 </pre>
 </blockquote>
 <p>
 To set kernel parameters at run time execute the following commands
 as root (this is specific to FreeBSD 4.x):
 <p>
 <blockquote>
 <pre>
 # sysctl -w kern.ipc.maxsockets=5000
 # sysctl -w kern.maxfiles=16384
 # sysctl -w kern.maxfilesperproc=16384
 # sysctl -w kern.ipc.nmbclusters=65536
 </pre>
 </blockquote>
 <hr>
 <a name="moby-linux"><h3>Running hundreds of Postfix processes on Linux</h3></a>
 When you increase the number of Postfix processes into the hundreds,
 the kernel will eventually run out of file handles; after that it
 is likely to run out of process slots.
 <p>
 To set parameters at boot time on Linux systems that have
 <b>/etc/sysctl.conf</b>, add the following lines:
 <p>
 <blockquote>
 <pre>
 fs.file-max = 16384
 kernel.threads-max = 2048
 </pre>
 </blockquote>
 <p>
 To set kernel parameters at run time, execute the following
 commands as <b>root</b>:
 <p>
 <blockquote>
 <pre>
 # echo 16384 > /proc/sys/fs/file-max
 # echo 2048 > /proc/sys/kernel/threads-max
 </pre>
 </blockquote>
 <hr>
 <a name="incoming"><h3>Too much mail in the incoming queue</h3></a>
 <blockquote>
@@ -2398,7 +2503,7 @@ with Postfix and HylaFax. Here's the setup used:
 <pre>
    /etc/postfix/master.cf:
-        fax       unix  -       n       n       -       -       pipe
+        fax       unix  -       n       n       -       1       pipe
            flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
    /etc/postfix/transport:
@@ -2411,6 +2516,12 @@ with Postfix and HylaFax. Here's the setup used:
 <p>
 The process limit of 1 in the <b>master.cf</b> file is necessary
 with fax software that cannot handle multiple requests at the same
 time. It won't hurt otherwise.
 <p>
 The <b>fax_destination_recipient_limit</b> entry (by Simon, Mr.
 Simix) is necessary with fax software that can't have more than
 one destination on its command line. It won't hurt otherwise.
@@ -2423,7 +2534,7 @@ types Postfix supports, use the command <b>postconf -m</b>.
 <p>
-Note: be sure to not advertise <b>fax.your.domain</b> in the DNS...
+Note: be sure to not advertise <b>fax.your.domain</b> in the DNS :-)
 <hr>
@@ -2461,9 +2572,9 @@ Postfix first.
 <p>
-Do not use the above command on a running Postfix system, because
+Do not use the above <b>find</b> command on a running Postfix
-it can delete files that belong to new mail that arrives while you
+system, because it can delete files that belong to new mail that
-are deleting queue files.
+arrives while you are deleting queue files.
 <hr>
--- a/postfix/html/lmtp.8.html
+++ b/postfix/html/lmtp.8.html
@@ -29,19 +29,20 @@ LMTP(8)                                                   LMTP(8)
       specified in the Postfix <a href="transport.5.html"><b>transport</b>(5)</a> table, has the form:
       <b>unix</b>:<i>pathname</i>
-              Connect to the UNIX-domain server that is bound  to
+              Connect to the local  UNIX-domain  server  that  is
-              the   specified   <i>pathname</i>.  If  the  process  runs
+              bound  to  the  specified  <i>pathname</i>. If the process
-              chrooted, an absolute pathname is interpreted rela-
+              runs chrooted, an absolute pathname is  interpreted
-              tive to the changed root directory.
+              relative to the changed root directory.
