postfix-3.10-20250121-nonprod

2025-08-28 20:57:56 +00:00 · 2025-01-21 00:00:00 -05:00 · 2025-01-21 00:00:00 -05:00 · 34b1f20fa8
commit 34b1f20fa8
parent b800a42bb8
14 changed files with 460 additions and 244 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -28914,22 +28914,75 @@ Apologies for any names omitted.
 	bounce/bounce_one_service.c, bounce/bounce_trace_service.c,
 	bounce/bounce_verp_service.c, bounce/bounce_warn_service.c.
 	Completed: new Postfix sendmail command option "-O requiretls"
 	to request that deliveries over SMTP use the REQUIRETLS
 	extension. The option value "requiretls" is case-insensitive.
 	Files: sendmail/sendmail.c, global/rec_types.h.
 	Cleanup: new Postfix sendmail command option "-O smtputf8"
 	to request that deliveries over SMTP use the SMTPUTF8
 	extension. This reuses logic that was introduced for
 	REQUIRETLS. The option value "smtputf8" is case-insensitive.
 	Files: sendmail/sendmail.c.
 	Cleanup: when message delivery requires that a remote SMTP
 	server supports SMTPUTF8, try multiple MX servers before
 	returning a message as undeliverable. This reuses logic
 	that was introduced for REQUIRETLS. File: smtp/smtp_proto.c.
 TODO:
-	The RFC says that REQUIRETLS applies to LMTP. Dovecot supports
+	What REQUIRETLS expectations can we enforce when delivering
-	TLS, but how common is it for Postfix to verify a Dovecot
+	over a UNIX-domain channel? The SMTP/LMTP client currently
-	server certificate? Should we add a 'cheat' setting that does
+	implements the same behavior as for TCP, except that
-	not enforce REQUIRETLS?
+	opportunistic TLS is converted into 'none'.
-	If a message contains "TLS-Required: no", should a bounce message
+	Document how REQUIRETLS works (or does not) with external
-	also contain this header?
+	content filters.
-	If the Postfix SMTP server accepted REQUIRETLS, should that stay
+	- REQUIRETLS will work with Milter-based content filters.
 	in effect if, before the message is forwarded, the configuration
 	is changed to "requiretls_enable = no"? Same for "postsuper -r".
-	Ditto for "tls_required_enable = no" and "TLS-Required: no".
+	- REQUIRETLS will work with smtpd_proxy_filter as long as
 	  the filter passes the entire Postfix SMTP client's MAIL
 	  FROM command line through the filter to the Postfix SMTP
 	  server after the proxy filter. The Postfix proxy filter
 	  client does not need to see REQUIRETLS (or SMTPUTF8)
 	  announcements in the filter's EHLO response.
-	Simplify the cleanup_envelope_test. Write the initial SIZE record
+	- REQUIRETLS will work with an SMTP-based after-queue content
-	to /dev/null, don't call cleanup_final(), and  verify the value
+	  filters as long as the filter announces REQUIRETLS in the
-	of state->sendopts.
+	  EHLO response (this could be 'always', or copied from the
 	  after-filter Postfix SMTP server's EHLO response), and
 	  as long as the filter passes the entire MAIL FROM command
 	  from the before-filter Postfix SMTP client to the
 	  after-filter Postfix SMTP server. Apart from that, the
 	  content filter does not need to 'know' that REQUIRETLS
 	  exists.
 	- There currently is no sendmail(1) command-line option to
 	  request REQUIRETLS, and no pipe(8) option to propagate
 	  REQUIRETLS. We could invent a custom long option,
 	  such as '-O RequireTLS' and some way to emit that with
 	  pipe(8). Absent such a command-line option we could use
 	  an environment variable but that will have to be supported
 	  long-term.
 	The RFC says that REQUIRETLS applies to LMTP. Dovecot
 	supports TLS, but how common is it for Postfix to verify a
 	Dovecot server certificate? Should we add a 'cheat' setting
 	that does not enforce REQUIRETLS?
 	If a message contains "TLS-Required: no", should a bounce
 	message also contain this header?
 	If the Postfix SMTP server accepted REQUIRETLS, should that
 	stay in effect if, before the message is forwarded, the
 	configuration is changed to "requiretls_enable = no"? Same
 	for "postsuper -r".
 	Ditto for "tls_required_enable = no" and "TLS-Required:
 	no".
 	Simplify the cleanup_envelope_test. Write the initial SIZE
 	record to /dev/null, don't call cleanup_final(), and  verify
 	the value of state->sendopts.
--- a/postfix/html/mailq.1.html
+++ b/postfix/html/mailq.1.html
@ -174,54 +174,75 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-O requiretls</b>
              When delivering the message with SMTP, the connection  must  use
              TLS  with  a  verified  server  certificate, and the remote SMTP
              server must support REQUIRETLS. Try  multiple  SMTP  servers  if
              possible,  and  return  the  message as undeliverable when these
              requirements were not satisfied with  any  of  the  remote  SMTP
              servers  that  were  tried.  The  "requiretls"  option  value is
              case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-O smtputf8</b>
              When delivering the message with SMTP, the connection  must  use
              the  SMTPUTF8  extension. Try multiple SMTP servers if possible,
              and return the message as undeliverable when a message  contains
              an UTF8 envelope address or message header, but SMTPUTF8 was not
              supported by any of the remote SMTP servers that were tried. The
              "smtputf8" option value is case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-n</b> (ignored)
              Backwards compatibility.
       <b>-oA</b><i>alias</i><b>_</b><i>database</i>
-              Non-default alias database. Specify <i>pathname</i>  or  <i>type</i>:<i>pathname</i>.
+              Non-default  alias  database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
              See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
       <b>-O</b> <i>option=value</i> (ignored)
-              Set  the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+              Set the named <i>option</i> to <i>value</i>. Use the equivalent  configuration
              parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-o7</b> (ignored)
       <b>-o8</b> (ignored)
-              To send 8-bit or binary content, use an appropriate MIME  encap-
+              To  send 8-bit or binary content, use an appropriate MIME encap-
              sulation and specify the appropriate <b>-B</b> command-line option.
-       <b>-oi</b>    When  reading  a message from standard input, don't treat a line
+       <b>-oi</b>    When reading a message from standard input, don't treat  a  line
              with only a <b>.</b> character as the end of input.
       <b>-om</b> (ignored)
              The sender is never eliminated from alias etc. expansions.
       <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent configuration  parame-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
              ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-r</b> <i>sender</i>
-              Set  the  envelope  sender  address.  This  is the address where
+              Set the envelope sender  address.  This  is  the  address  where
              delivery problems are sent to. With Postfix versions before 2.1,
-              the   <b>Errors-To:</b>  message  header  overrides  the  error  return
+              the  <b>Errors-To:</b>  message  header  overrides  the  error   return
              address.
       <b>-R</b> <i>return</i>
-              Delivery status notification control.  Specify "hdrs" to  return
+              Delivery  status notification control.  Specify "hdrs" to return
-              only  the header when a message bounces, "full" to return a full
+              only the header when a message bounces, "full" to return a  full
              copy (the default behavior).