       <b>inet</b>:<i>host</i>, <b>inet:</b><i>host</i>:<i>port</i> (symbolic host)
       <b>inet</b>:[<i>addr</i>], <b>inet</b>:[<i>addr</i>]:<i>port</i> (numeric host)
              Connect to the specified IPV4 TCP port on the spec-
-              ified host. If no port is specified, connect to the
+              ified local or remote host. If no  port  is  speci-
-              port  defined  as  <b>lmtp</b> in <b>services</b>(4).  If no such
+              fied,  connect  to the port defined as <b>lmtp</b> in <b>ser-</b>
-              service is found, the  <b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b>  configuration
+              <b>vices</b>(4).   If  no  such  service  is  found,   the
-              parameter (default value of 24) will be used.
+              <b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b>   configuration   parameter  (default
              value of 24) will be used.
              The  LMTP  client  does  not   perform   MX   (mail
              exchanger) lookups since those are defined only for
@@ -58,7 +59,6 @@ LMTP(8)                                                   LMTP(8)
 <b>STANDARDS</b>
       <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
       <a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
       <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
@@ -71,6 +71,7 @@ LMTP(8)                                                   LMTP(8)
 LMTP(8)                                                   LMTP(8)
       <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
       <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
       <a href="http://www.faqs.org/rfcs/rfc2197.html">RFC 2197</a> (Pipelining)
       <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
@@ -124,7 +125,6 @@ LMTP(8)                                                   LMTP(8)
       <b>lmtp</b><i>_</i><b>enable</b><i>_</i><b>sasl</b><i>_</i><b>auth</b>
              Enable  per-session  authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
              (SASL).  By default, Postfix is built without  SASL
              support.
@@ -137,6 +137,8 @@ LMTP(8)                                                   LMTP(8)
 LMTP(8)                                                   LMTP(8)
              support.
       <b>lmtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
              Lookup tables with per-host or domain <i>name</i>:<i>password</i>
              entries.  No entry for a host means no  attempt  to
@@ -189,8 +191,6 @@ LMTP(8)                                                   LMTP(8)
       <i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
              Limit the number of parallel deliveries to the same
              destination  via  this  mail  delivery   transport.
              <i>transport</i> is the name of the service  as  specified
              in  the <b>master.cf</b> file.  The default limit is taken
@@ -203,6 +203,8 @@ LMTP(8)                                                   LMTP(8)
 LMTP(8)                                                   LMTP(8)
              <i>transport</i>  is  the name of the service as specified
              in the <b>master.cf</b> file.  The default limit is  taken
              from    the   <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
              parameter.
@@ -254,8 +256,6 @@ LMTP(8)                                                   LMTP(8)
              Timeout for  sending  the  <b>DATA</b>  command,  and  for
              receiving the server response.
       <b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
              Timeout for sending the message content.
@@ -269,6 +269,9 @@ LMTP(8)                                                   LMTP(8)
 LMTP(8)                                                   LMTP(8)
       <b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
              Timeout for sending the message content.
       <b>lmtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
              Timeout  for  sending  the  "<b>.</b>"  command,  and  for
              receiving the server response. When no response  is
@@ -323,9 +326,6 @@ LMTP(8)                                                   LMTP(8)
                                                                5
--- a/postfix/html/local.8.html
+++ b/postfix/html/local.8.html
@@ -470,11 +470,13 @@ LOCAL(8)                                                 LOCAL(8)
 <b>Security</b> <b>controls</b>
       <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
              Restrict the usage of  mail  delivery  to  external
-              command.
+              command.   Specify zero or more of: <b>alias</b>, <b>forward</b>,
              <b>include</b>.
       <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
              Restrict the usage of  mail  delivery  to  external
-              file.
+              file.   Specify  zero  or  more of: <b>alias</b>, <b>forward</b>,
              <b>include</b>.
       <b>command</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
              What characters are  allowed  to  appear  in  $name
@@ -522,8 +524,6 @@ LOCAL(8)                                                 LOCAL(8)
                                                                8
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -218,7 +218,7 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
 		RANLIB=echo
 		SYSLIBS="-lresolv -lsocket -lnsl"
 		;;
-Rhapsody.5*|Darwin.1.2*)
+Rhapsody.5*|Darwin.1.*)
 		SYSTYPE=RHAPSODY5
 		# Use the native compiler by default
 		: ${CC=cc}
--- a/postfix/man/man8/lmtp.8
+++ b/postfix/man/man8/lmtp.8
@@ -27,14 +27,14 @@ The LMTP client connects to the destination specified in the message
 delivery request. The destination, usually specified in the Postfix
 \fBtransport\fR(5) table, has the form:
 .IP \fBunix\fR:\fIpathname\fR
-Connect to the UNIX-domain server that is bound to the specified
+Connect to the local UNIX-domain server that is bound to the specified
 \fIpathname\fR. If the process runs chrooted, an absolute pathname
 is interpreted relative to the changed root directory.
 .IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
 .IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
-Connect to the specified IPV4 TCP port on the specified host. If no
+Connect to the specified IPV4 TCP port on the specified local or
-port is specified, connect to the port defined as \fBlmtp\fR in
+remote host. If no port is specified, connect to the port defined as
-\fBservices\fR(4).
+\fBlmtp\fR in \fBservices\fR(4).
 If no such service is found, the \fBlmtp_tcp_port\fR configuration
 parameter (default value of 24) will be used.
--- a/postfix/man/man8/local.8
+++ b/postfix/man/man8/local.8
@@ -384,8 +384,10 @@ Set to zero to disable the limit.
 .fi
 .IP \fBallow_mail_to_commands\fR
 Restrict the usage of mail delivery to external command.
 Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
 .IP \fBallow_mail_to_files\fR
 Restrict the usage of mail delivery to external file.
 Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
 .IP \fBcommand_expansion_filter\fR
 What characters are allowed to appear in $name expansions of
 mailbox_command. Illegal characters are replaced by underscores.
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -617,7 +617,7 @@ extern int var_debug_peer_level;
  * subdirectories, and how deep the forest is.
  */
 #define VAR_HASH_QUEUE_NAMES	"hash_queue_names"
-#define DEF_HASH_QUEUE_NAMES	"active,bounce,defer,flush"
+#define DEF_HASH_QUEUE_NAMES	"incoming,active,deferred,bounce,defer,flush"
 extern char *var_hash_queue_names;
 #define VAR_HASH_QUEUE_DEPTH	"hash_queue_depth"
@@ -1048,7 +1048,7 @@ extern int var_unk_client_code;
 #define REJECT_INVALID_HOSTNAME	"reject_invalid_hostname"
 #define VAR_BAD_NAME_CODE	"invalid_hostname_reject_code"
-#define DEF_BAD_NAME_CODE	501
+#define DEF_BAD_NAME_CODE	501	/* SYNTAX */
 extern int var_bad_name_code;
 #define REJECT_UNKNOWN_HOSTNAME	"reject_unknown_hostname"
@@ -1060,7 +1060,7 @@ extern int var_unk_name_code;
 #define REJECT_NON_FQDN_SENDER	"reject_non_fqdn_sender"
 #define REJECT_NON_FQDN_RCPT	"reject_non_fqdn_recipient"
 #define VAR_NON_FQDN_CODE	"non_fqdn_reject_code"
-#define DEF_NON_FQDN_CODE	504
+#define DEF_NON_FQDN_CODE	504	/* POLICY */
 extern int var_non_fqdn_code;
 #define REJECT_UNKNOWN_SENDDOM	"reject_unknown_sender_domain"
@@ -1201,10 +1201,6 @@ extern char *var_virt_uid_maps;
 #define DEF_VIRT_GID_MAPS		""
 extern char *var_virt_gid_maps;
 #define VAR_VIRT_USEDOTLOCK		"virtual_usedotlock"
 #define DEF_VIRT_USEDOTLOCK		0
 extern bool var_virt_usedotlock;
 #define VAR_VIRT_MINUID			"virtual_minimum_uid"
 #define DEF_VIRT_MINUID			100
 extern int var_virt_minimum_uid;
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
  * Version of this program.