              The <b>-R</b> option specifies an upper bound; Postfix will return only
-              the  header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+              the header, when a full copy would exceed the  <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
              setting.
              This option is ignored before Postfix version 2.10.
-       <b>-q</b>     Attempt to deliver all queued mail. This is implemented by  exe-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is implemented by exe-
              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
-              Warning:  flushing  undeliverable mail frequently will result in
+              Warning: flushing undeliverable mail frequently will  result  in
              poor delivery performance of all other mail.
       <b>-q</b><i>interval</i> (ignored)
@ -230,21 +251,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
       <b>-qI</b><i>queueid</i>
              Schedule immediate delivery of mail with the specified queue ID.
-              This option is implemented by executing  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a>  com-
+              This  option  is  implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
              mand, and is available with Postfix version 2.4 and later.
       <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery of all mail that is queued for the
+              Schedule immediate delivery of all mail that is queued  for  the
-              named <i>site</i>. This option accepts only <i>site</i> names that are  eligi-
+              named  <i>site</i>. This option accepts only <i>site</i> names that are eligi-
-              ble  for the "fast flush" service, and is implemented by execut-
+              ble for the "fast flush" service, and is implemented by  execut-
              ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
              about the "fast flush" service.
       <b>-qS</b><i>site</i>
-              This  command  is  not implemented. Use the slower "<b>sendmail -q</b>"
+              This command is not implemented. Use the  slower  "<b>sendmail  -q</b>"
              command instead.
-       <b>-t</b>     Extract recipients from message headers. These are added to  any
+       <b>-t</b>     Extract  recipients from message headers. These are added to any
              recipients specified on the command line.
              With Postfix versions prior to 2.1, this option requires that no
@ -260,23 +281,23 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope Return Path. Given an envelope sender address
+              Variable Envelope Return Path. Given an envelope sender  address
-              of the form <i>owner-listname</i>@<i>origin</i>,  each  recipient  <i>user</i>@<i>domain</i>
+              of  the  form  <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
              receives mail with a personalized envelope sender address.
-              By   default,   the  personalized  envelope  sender  address  is
+              By  default,  the  personalized  envelope  sender   address   is
-              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and  <b>=</b>  charac-
+              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The  default <b>+</b> and <b>=</b> charac-
-              ters  are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+              ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configu-
              ration parameter.
       <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter  characters,
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and  <i>y</i> as the VERP delimiter characters,
              instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
              <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
       <b>-v</b>     Send an email report of the first delivery attempt (Postfix ver-
-              sions  2.1 and later). Mail delivery always happens in the back-
+              sions 2.1 and later). Mail delivery always happens in the  back-
-              ground. When multiple <b>-v</b> options are given, enable verbose  log-
+              ground.  When multiple <b>-v</b> options are given, enable verbose log-
              ging for debugging purposes.
       <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
@ -284,42 +305,42 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              configuration parameters instead.
 <b><a name="security">SECURITY</a></b>
-       By design, this program is not set-user (or group) id.  It is  prepared
+       By  design, this program is not set-user (or group) id.  It is prepared
       to handle message content from untrusted, possibly remote, users.
-       However,  like  most  Postfix programs, this program does not enforce a
+       However, like most Postfix programs, this program does  not  enforce  a
-       security policy on its command-line arguments.  Instead, it  relies  on
+       security  policy  on its command-line arguments.  Instead, it relies on
-       the  UNIX system to enforce access policies based on the effective user
+       the UNIX system to enforce access policies based on the effective  user
       and group IDs of the process. Concretely, this means that running Post-
-       fix  commands as root (from sudo or equivalent) on behalf of a non-root
+       fix commands as root (from sudo or equivalent) on behalf of a  non-root
       user is likely to create privilege escalation opportunities.
-       If an application runs any Postfix programs on behalf of users that  do
+       If  an application runs any Postfix programs on behalf of users that do
       not have normal shell access to Postfix commands, then that application
-       MUST restrict user-specified command-line arguments to avoid  privilege
+       MUST  restrict user-specified command-line arguments to avoid privilege
       escalation.
-       <b>o</b>      Filter  all  command-line  arguments, for example arguments that
+       <b>o</b>      Filter all command-line arguments, for  example  arguments  that
-              contain a pathname or that specify  a  database  access  method.
+              contain  a  pathname  or  that specify a database access method.
-              These  pathname  checks  must reject user-controlled symlinks or
+              These pathname checks must reject  user-controlled  symlinks  or
              hardlinks to sensitive files, and must not be vulnerable to TOC-
              TOU race attacks.
-       <b>o</b>      Disable  command  options  processing  for all command arguments
+       <b>o</b>      Disable command options processing  for  all  command  arguments
              that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
                  <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
-              Here,  the  "<b>--</b>"  disables  command  option  processing  for all
+              Here, the  "<b>--</b>"  disables  command  option  processing  for  all
              <i>user-arguments</i> that follow.
-              Without the "<b>--</b>", a malicious user could  enable  Postfix  <a href="sendmail.1.html"><b>send-</b></a>
+              Without  the  "<b>--</b>",  a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
-              <a href="sendmail.1.html"><b>mail</b>(1)</a>  command  options,  by  specifying an email address that
+              <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying  an  email  address  that
              starts with "<b>-</b>".
 <b><a name="diagnostics">DIAGNOSTICS</a></b>
-       Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to  the  standard
+       Problems  are  logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
       error stream.
 <b><a name="environment">ENVIRONMENT</a></b>
@ -333,12 +354,12 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              Enable debugging with an external command, as specified with the
              <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
-       <b>NAME</b>   The sender full name. This is used only with messages that  have
+       <b>NAME</b>   The  sender full name. This is used only with messages that have
              no <b>From:</b> message header. See also the <b>-F</b> option above.
 <b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to  this  pro-
-       gram.  The text below provides only  a  parameter  summary.  See  <a href="postconf.5.html"><b>post-</b></a>
+       gram.   The  text  below  provides  only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
       <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
 <b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
@ -349,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
 <b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot  a  Postfix
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file gives examples of how to troubleshoot a Postfix
       system.
       <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@ -357,14 +378,14 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              invoked with the -D option.
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment in verbose logging level when a  nexthop  destina-
+              The  increment  in verbose logging level when a nexthop destina-
-              tion,  remote client or server name or network address matches a
+              tion, remote client or server name or network address matches  a
              pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of nexthop destination, remote  client  or  server
+              Optional  list  of  nexthop destination, remote client or server
-              name  or  network  address  patterns that, if matched, cause the
+              name or network address patterns that,  if  matched,  cause  the
-              verbose logging level to increase by  the  amount  specified  in
+              verbose  logging  level  to  increase by the amount specified in
              $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 <b><a name="access_controls">ACCESS CONTROLS</a></b>
@ -377,13 +398,13 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              List of users who are authorized to view the queue.
       <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+              List of users who are authorized to submit mail with  the  <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
              mand).
 <b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
       <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
-              The  maximal  amount  of original message text that is sent in a
+              The maximal amount of original message text that is  sent  in  a
              non-delivery notification.