  */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20010204"
+#define DEF_MAIL_VERSION	"Snapshot-20010222"
 extern char *var_mail_version;
 /* LICENSE
--- a/postfix/src/lmtp/lmtp.c
+++ b/postfix/src/lmtp/lmtp.c
@@ -21,14 +21,14 @@
 /*	delivery request. The destination, usually specified in the Postfix
 /*	\fBtransport\fR(5) table, has the form:
 /* .IP \fBunix\fR:\fIpathname\fR
-/*	Connect to the UNIX-domain server that is bound to the specified
+/*	Connect to the local UNIX-domain server that is bound to the specified
 /*	\fIpathname\fR. If the process runs chrooted, an absolute pathname
 /*	is interpreted relative to the changed root directory.
 /* .IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
 /* .IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
-/*	Connect to the specified IPV4 TCP port on the specified host. If no
+/*	Connect to the specified IPV4 TCP port on the specified local or
-/*	port is specified, connect to the port defined as \fBlmtp\fR in
+/*	remote host. If no port is specified, connect to the port defined as
-/*	\fBservices\fR(4).
+/*	\fBlmtp\fR in \fBservices\fR(4).
 /*	If no such service is found, the \fBlmtp_tcp_port\fR configuration
 /*	parameter (default value of 24) will be used.
 /*
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@@ -356,8 +356,10 @@
 /* .fi
 /* .IP \fBallow_mail_to_commands\fR
 /*	Restrict the usage of mail delivery to external command.
 /*	Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
 /* .IP \fBallow_mail_to_files\fR
 /*	Restrict the usage of mail delivery to external file.
 /*	Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
 /* .IP \fBcommand_expansion_filter\fR
 /*	What characters are allowed to appear in $name expansions of
 /*	mailbox_command. Illegal characters are replaced by underscores.
@@ -637,7 +639,7 @@ static void pre_init(char *unused_name, char **unused_argv)
     * also affects delivery to command.
     * 
     * A file size limit protects the machine against runaway software errors.
-     * It is not suitable to enfoce mail quota, because users can get around
+     * It is not suitable to enforce mail quota, because users can get around
     * mail quota by delivering to /file/name or to |command.
     * 
     * We can't have mailbox size limit smaller than the message size limit,
--- a/postfix/src/nqmgr/qmgr_deliver.c
+++ b/postfix/src/nqmgr/qmgr_deliver.c
@@ -126,9 +126,10 @@ static int qmgr_deliver_send_request(QMGR_ENTRY *entry, VSTREAM *stream)
    char   *cp;
    /*
-     * With local delivery, the queue name is user@nexthop, so that we can
+     * With mail transports that accept only one recipient per delivery, the
-     * implement per-recipient concurrency limits. The delivery agent
+     * queue name is user@nexthop, so that we can implement per-recipient
-     * protocol expects nexthop only.
+     * concurrency limits. However, the delivery agent protocol expects
     * nexthop only, so we must strip off the recipient local part.
     */
    mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
 	  message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,
--- a/postfix/src/nqmgr/qmgr_message.c
+++ b/postfix/src/nqmgr/qmgr_message.c
@@ -670,8 +670,11 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	/*
 	 * Queues are identified by the transport name and by the next-hop
-	 * hostname. When the destination is local (no next hop), derive the
+	 * hostname. When the delivery agent accepts only one recipient per
-	 * queue name from the recipient name. XXX Should split the address
+	 * delivery, give each recipient its own queue, so that deliveries to
 	 * different recipients of the same message can happen in parallel.
 	 * This also has the benefit that one bad recipient cannot interfere
 	 * with deliveries to other recipients. XXX Should split the address
 	 * on the recipient delimiter if one is defined, but doing a proper
 	 * job requires knowledge of local aliases. Yuck! I don't want to
 	 * duplicate delivery-agent specific knowledge in the queue manager.
@@ -679,23 +682,27 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 * queue name. Should have separate fields for queue name and for
 	 * destination.