       <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
@ -397,11 +418,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              in the primary message headers.
       <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time  between  <a href="QSHAPE_README.html#deferred_queue">deferred  queue</a>  scans by the queue manager;
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>  scans  by  the  queue  manager;
              prior to Postfix 2.4 the default value was 1000s.
 <b><a name="fast_flush_controls">FAST FLUSH CONTROLS</a></b>
-       The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details  for
+       The  <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
       the Postfix "fast flush" service.
       <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
@ -409,26 +430,26 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              tion logfiles with mail that is queued to those destinations.
 <b><a name="verp_controls">VERP CONTROLS</a></b>
-       The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation  details  of
+       The  <a href="VERP_README.html">VERP_README</a>  file describes configuration and operation details of
       Postfix support for variable envelope return path addresses.
       <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
              The two default VERP delimiter characters.
       <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The  characters  Postfix accepts as VERP delimiter characters on
+              The characters Postfix accepts as VERP delimiter  characters  on
              the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
 <b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
       <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated  with
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
              "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of all postfix administrative commands.
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+              The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
              figuration files.
       <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
@ -439,25 +460,25 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
       <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The time after which the sender receives a copy of  the  message
+              The  time  after which the sender receives a copy of the message
              headers of mail that is still queued.
       <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The  list  of  environment  variables  that a privileged Postfix
+              The list of environment  variables  that  a  privileged  Postfix
-              process will  import  from  a  non-Postfix  parent  process,  or
+              process  will  import  from  a  non-Postfix  parent  process, or
              name=value environment overrides.
       <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
-              The  UNIX  system  account  that owns the Postfix queue and most
+              The UNIX system account that owns the  Postfix  queue  and  most
              Postfix daemon processes.
       <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
              The location of the Postfix top-level queue directory.
       <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Rewrite or add message headers in mail from  remote  clients  if
+              Rewrite  or  add  message headers in mail from remote clients if
-              the  <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>  parameter value is non-empty,
+              the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value  is  non-empty,
-              updating incomplete addresses with the domain specified  in  the
+              updating  incomplete  addresses with the domain specified in the
              <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing head-
              ers.
@ -465,24 +486,30 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              A prefix that  is  prepended  to  the  process  name  in  syslog
+              A  prefix  that  is  prepended  to  the  process  name in syslog
              records, so that, for example, "smtpd" becomes "prefix/smtpd".
       Postfix 3.2 and later:
       <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
              A list of non-default Postfix configuration directories that may
-              be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line  (in
+              be  specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
-              the  case  of  <a href="sendmail.1.html"><b>sendmail</b>(1)</a>,  with  the  "-C" option), or via the
+              the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with  the  "-C"  option),  or  via  the
              MAIL_CONFIG environment parameter.
       <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
-              An optional list of non-default Postfix  configuration  directo-
+              An  optional  list of non-default Postfix configuration directo-
-              ries;  these  directories belong to additional Postfix instances
+              ries; these directories belong to additional  Postfix  instances
-              that share the Postfix executable files and  documentation  with
+              that  share  the Postfix executable files and documentation with
-              the  default  Postfix  instance,  and that are started, stopped,
+              the default Postfix instance, and  that  are  started,  stopped,
              etc., together with the default Postfix instance.
       Postfix 3.10 and later:
       <b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
              Enable  support  for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
              <a href="https://tools.ietf.org/html/rfc8689">8689</a>.
 <b><a name="files">FILES</a></b>
       /var/spool/postfix, mail queue
       /etc/postfix, configuration files
--- a/postfix/html/newaliases.1.html
+++ b/postfix/html/newaliases.1.html
@ -174,54 +174,75 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-O requiretls</b>
              When delivering the message with SMTP, the connection  must  use
              TLS  with  a  verified  server  certificate, and the remote SMTP
              server must support REQUIRETLS. Try  multiple  SMTP  servers  if
              possible,  and  return  the  message as undeliverable when these
              requirements were not satisfied with  any  of  the  remote  SMTP
              servers  that  were  tried.  The  "requiretls"  option  value is
              case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-O smtputf8</b>
              When delivering the message with SMTP, the connection  must  use
              the  SMTPUTF8  extension. Try multiple SMTP servers if possible,
              and return the message as undeliverable when a message  contains
              an UTF8 envelope address or message header, but SMTPUTF8 was not
              supported by any of the remote SMTP servers that were tried. The
              "smtputf8" option value is case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-n</b> (ignored)
              Backwards compatibility.
       <b>-oA</b><i>alias</i><b>_</b><i>database</i>
-              Non-default alias database. Specify <i>pathname</i>  or  <i>type</i>:<i>pathname</i>.
+              Non-default  alias  database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
              See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
       <b>-O</b> <i>option=value</i> (ignored)
-              Set  the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+              Set the named <i>option</i> to <i>value</i>. Use the equivalent  configuration
              parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-o7</b> (ignored)
       <b>-o8</b> (ignored)
-              To send 8-bit or binary content, use an appropriate MIME  encap-
+              To  send 8-bit or binary content, use an appropriate MIME encap-
              sulation and specify the appropriate <b>-B</b> command-line option.
-       <b>-oi</b>    When  reading  a message from standard input, don't treat a line
+       <b>-oi</b>    When reading a message from standard input, don't treat  a  line
              with only a <b>.</b> character as the end of input.
       <b>-om</b> (ignored)
              The sender is never eliminated from alias etc. expansions.
       <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent configuration  parame-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
              ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-r</b> <i>sender</i>
-              Set  the  envelope  sender  address.  This  is the address where
+              Set the envelope sender  address.  This  is  the  address  where
              delivery problems are sent to. With Postfix versions before 2.1,
-              the   <b>Errors-To:</b>  message  header  overrides  the  error  return
+              the  <b>Errors-To:</b>  message  header  overrides  the  error   return
              address.
       <b>-R</b> <i>return</i>
-              Delivery status notification control.  Specify "hdrs" to  return
+              Delivery  status notification control.  Specify "hdrs" to return
-              only  the header when a message bounces, "full" to return a full
+              only the header when a message bounces, "full" to return a  full
              copy (the default behavior).
              The <b>-R</b> option specifies an upper bound; Postfix will return only
-              the  header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+              the header, when a full copy would exceed the  <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
              setting.
              This option is ignored before Postfix version 2.10.
-       <b>-q</b>     Attempt to deliver all queued mail. This is implemented by  exe-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is implemented by exe-
              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
-              Warning:  flushing  undeliverable mail frequently will result in
+              Warning: flushing undeliverable mail frequently will  result  in
              poor delivery performance of all other mail.
       <b>-q</b><i>interval</i> (ignored)
@ -230,21 +251,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
       <b>-qI</b><i>queueid</i>
              Schedule immediate delivery of mail with the specified queue ID.
-              This option is implemented by executing  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a>  com-
+              This  option  is  implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
              mand, and is available with Postfix version 2.4 and later.
       <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery of all mail that is queued for the
+              Schedule immediate delivery of all mail that is queued  for  the
-              named <i>site</i>. This option accepts only <i>site</i> names that are  eligi-
+              named  <i>site</i>. This option accepts only <i>site</i> names that are eligi-
-              ble  for the "fast flush" service, and is implemented by execut-
+              ble for the "fast flush" service, and is implemented by  execut-
              ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
              about the "fast flush" service.
       <b>-qS</b><i>site</i>
-              This  command  is  not implemented. Use the slower "<b>sendmail -q</b>"
+              This command is not implemented. Use the  slower  "<b>sendmail  -q</b>"
              command instead.
-       <b>-t</b>     Extract recipients from message headers. These are added to  any
+       <b>-t</b>     Extract  recipients from message headers. These are added to any
              recipients specified on the command line.
              With Postfix versions prior to 2.1, this option requires that no
@ -260,23 +281,23 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope Return Path. Given an envelope sender address
+              Variable Envelope Return Path. Given an envelope sender  address
-              of the form <i>owner-listname</i>@<i>origin</i>,  each  recipient  <i>user</i>@<i>domain</i>
+              of  the  form  <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
              receives mail with a personalized envelope sender address.
-              By   default,   the  personalized  envelope  sender  address  is
+              By  default,  the  personalized  envelope  sender   address   is
-              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and  <b>=</b>  charac-
+              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The  default <b>+</b> and <b>=</b> charac-
-              ters  are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+              ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configu-
              ration parameter.
       <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter  characters,
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and  <i>y</i> as the VERP delimiter characters,
              instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
              <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
       <b>-v</b>     Send an email report of the first delivery attempt (Postfix ver-
-              sions  2.1 and later). Mail delivery always happens in the back-
+              sions 2.1 and later). Mail delivery always happens in the  back-
-              ground. When multiple <b>-v</b> options are given, enable verbose  log-
+              ground.  When multiple <b>-v</b> options are given, enable verbose log-
              ging for debugging purposes.
       <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
@ -284,42 +305,42 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              configuration parameters instead.
 <b><a name="security">SECURITY</a></b>
-       By design, this program is not set-user (or group) id.  It is  prepared
+       By  design, this program is not set-user (or group) id.  It is prepared
       to handle message content from untrusted, possibly remote, users.
-       However,  like  most  Postfix programs, this program does not enforce a
+       However, like most Postfix programs, this program does  not  enforce  a
-       security policy on its command-line arguments.  Instead, it  relies  on
+       security  policy  on its command-line arguments.  Instead, it relies on
-       the  UNIX system to enforce access policies based on the effective user
+       the UNIX system to enforce access policies based on the effective  user
       and group IDs of the process. Concretely, this means that running Post-
-       fix  commands as root (from sudo or equivalent) on behalf of a non-root
+       fix commands as root (from sudo or equivalent) on behalf of a  non-root
       user is likely to create privilege escalation opportunities.
-       If an application runs any Postfix programs on behalf of users that  do
+       If  an application runs any Postfix programs on behalf of users that do
       not have normal shell access to Postfix commands, then that application
-       MUST restrict user-specified command-line arguments to avoid  privilege
+       MUST  restrict user-specified command-line arguments to avoid privilege
       escalation.
-       <b>o</b>      Filter  all  command-line  arguments, for example arguments that
+       <b>o</b>      Filter all command-line arguments, for  example  arguments  that
-              contain a pathname or that specify  a  database  access  method.
+              contain  a  pathname  or  that specify a database access method.
-              These  pathname  checks  must reject user-controlled symlinks or
+              These pathname checks must reject  user-controlled  symlinks  or
              hardlinks to sensitive files, and must not be vulnerable to TOC-
              TOU race attacks.
-       <b>o</b>      Disable  command  options  processing  for all command arguments
+       <b>o</b>      Disable command options processing  for  all  command  arguments
              that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
                  <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
-              Here,  the  "<b>--</b>"  disables  command  option  processing  for all
+              Here, the  "<b>--</b>"  disables  command  option  processing  for  all
              <i>user-arguments</i> that follow.
-              Without the "<b>--</b>", a malicious user could  enable  Postfix  <a href="sendmail.1.html"><b>send-</b></a>
+              Without  the  "<b>--</b>",  a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
-              <a href="sendmail.1.html"><b>mail</b>(1)</a>  command  options,  by  specifying an email address that
+              <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying  an  email  address  that
              starts with "<b>-</b>".
 <b><a name="diagnostics">DIAGNOSTICS</a></b>
-       Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to  the  standard
+       Problems  are  logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
       error stream.
 <b><a name="environment">ENVIRONMENT</a></b>
@ -333,12 +354,12 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              Enable debugging with an external command, as specified with the
              <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
-       <b>NAME</b>   The sender full name. This is used only with messages that  have
+       <b>NAME</b>   The  sender full name. This is used only with messages that have
              no <b>From:</b> message header. See also the <b>-F</b> option above.
 <b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to  this  pro-
-       gram.  The text below provides only  a  parameter  summary.  See  <a href="postconf.5.html"><b>post-</b></a>
+       gram.   The  text  below  provides  only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
       <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
 <b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
@ -349,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
 <b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot  a  Postfix
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file gives examples of how to troubleshoot a Postfix
       system.
       <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@ -357,14 +378,14 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              invoked with the -D option.
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment in verbose logging level when a  nexthop  destina-
+              The  increment  in verbose logging level when a nexthop destina-
-              tion,  remote client or server name or network address matches a
+              tion, remote client or server name or network address matches  a
              pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of nexthop destination, remote  client  or  server
+              Optional  list  of  nexthop destination, remote client or server
-              name  or  network  address  patterns that, if matched, cause the
+              name or network address patterns that,  if  matched,  cause  the
-              verbose logging level to increase by  the  amount  specified  in
+              verbose  logging  level  to  increase by the amount specified in
              $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 <b><a name="access_controls">ACCESS CONTROLS</a></b>
@ -377,13 +398,13 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              List of users who are authorized to view the queue.
       <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+              List of users who are authorized to submit mail with  the  <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
              mand).
 <b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
       <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
-              The  maximal  amount  of original message text that is sent in a
+              The maximal amount of original message text that is  sent  in  a
              non-delivery notification.
       <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
@ -397,11 +418,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              in the primary message headers.
       <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time  between  <a href="QSHAPE_README.html#deferred_queue">deferred  queue</a>  scans by the queue manager;
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>  scans  by  the  queue  manager;
              prior to Postfix 2.4 the default value was 1000s.
 <b><a name="fast_flush_controls">FAST FLUSH CONTROLS</a></b>
-       The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details  for
+       The  <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
       the Postfix "fast flush" service.
       <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
@ -409,26 +430,26 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              tion logfiles with mail that is queued to those destinations.
 <b><a name="verp_controls">VERP CONTROLS</a></b>
-       The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation  details  of
+       The  <a href="VERP_README.html">VERP_README</a>  file describes configuration and operation details of
       Postfix support for variable envelope return path addresses.
       <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
              The two default VERP delimiter characters.
       <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The  characters  Postfix accepts as VERP delimiter characters on
+              The characters Postfix accepts as VERP delimiter  characters  on
              the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
 <b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
       <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated  with
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
              "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of all postfix administrative commands.