 	 */
-	if ((at = strrchr(STR(reply.recipient), '@')) == 0
+	at = strrchr(STR(reply.recipient), '@');
-	    || resolve_local(at + 1)) {
+	len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
-	    len = (at != 0 ? (at - STR(reply.recipient))
+
-		   : strlen(STR(reply.recipient)));
+	if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
 	    transport = qmgr_transport_create(STR(reply.transport));
 	if (transport->recipient_limit == 1) {
 	    VSTRING_SPACE(reply.nexthop, len + 1);
 	    memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
 		    LEN(reply.nexthop) + 1);
 	    memcpy(STR(reply.nexthop), STR(reply.recipient), len);
 	    STR(reply.nexthop)[len] = '@';
 	    lowercase(STR(reply.nexthop));
 	}
 	/*
 	 * Discard mail to the local double bounce address here, so this
-	     * system can run without a local delivery agent. They'd still
+	 * system can run without a local delivery agent. They'd still have
-	     * have to configure something for mail directed to the local
+	 * to configure something for mail directed to the local postmaster,
-	     * postmaster, though, but that is an RFC requirement anyway.
+	 * though, but that is an RFC requirement anyway.
 	 */
 	if (at == 0 || resolve_local(at + 1)) {
 	    if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
 			    len) == 0
 		&& !var_double_bounce_sender[len]) {
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -291,8 +291,6 @@ static int parse_callback(int type, VSTRING *buf, char *context)
 	    *expand_flag |= PIPE_FLAG_EXTENSION;
 	else if (strcmp(vstring_str(buf), PIPE_DICT_MAILBOX) == 0)
 	    *expand_flag |= PIPE_FLAG_MAILBOX;
 	else if (strcmp(vstring_str(buf), PIPE_DICT_SIZE) == 0)
 	    *expand_flag |= PIPE_FLAG_SIZE;
    }
    return (0);
 }
@@ -397,14 +395,6 @@ static ARGV *expand_argv(char **argv, RECIPIENT_LIST *rcpt_list, long data_size)
 		    dict_update(PIPE_DICT_TABLE, PIPE_DICT_MAILBOX, STR(buf));
 		}
 		/*
 		 * This argument contains $size.
 		 */
 		if (expand_flag & PIPE_FLAG_SIZE) {
 		    vstring_sprintf(buf, "%ld", data_size);
 		    dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
 		}
 		/*
 		 * Done.
 		 */
@@ -698,6 +688,10 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
    dict_update(PIPE_DICT_TABLE, PIPE_DICT_SENDER, request->sender);
    dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop);
    buf = vstring_alloc(10);
    vstring_sprintf(buf, "%ld", (long) request->data_size);
    dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
    vstring_free(buf);
    expanded_argv = expand_argv(attr.command, rcpt_list, request->data_size);
    export_env = argv_split(var_export_environ, ", \t\r\n");
--- a/postfix/src/qmgr/qmgr_deliver.c
+++ b/postfix/src/qmgr/qmgr_deliver.c
@@ -121,9 +121,10 @@ static int qmgr_deliver_send_request(QMGR_ENTRY *entry, VSTREAM *stream)
    char   *cp;
    /*
-     * With local delivery, the queue name is user@nexthop, so that we can
+     * With mail transports that accept only one recipient per delivery, the
-     * implement per-recipient concurrency limits. The delivery agent
+     * queue name is user@nexthop, so that we can implement per-recipient
-     * protocol expects nexthop only.
+     * concurrency limits. However, the delivery agent protocol expects
     * nexthop only, so we must strip off the recipient local part.
     */
    mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
 	  message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,
--- a/postfix/src/qmgr/qmgr_entry.c
+++ b/postfix/src/qmgr/qmgr_entry.c
@@ -47,7 +47,7 @@
 /*	the queue file to the deferred queue; send bounce reports to the
 /*	message originator (see qmgr_active_done()).