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+              The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
              figuration files.
       <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
@ -439,25 +460,25 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
       <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The time after which the sender receives a copy of  the  message
+              The  time  after which the sender receives a copy of the message
              headers of mail that is still queued.
       <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The  list  of  environment  variables  that a privileged Postfix
+              The list of environment  variables  that  a  privileged  Postfix
-              process will  import  from  a  non-Postfix  parent  process,  or
+              process  will  import  from  a  non-Postfix  parent  process, or
              name=value environment overrides.
       <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
-              The  UNIX  system  account  that owns the Postfix queue and most
+              The UNIX system account that owns the  Postfix  queue  and  most
              Postfix daemon processes.
       <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
              The location of the Postfix top-level queue directory.
       <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Rewrite or add message headers in mail from  remote  clients  if
+              Rewrite  or  add  message headers in mail from remote clients if
-              the  <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>  parameter value is non-empty,
+              the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value  is  non-empty,
-              updating incomplete addresses with the domain specified  in  the
+              updating  incomplete  addresses with the domain specified in the
              <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing head-
              ers.
@ -465,24 +486,30 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              A prefix that  is  prepended  to  the  process  name  in  syslog
+              A  prefix  that  is  prepended  to  the  process  name in syslog
              records, so that, for example, "smtpd" becomes "prefix/smtpd".
       Postfix 3.2 and later:
       <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
              A list of non-default Postfix configuration directories that may
-              be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line  (in
+              be  specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
-              the  case  of  <a href="sendmail.1.html"><b>sendmail</b>(1)</a>,  with  the  "-C" option), or via the
+              the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with  the  "-C"  option),  or  via  the
              MAIL_CONFIG environment parameter.
       <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
-              An optional list of non-default Postfix  configuration  directo-
+              An  optional  list of non-default Postfix configuration directo-
-              ries;  these  directories belong to additional Postfix instances
+              ries; these directories belong to additional  Postfix  instances
-              that share the Postfix executable files and  documentation  with
+              that  share  the Postfix executable files and documentation with
-              the  default  Postfix  instance,  and that are started, stopped,
+              the default Postfix instance, and  that  are  started,  stopped,
              etc., together with the default Postfix instance.
       Postfix 3.10 and later:
       <b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
              Enable  support  for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
              <a href="https://tools.ietf.org/html/rfc8689">8689</a>.
 <b><a name="files">FILES</a></b>
       /var/spool/postfix, mail queue
       /etc/postfix, configuration files
--- a/postfix/html/sendmail.1.html
+++ b/postfix/html/sendmail.1.html
@ -174,54 +174,75 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-O requiretls</b>
              When delivering the message with SMTP, the connection  must  use
              TLS  with  a  verified  server  certificate, and the remote SMTP
              server must support REQUIRETLS. Try  multiple  SMTP  servers  if
              possible,  and  return  the  message as undeliverable when these
              requirements were not satisfied with  any  of  the  remote  SMTP
              servers  that  were  tried.  The  "requiretls"  option  value is
              case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-O smtputf8</b>
              When delivering the message with SMTP, the connection  must  use
              the  SMTPUTF8  extension. Try multiple SMTP servers if possible,
              and return the message as undeliverable when a message  contains
              an UTF8 envelope address or message header, but SMTPUTF8 was not
              supported by any of the remote SMTP servers that were tried. The
              "smtputf8" option value is case-insensitive.
              This feature is available in Postfix 3.10 and later.
       <b>-n</b> (ignored)
              Backwards compatibility.
       <b>-oA</b><i>alias</i><b>_</b><i>database</i>
-              Non-default alias database. Specify <i>pathname</i>  or  <i>type</i>:<i>pathname</i>.
+              Non-default  alias  database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
              See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
       <b>-O</b> <i>option=value</i> (ignored)
-              Set  the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+              Set the named <i>option</i> to <i>value</i>. Use the equivalent  configuration
              parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-o7</b> (ignored)
       <b>-o8</b> (ignored)
-              To send 8-bit or binary content, use an appropriate MIME  encap-
+              To  send 8-bit or binary content, use an appropriate MIME encap-
              sulation and specify the appropriate <b>-B</b> command-line option.
-       <b>-oi</b>    When  reading  a message from standard input, don't treat a line
+       <b>-oi</b>    When reading a message from standard input, don't treat  a  line
              with only a <b>.</b> character as the end of input.
       <b>-om</b> (ignored)
              The sender is never eliminated from alias etc. expansions.
       <b>-o</b> <i>x value</i> (ignored)
-              Set option <i>x</i> to <i>value</i>. Use the equivalent configuration  parame-
+              Set  option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
              ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
       <b>-r</b> <i>sender</i>
-              Set  the  envelope  sender  address.  This  is the address where
+              Set the envelope sender  address.  This  is  the  address  where
              delivery problems are sent to. With Postfix versions before 2.1,
-              the   <b>Errors-To:</b>  message  header  overrides  the  error  return
+              the  <b>Errors-To:</b>  message  header  overrides  the  error   return
              address.
       <b>-R</b> <i>return</i>
-              Delivery status notification control.  Specify "hdrs" to  return
+              Delivery  status notification control.  Specify "hdrs" to return
-              only  the header when a message bounces, "full" to return a full
+              only the header when a message bounces, "full" to return a  full
              copy (the default behavior).
              The <b>-R</b> option specifies an upper bound; Postfix will return only
-              the  header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+              the header, when a full copy would exceed the  <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
              setting.
              This option is ignored before Postfix version 2.10.
-       <b>-q</b>     Attempt to deliver all queued mail. This is implemented by  exe-
+       <b>-q</b>     Attempt  to deliver all queued mail. This is implemented by exe-
              cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
-              Warning:  flushing  undeliverable mail frequently will result in
+              Warning: flushing undeliverable mail frequently will  result  in
              poor delivery performance of all other mail.
       <b>-q</b><i>interval</i> (ignored)
@ -230,21 +251,21 @@ SENDMAIL(1)                                                        SENDMAIL(1)
       <b>-qI</b><i>queueid</i>
              Schedule immediate delivery of mail with the specified queue ID.
-              This option is implemented by executing  the  <a href="postqueue.1.html"><b>postqueue</b>(1)</a>  com-
+              This  option  is  implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
              mand, and is available with Postfix version 2.4 and later.
       <b>-qR</b><i>site</i>
-              Schedule  immediate  delivery of all mail that is queued for the
+              Schedule immediate delivery of all mail that is queued  for  the
-              named <i>site</i>. This option accepts only <i>site</i> names that are  eligi-
+              named  <i>site</i>. This option accepts only <i>site</i> names that are eligi-
-              ble  for the "fast flush" service, and is implemented by execut-
+              ble for the "fast flush" service, and is implemented by  execut-
              ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.  See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
              about the "fast flush" service.
       <b>-qS</b><i>site</i>
-              This  command  is  not implemented. Use the slower "<b>sendmail -q</b>"
+              This command is not implemented. Use the  slower  "<b>sendmail  -q</b>"
              command instead.