 /*
-/*	qmgr_entry_select() randomly selects one entry from the named
+/*	qmgr_entry_select() selects the next entry from the named
 /*	per-site queue's `todo' list for actual delivery. The entry is
 /*	moved to the queue's `busy' list: the list of messages being
 /*	delivered.
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@@ -550,8 +550,11 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	/*
 	 * Queues are identified by the transport name and by the next-hop
-	 * hostname. When the destination is local (no next hop), derive the
+	 * hostname. When the delivery agent accepts only one recipient per
-	 * queue name from the recipient name. XXX Should split the address
+	 * delivery, give each recipient its own queue, so that deliveries to
 	 * different recipients of the same message can happen in parallel.
 	 * This also has the benefit that one bad recipient cannot interfere
 	 * with deliveries to other recipients. XXX Should split the address
 	 * on the recipient delimiter if one is defined, but doing a proper
 	 * job requires knowledge of local aliases. Yuck! I don't want to
 	 * duplicate delivery-agent specific knowledge in the queue manager.
@@ -559,23 +562,27 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 * queue name. Should have separate fields for queue name and for
 	 * destination.
 	 */
-	if ((at = strrchr(STR(reply.recipient), '@')) == 0
+	at = strrchr(STR(reply.recipient), '@');
-	    || resolve_local(at + 1)) {
+	len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
-	    len = (at != 0 ? (at - STR(reply.recipient))
+
-		   : strlen(STR(reply.recipient)));
+	if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
 	    transport = qmgr_transport_create(STR(reply.transport));
 	if (transport->recipient_limit == 1) {
 	    VSTRING_SPACE(reply.nexthop, len + 1);
 	    memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
 		    LEN(reply.nexthop) + 1);
 	    memcpy(STR(reply.nexthop), STR(reply.recipient), len);
 	    STR(reply.nexthop)[len] = '@';
 	    lowercase(STR(reply.nexthop));
 	}
 	/*
 	 * Discard mail to the local double bounce address here, so this
-	     * system can run without a local delivery agent. They'd still
+	 * system can run without a local delivery agent. They'd still have
-	     * have to configure something for mail directed to the local
+	 * to configure something for mail directed to the local postmaster,
-	     * postmaster, though, but that is an RFC requirement anyway.
+	 * though, but that is an RFC requirement anyway.
 	 */
 	if (at == 0 || resolve_local(at + 1)) {
 	    if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
 			    len) == 0
 		&& !var_double_bounce_sender[len]) {
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@@ -22,7 +22,8 @@ SRCS	= argv.c argv_split.c attr.c basename.c binhash.c chroot_uid.c \
 	stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
 	clean_env.c watchdog.c spawn_command.c duplex_pipe.c sane_rename.c \
 	sane_link.c unescape.c timed_read.c timed_write.c dict_tcp.c \
-	hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c
+	hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c \
 	sane_socketpair.c
 OBJS	= argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
 	close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
 	dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
@@ -46,7 +47,8 @@ OBJS	= argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
 	stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
 	clean_env.o watchdog.o spawn_command.o duplex_pipe.o sane_rename.o \
 	sane_link.o unescape.o timed_read.o timed_write.o dict_tcp.o \
-	hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o
+	hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o \
 	sane_socketpair.o
 HDRS	= argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
 	dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
 	dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
@@ -62,7 +64,7 @@ HDRS	= argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
 	vbuf.h vbuf_print.h vstream.h vstring.h vstring_vstream.h \
 	dict_unix.h dict_pcre.h dict_regexp.h mac_expand.h clean_env.h \
 	watchdog.h spawn_command.h sane_fsops.h dict_tcp.h hex_quote.h \
-	sane_time.h
+	sane_time.h sane_socketpair.h
 TESTSRC	= fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
 	stream_test.c dup2_pass_on_exec.c
 WARN	= -W -Wformat -Wimplicit -Wmissing-prototypes \
@@ -534,6 +536,7 @@ dup2_pass_on_exec.o: dup2_pass_on_exec.c
 duplex_pipe.o: duplex_pipe.c
 duplex_pipe.o: sys_defs.h
 duplex_pipe.o: iostuff.h
 duplex_pipe.o: sane_socketpair.h
 environ.o: environ.c
 environ.o: sys_defs.h
 events.o: events.c
@@ -840,6 +843,10 @@ sane_rename.o: sane_rename.c
 sane_rename.o: sys_defs.h
 sane_rename.o: msg.h
 sane_rename.o: sane_fsops.h
 sane_socketpair.o: sane_socketpair.c
 sane_socketpair.o: sys_defs.h
 sane_socketpair.o: msg.h
 sane_socketpair.o: sane_socketpair.h
 sane_time.o: sane_time.c
 sane_time.o: sys_defs.h
 sane_time.o: msg.h
--- a/postfix/src/util/duplex_pipe.c
+++ b/postfix/src/util/duplex_pipe.c
@@ -34,6 +34,7 @@
 /* Utility library. */
 #include "iostuff.h"
 #include "sane_socketpair.h"
 /* duplex_pipe - give me a duplex pipe or bust */
@@ -42,7 +43,7 @@ int     duplex_pipe(int *fds)
 #ifdef HAS_DUPLEX_PIPE
    return (pipe(fds));
 #else
-    return (socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
+    return (sane_socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
 #endif
 }
--- a/postfix/src/util/sane_socketpair.c
+++ b/postfix/src/util/sane_socketpair.c
@@ -0,0 +1,71 @@
 /*++
 /* NAME
 /*	sane_socketpair 3
 /* SUMMARY
 /*	sanitize socketpair() error returns
 /* SYNOPSIS
 /*	#include <sane_socketpair.h>
 /*
 /*	int	sane_socketpair(domain, type, protocol, result)
 /*	int	domain;
 /*	int	type;
 /*	int	protocol;
 /*	int	*result;
 /* DESCRIPTION
 /*	sane_socketpair() implements the socketpair(2) socket call, and
 /*	skips over silly error results such as EINTR.
 /* BUGS
 /*	Bizarre systems may have other harmless error results. Such
 /*	systems encourage programers to ignore error results, and
 /*	penalizes programmers who code defensively.
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 /* System library. */
 #include "sys_defs.h"
 #include <sys/socket.h>
 #include <unistd.h>
 #include <errno.h>
 /* Utility library. */
 #include "msg.h"
 #include "sane_socketpair.h"
 /* sane_socketpair - sanitize socketpair() error returns */
 int     sane_socketpair(int domain, int type, int protocol, int *result)
 {
    static int socketpair_ok_errors[] = {
 	EINTR,
 	0,
    };
    int     count;
    int     err;
    int     ret;
    /*
     * Solaris socketpair() can fail with EINTR.
     */
    while ((ret = socketpair(domain, type, protocol, result)) < 0) {
 	for (count = 0; /* void */ ; count++) {
 	    if ((err = socketpair_ok_errors[count]) == 0)
 		return (ret);
 	    if (errno == err) {
 		msg_warn("socketpair: %m (trying again)");
 		sleep(1);
 		break;
 	    }
 	}
    }
    return (ret);
 }
--- a/postfix/src/util/sane_socketpair.h
+++ b/postfix/src/util/sane_socketpair.h
@@ -0,0 +1,29 @@
 #ifndef _SANE_SOCKETPAIR_H_
 #define _SANE_SOCKETPAIR_H_
 /*++
 /* NAME
 /*	sane_socketpair 3h
 /* SUMMARY
 /*	sanitize socketpair() error returns
 /* SYNOPSIS
 /*	#include <sane_socketpair.h>
 /* DESCRIPTION
 /* .nf
 /* External interface. */
 extern int sane_socketpair(int, int, int, int *);
 /* LICENSE
 /* .ad
 /* .fi
 /*	The Secure Mailer license must be distributed with this software.
 /* AUTHOR(S)
 /*	Wietse Venema
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
 /*--*/
 #endif