-       <b>-t</b>     Extract recipients from message headers. These are added to  any
+       <b>-t</b>     Extract  recipients from message headers. These are added to any
              recipients specified on the command line.
              With Postfix versions prior to 2.1, this option requires that no
@ -260,23 +281,23 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              This feature is available in Postfix 2.3 and later.
       <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
-              Variable  Envelope Return Path. Given an envelope sender address
+              Variable Envelope Return Path. Given an envelope sender  address
-              of the form <i>owner-listname</i>@<i>origin</i>,  each  recipient  <i>user</i>@<i>domain</i>
+              of  the  form  <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
              receives mail with a personalized envelope sender address.
-              By   default,   the  personalized  envelope  sender  address  is
+              By  default,  the  personalized  envelope  sender   address   is
-              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and  <b>=</b>  charac-
+              <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>.  The  default <b>+</b> and <b>=</b> charac-
-              ters  are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+              ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b>  configu-
              ration parameter.
       <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
-              As <b>-XV</b>, but uses <i>x</i> and  <i>y</i>  as  the  VERP  delimiter  characters,
+              As  <b>-XV</b>,  but  uses  <i>x</i>  and  <i>y</i> as the VERP delimiter characters,
              instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
              <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
       <b>-v</b>     Send an email report of the first delivery attempt (Postfix ver-
-              sions  2.1 and later). Mail delivery always happens in the back-
+              sions 2.1 and later). Mail delivery always happens in the  back-
-              ground. When multiple <b>-v</b> options are given, enable verbose  log-
+              ground.  When multiple <b>-v</b> options are given, enable verbose log-
              ging for debugging purposes.
       <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
@ -284,42 +305,42 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              configuration parameters instead.
 <b><a name="security">SECURITY</a></b>
-       By design, this program is not set-user (or group) id.  It is  prepared
+       By  design, this program is not set-user (or group) id.  It is prepared
       to handle message content from untrusted, possibly remote, users.
-       However,  like  most  Postfix programs, this program does not enforce a
+       However, like most Postfix programs, this program does  not  enforce  a
-       security policy on its command-line arguments.  Instead, it  relies  on
+       security  policy  on its command-line arguments.  Instead, it relies on
-       the  UNIX system to enforce access policies based on the effective user
+       the UNIX system to enforce access policies based on the effective  user
       and group IDs of the process. Concretely, this means that running Post-
-       fix  commands as root (from sudo or equivalent) on behalf of a non-root
+       fix commands as root (from sudo or equivalent) on behalf of a  non-root
       user is likely to create privilege escalation opportunities.
-       If an application runs any Postfix programs on behalf of users that  do
+       If  an application runs any Postfix programs on behalf of users that do
       not have normal shell access to Postfix commands, then that application
-       MUST restrict user-specified command-line arguments to avoid  privilege
+       MUST  restrict user-specified command-line arguments to avoid privilege
       escalation.
-       <b>o</b>      Filter  all  command-line  arguments, for example arguments that
+       <b>o</b>      Filter all command-line arguments, for  example  arguments  that
-              contain a pathname or that specify  a  database  access  method.
+              contain  a  pathname  or  that specify a database access method.
-              These  pathname  checks  must reject user-controlled symlinks or
+              These pathname checks must reject  user-controlled  symlinks  or
              hardlinks to sensitive files, and must not be vulnerable to TOC-
              TOU race attacks.
-       <b>o</b>      Disable  command  options  processing  for all command arguments
+       <b>o</b>      Disable command options processing  for  all  command  arguments
              that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
                  <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
-              Here,  the  "<b>--</b>"  disables  command  option  processing  for all
+              Here, the  "<b>--</b>"  disables  command  option  processing  for  all
              <i>user-arguments</i> that follow.
-              Without the "<b>--</b>", a malicious user could  enable  Postfix  <a href="sendmail.1.html"><b>send-</b></a>
+              Without  the  "<b>--</b>",  a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
-              <a href="sendmail.1.html"><b>mail</b>(1)</a>  command  options,  by  specifying an email address that
+              <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying  an  email  address  that
              starts with "<b>-</b>".
 <b><a name="diagnostics">DIAGNOSTICS</a></b>
-       Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to  the  standard
+       Problems  are  logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
       error stream.
 <b><a name="environment">ENVIRONMENT</a></b>
@ -333,12 +354,12 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              Enable debugging with an external command, as specified with the
              <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
-       <b>NAME</b>   The sender full name. This is used only with messages that  have
+       <b>NAME</b>   The  sender full name. This is used only with messages that have
              no <b>From:</b> message header. See also the <b>-F</b> option above.
 <b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
-       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+       The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to  this  pro-
-       gram.  The text below provides only  a  parameter  summary.  See  <a href="postconf.5.html"><b>post-</b></a>
+       gram.   The  text  below  provides  only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
       <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
 <b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
@ -349,7 +370,7 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
 <b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot  a  Postfix
+       The  <a href="DEBUG_README.html">DEBUG_README</a>  file gives examples of how to troubleshoot a Postfix
       system.
       <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
@ -357,14 +378,14 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              invoked with the -D option.
       <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The increment in verbose logging level when a  nexthop  destina-
+              The  increment  in verbose logging level when a nexthop destina-
-              tion,  remote client or server name or network address matches a
+              tion, remote client or server name or network address matches  a
              pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
       <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional list of nexthop destination, remote  client  or  server
+              Optional  list  of  nexthop destination, remote client or server
-              name  or  network  address  patterns that, if matched, cause the
+              name or network address patterns that,  if  matched,  cause  the
-              verbose logging level to increase by  the  amount  specified  in
+              verbose  logging  level  to  increase by the amount specified in
              $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 <b><a name="access_controls">ACCESS CONTROLS</a></b>
@ -377,13 +398,13 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              List of users who are authorized to view the queue.
       <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
-              List  of  users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+              List of users who are authorized to submit mail with  the  <a href="sendmail.1.html"><b>send-</b></a>
              <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
              mand).
 <b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
       <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
-              The  maximal  amount  of original message text that is sent in a
+              The maximal amount of original message text that is  sent  in  a
              non-delivery notification.
       <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
@ -397,11 +418,11 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              in the primary message headers.
       <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
-              The  time  between  <a href="QSHAPE_README.html#deferred_queue">deferred  queue</a>  scans by the queue manager;
+              The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>  scans  by  the  queue  manager;
              prior to Postfix 2.4 the default value was 1000s.
 <b><a name="fast_flush_controls">FAST FLUSH CONTROLS</a></b>
-       The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details  for
+       The  <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
       the Postfix "fast flush" service.
       <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
@ -409,26 +430,26 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              tion logfiles with mail that is queued to those destinations.
 <b><a name="verp_controls">VERP CONTROLS</a></b>
-       The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation  details  of
+       The  <a href="VERP_README.html">VERP_README</a>  file describes configuration and operation details of
       Postfix support for variable envelope return path addresses.
       <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
              The two default VERP delimiter characters.
       <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The  characters  Postfix accepts as VERP delimiter characters on
+              The characters Postfix accepts as VERP delimiter  characters  on
              the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
 <b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
       <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
-              The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated  with
+              The  alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
              "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
       <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
              The location of all postfix administrative commands.
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+              The default location of the Postfix <a href="postconf.5.html">main.cf</a> and  <a href="master.5.html">master.cf</a>  con-
              figuration files.
       <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
@ -439,25 +460,25 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
       <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
-              The time after which the sender receives a copy of  the  message
+              The  time  after which the sender receives a copy of the message
              headers of mail that is still queued.
       <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
-              The  list  of  environment  variables  that a privileged Postfix
+              The list of environment  variables  that  a  privileged  Postfix
-              process will  import  from  a  non-Postfix  parent  process,  or
+              process  will  import  from  a  non-Postfix  parent  process, or
              name=value environment overrides.
       <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
-              The  UNIX  system  account  that owns the Postfix queue and most
+              The UNIX system account that owns the  Postfix  queue  and  most
              Postfix daemon processes.
       <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
              The location of the Postfix top-level queue directory.
       <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
-              Rewrite or add message headers in mail from  remote  clients  if
+              Rewrite  or  add  message headers in mail from remote clients if
-              the  <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>  parameter value is non-empty,
+              the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value  is  non-empty,
-              updating incomplete addresses with the domain specified  in  the
+              updating  incomplete  addresses with the domain specified in the
              <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing head-
              ers.
@ -465,24 +486,30 @@ SENDMAIL(1)                                                        SENDMAIL(1)
              The syslog facility of Postfix logging.
       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
-              A prefix that  is  prepended  to  the  process  name  in  syslog
+              A  prefix  that  is  prepended  to  the  process  name in syslog
              records, so that, for example, "smtpd" becomes "prefix/smtpd".
       Postfix 3.2 and later:
       <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
              A list of non-default Postfix configuration directories that may
-              be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line  (in
+              be  specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
-              the  case  of  <a href="sendmail.1.html"><b>sendmail</b>(1)</a>,  with  the  "-C" option), or via the
+              the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with  the  "-C"  option),  or  via  the
              MAIL_CONFIG environment parameter.
       <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
-              An optional list of non-default Postfix  configuration  directo-
+              An  optional  list of non-default Postfix configuration directo-
-              ries;  these  directories belong to additional Postfix instances
+              ries; these directories belong to additional  Postfix  instances
-              that share the Postfix executable files and  documentation  with
+              that  share  the Postfix executable files and documentation with
-              the  default  Postfix  instance,  and that are started, stopped,
+              the default Postfix instance, and  that  are  started,  stopped,
              etc., together with the default Postfix instance.
       Postfix 3.10 and later:
       <b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
              Enable  support  for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
              <a href="https://tools.ietf.org/html/rfc8689">8689</a>.
 <b><a name="files">FILES</a></b>
       /var/spool/postfix, mail queue
       /etc/postfix, configuration files
--- a/postfix/man/man1/sendmail.1
+++ b/postfix/man/man1/sendmail.1
@ -162,6 +162,24 @@ notification when delivery is delayed), or \fBsuccess\fR
 \fBnever\fR (don't send any notifications at all).
 This feature is available in Postfix 2.3 and later.
 .IP "\fB\-O requiretls"
 When delivering the message with SMTP, the connection must use TLS
 with a verified server certificate, and the remote SMTP server
 must support REQUIRETLS. Try multiple SMTP servers if possible,
 and return the message as undeliverable when these requirements
 were not satisfied with any of the remote SMTP servers that were
 tried. The "requiretls" option value is case\-insensitive.
 This feature is available in Postfix 3.10 and later.
 .IP "\fB\-O smtputf8"
 When delivering the message with SMTP, the connection must use
 the SMTPUTF8 extension. Try multiple SMTP servers if possible,
 and return the message as undeliverable when a message contains
 an UTF8 envelope address or message header, but SMTPUTF8 was not
 supported by any of the remote SMTP servers that were tried. The
 "smtputf8" option value is case\-insensitive.
 This feature is available in Postfix 3.10 and later.
 .IP "\fB\-n\fR (ignored)"
 Backwards compatibility.
 .IP "\fB\-oA\fIalias_database\fR"
@ -462,6 +480,11 @@ these directories belong to additional Postfix instances that share
 the Postfix executable files and documentation with the default
 Postfix instance, and that are started, stopped, etc., together
 with the default Postfix instance.
 .PP
 Postfix 3.10 and later:
 .IP "\fBrequiretls_enable (yes)\fR"
 Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
 8689.
 .SH "FILES"
 .na
 .nf
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@ -161,3 +161,5 @@ proto  proto socketmap_table
 operations Files cleanup cleanup h cleanup cleanup_message c 
 global ehlo_mask_test c local forward c smtpd smtpd c 
 more alternate MX servers to try Files smtp smtp h 
 Files sendmail sendmail c global rec_types h 
 Files sendmail sendmail c 
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20250120"
+#define MAIL_RELEASE_DATE	"20250121"
 #define MAIL_VERSION_NUMBER	"3.10"
 #ifdef SNAPSHOT
--- a/postfix/src/global/rec_type.h
+++ b/postfix/src/global/rec_type.h
@ -110,7 +110,7 @@
 /*
  * The subset of inputs that the postdrop command allows.
  */
-#define REC_TYPE_POST_ENVELOPE	"MFSRVAin"
+#define REC_TYPE_POST_ENVELOPE	"MCFSRVAin"
 #define REC_TYPE_POST_CONTENT	"XLN"
 #define REC_TYPE_POST_EXTRACT	"EAR"
--- a/postfix/src/pickup/pickup.c
+++ b/postfix/src/pickup/pickup.c
@ -236,6 +236,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
    char   *attr_value;
    char   *saved_attr;
    int     skip_attr;
    ssize_t count;
    /*
     * Limit the input record size. All front-end programs should protect the
@ -246,7 +247,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
     * 
     * We must allow PTR records here because of "postsuper -r".
     */
-    for (;;) {
+    for (count = 0; /* void */; count++) {
 	if ((type = rec_get(qfile, buf, var_line_limit)) < 0
 	    || strchr(expected, type) == 0)
 	    return (file_read_error(info, type));
@ -264,6 +265,9 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
 	}
 	if (type == REC_TYPE_TIME)
 	    time_seen = 1;
 	if (type == REC_TYPE_SIZE && count > 0)
 	    /* Discard SIZE record not at beginning of segment. */
 	    continue;
 	/*
 	 * XXX Workaround: REC_TYPE_FILT (used in envelopes) == REC_TYPE_CONT
--- a/postfix/src/sendmail/Makefile.in
+++ b/postfix/src/sendmail/Makefile.in
@ -86,6 +86,7 @@ sendmail.o: ../../include/recipient_list.h
 sendmail.o: ../../include/record.h
 sendmail.o: ../../include/resolve_clnt.h
 sendmail.o: ../../include/safe.h
 sendmail.o: ../../include/sendopts.h
 sendmail.o: ../../include/set_ugid.h
 sendmail.o: ../../include/split_at.h
 sendmail.o: ../../include/stringops.h
--- a/postfix/src/sendmail/sendmail.c
+++ b/postfix/src/sendmail/sendmail.c
@ -156,6 +156,24 @@
 /*	\fBnever\fR (don't send any notifications at all).
 /*
 /*	This feature is available in Postfix 2.3 and later.
 /* .IP "\fB-O requiretls"
 /*	When delivering the message with SMTP, the connection must use TLS
 /*	with a verified server certificate, and the remote SMTP server
 /*	must support REQUIRETLS. Try multiple SMTP servers if possible,
 /*	and return the message as undeliverable when these requirements
 /*	were not satisfied with any of the remote SMTP servers that were
 /*	tried. The "requiretls" option value is case-insensitive.
 /*
 /*	This feature is available in Postfix 3.10 and later.
 /* .IP "\fB-O smtputf8"
 /*	When delivering the message with SMTP, the connection must use
 /*	the SMTPUTF8 extension. Try multiple SMTP servers if possible,
 /*	and return the message as undeliverable when a message contains
 /*	an UTF8 envelope address or message header, but SMTPUTF8 was not
 /*	supported by any of the remote SMTP servers that were tried. The
 /*	"smtputf8" option value is case-insensitive.
 /*
 /*	This feature is available in Postfix 3.10 and later.
 /* .IP "\fB-n\fR (ignored)"
 /*	Backwards compatibility.
 /* .IP "\fB-oA\fIalias_database\fR"
@ -434,6 +452,11 @@
 /*	the Postfix executable files and documentation with the default
 /*	Postfix instance, and that are started, stopped, etc., together
 /*	with the default Postfix instance.
 /* .PP
 /*	Postfix 3.10 and later:
 /* .IP "\fBrequiretls_enable (yes)\fR"
 /*	Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
 /*	8689.
 /* FILES
 /*	/var/spool/postfix, mail queue
 /*	/etc/postfix, configuration files
@ -537,6 +560,7 @@
 #include <user_acl.h>
 #include <dsn_mask.h>
 #include <mail_parm_split.h>
 #include <sendopts.h>
 /* Application-specific. */
@ -589,6 +613,11 @@ static const CONFIG_STR_TABLE str_table[] = {
    0,
 };
 /*
  * Sender options.
  */
 static int sm_sendopts;
 /*
  * Silly little macros (SLMs).
  */
@ -788,6 +817,14 @@ static void enqueue(const int flags, const char *encoding,
     * With "sendmail -N", instead of a per-message NOTIFY record we store one
     * per recipient so that we can simplify the implementation somewhat.
     */
    if (sm_sendopts)
 	rec_fprintf(dst, REC_TYPE_SIZE, REC_TYPE_SIZE_FORMAT,
 		    (REC_TYPE_SIZE_CAST1) ~ 0,	/* message segment size */
 		    (REC_TYPE_SIZE_CAST2) ~ 0,	/* content offset */
 		    (REC_TYPE_SIZE_CAST3) ~ 0,	/* recipient count */
 		    (REC_TYPE_SIZE_CAST4) ~ 0,	/* qmgr options */
 		    (REC_TYPE_SIZE_CAST5) ~ 0,	/* content length */
 		    (REC_TYPE_SIZE_CAST6) sm_sendopts);
    if (dsn_envid)
 	rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s",
 		    MAIL_ATTR_DSN_ENVID, dsn_envid);
@ -1251,7 +1288,19 @@ int     main(int argc, char **argv)
 	    break;
 	case 'N':
 	    if ((dsn_notify = dsn_notify_mask(optarg)) == 0)
-		msg_warn("bad -N option value -- ignored");
+		msg_warn("bad -N option value: '%s' -- ignored", optarg);
 	    break;
 	case 'O':
 	    if (strcasecmp(optarg, "REQUIRETLS") == 0) {
 		sm_sendopts |= SOPT_REQUIRETLS_ESMTP;
 	    if (var_requiretls_enable == 0)
 		msg_warn("'-O requiretls' was requested, but the "
 			 "configuration is 'requiretls_enable = no'");
 	    } else if (strcasecmp(optarg, "SMTPUTF8") == 0) {
 		sm_sendopts |= SOPT_SMTPUTF8_REQUESTED;
 	    } else {
 		msg_warn("bad -O option value: '%s' -- ignored", optarg);
 	    }
 	    break;
 	case 'R':
 	    if ((dsn_ret = dsn_ret_code(optarg)) == 0)
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@ -522,8 +522,10 @@ static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state)
 	if (TLS_MUST_MATCH(tls->level) == 0) {
 	    dsb_simple(why, "5.7.10", "Sender requires a TLS server "
 		       "certificate match, but the configured %s TLS "
-		       "security level (%s) does not support that",
+		       "security level '%s' does not support that. "
-		       var_mail_name, str_tls_level(tls->level));
+		       "The last attempted server was %s",
 		       var_mail_name, str_tls_level(tls->level),
 		       STR(iter->host));
 	    return (0);
 	}
    }
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@ -665,7 +665,8 @@ int     smtp_helo(SMTP_STATE *state)
     */
    if ((session->features & SMTP_FEATURE_SMTPUTF8) == 0
 	&& DELIVERY_REQUIRES_SMTPUTF8)
-	return (smtp_mesg_fail(state, DSN_BY_LOCAL_MTA,
+	return (smtp_misc_fail(state, SMTP_MISC_FAIL_SOFT_NON_FINAL,
 			       DSN_BY_LOCAL_MTA,
 			       SMTP_RESP_FAKE(&fake, "5.6.7"),
 			       "SMTPUTF8 is required, "
 			       "but was not offered by host %s",
--- a/postfix/src/util/Makefile.in
+++ b/postfix/src/util/Makefile.in
@ -1391,6 +1391,14 @@ cidr_match.o: stringops.h
 cidr_match.o: sys_defs.h
 cidr_match.o: vbuf.h
 cidr_match.o: vstring.h
 clean_ascii_cntrl_space.o: check_arg.h
 clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
 clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
 clean_ascii_cntrl_space.o: stringops.h
 clean_ascii_cntrl_space.o: sys_defs.h
 clean_ascii_cntrl_space.o: vbuf.h
 clean_ascii_cntrl_space.o: vstream.h
 clean_ascii_cntrl_space.o: vstring.h
 clean_env.o: argv.h
 clean_env.o: check_arg.h
 clean_env.o: clean_env.c
@ -2837,14 +2845,6 @@ trimblanks.o: sys_defs.h
 trimblanks.o: trimblanks.c
 trimblanks.o: vbuf.h
 trimblanks.o: vstring.h
 clean_ascii_cntrl_space.o: check_arg.h
 clean_ascii_cntrl_space.o: stringops.h
 clean_ascii_cntrl_space.o: sys_defs.h
 clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
 clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
 clean_ascii_cntrl_space.o: vbuf.h
 clean_ascii_cntrl_space.o: vstream.h
 clean_ascii_cntrl_space.o: vstring.h
 unescape.o: check_arg.h
 unescape.o: stringops.h
 unescape.o: sys_defs.h