postfix-3.7-20220121

postfix/HISTORY

@@ -26125,7 +26125,7 @@ Apologies for any names omitted.
 
 	Cleanup: added missing _maps parameter names to the
 	proxy_read_maps default value, based on output from the
-	mantools/missing-proxy-read-maps script.  File:
+	mantools/missing-proxy-read-maps script. File:
 	global/mail_params.h.
 
 	Sanity: added LANG=C to the typo-check scripts to get
@@ -26195,12 +26195,12 @@ Apologies for any names omitted.
 
 20220117
 
-	Clenaup: the nullmx_reject_code parameter was removed from
+	Cleanup: the nullmx_reject_code parameter was removed from
 	Postfix 3.0 before it was released, but the manpage was not
 	updated. File: proto/postconf.proto.
 
 	Cleanup: after seeking past the end of a writable memory-backed
-	VSTREAM (i.e.  backed by a VSTRING), write nulls over the
+	VSTREAM (i.e. backed by a VSTRING), write nulls over the
 	newly allocated bytes. This behavior is compatible with
 	seeking past the end of a writable regular file. File:
 	util/vstream.c.
@@ -26211,6 +26211,32 @@ Apologies for any names omitted.
 	Makefiles, some unit test 'reference' files.
 
 	Bugfix (documented but not implemented since Postfix 2.2):
-	missing support for [address] smtp_bind_address and
+	missing support for [address] in smtp_bind_address and
 	smtp_bind_address6. Reported by Vincent Pelletier. File:
 	smtp/smtp_connect.c.
+
+20220119
+
+	Cleanup: the 20211211 change could result in logfile spam.
+	Added a 1-bit counter to log "breaking long line" only once per
+	delivery request. File: smtp/smtp_proto.c.
+
+20220121
+
+	Cleanup: added a pre-release check for missing entries
+	in postfix-files. Problem reported by Jaroslav Skarvada.
+	Files: Makefile.in, conf/postfix-files,
+	mantools/check-postfix-files. Deleted: CYRUS_README.
+
+	Cleanup: added the RELEASE_NOTES file to the pre-release
+	checks, after Viktor Dukhovni reported a typo. Files:
+	mantools/check-double-install-proto-text,
+	mantools/check-spell-install-proto-text.
+
+	Cleanup: for consistent parameter naming (tlsproxy_client_xxx
+	correspnds to smtp_tls_xxx), renamed tlsproxy_client_level
+	to tlsproxy_client_security_level, and tlsproxy_client_policy
+	to tlsproxy_client_policy_maps, with backwards-compatible
+	defaults and updated documentation. Problem reported by
+	Raf. Files: global/mail_params.h, mantools/postlink,
+	postconf/postconf_builtin.c.

postfix/Makefile.in

@@ -114,14 +114,18 @@ manpages:
 	 (set -e; echo "[$$i]"; cd $$i; $(MAKE) -f Makefile.in $(OPTS) MAKELEVEL=) || exit 1; \
 	done </dev/null
 
-# Some require a statically-linked bin/postconf executable.
-pre-release-checks: typo-check missing-proxy-read-maps-check postlink-check
+# Some checks require a bin/postconf executable.
+pre-release-checks: typo-check missing-proxy-read-maps-check \
+	postlink-check postfix-files-check
+
+postfix-files-check:
+	mantools/check-postfix-files | diff /dev/null -
 
 postlink-check:
-	mantools/check-postlink | diff /dev/null -
+	$(SHLIB_ENV) mantools/check-postlink | diff /dev/null -
 
 missing-proxy-read-maps-check:
-	mantools/missing-proxy-read-maps | diff /dev/null -
+	$(SHLIB_ENV) mantools/missing-proxy-read-maps | diff /dev/null -
 
 typo-check: spell-cc spell-install-proto-text spell-proto-html \
 	double-cc double-install-proto-text double-proto-html

postfix/README_FILES/CYRUS_README

@@ -1,5 +0,0 @@
-PPoossttffiixx CCyyrruuss HHoowwttoo
-
--------------------------------------------------------------------------------
-This document will be made available via http://www.postfix.org/.
-

postfix/RELEASE_NOTES

@@ -41,10 +41,10 @@ Major changes with snapshot 20210815
 ====================================
 
 Updated defense against remote clients or servers that 'trickle'
-SMTP or LMTP traffc. The new {smtpd,smtp,lmtp}_per_request_deadline
+SMTP or LMTP traffic. The new {smtpd,smtp,lmtp}_per_request_deadline
 parameters replace {smtpd,smtp,lmtp}_per_record_deadline, with
-backwards compatible default settings. This defense is automatically
-enabled by default in the Postfix SMTP server in case of overload.
+backwards compatible default settings. This defense is enabled by
+default in the Postfix SMTP server in case of overload.
 
 The new smtpd_per_record_deadline parameter limits the combined
 time for the Postfix SMTP server to receive a request and to send

postfix/WISHLIST

@@ -9,18 +9,15 @@ Wish list:
 	Fix code that still uses "long" for data_size and data_offset,
 	and that uses "%ld" in sscanf().
 
-	For consistent naming (tlsproxy_client_mumble <> smtp_tls_mumble),
-	rename tlsproxy_client_level to tlsproxy_client_security_level,
-	and tlsproxy_client_policy to tlsproxy_client_policy_maps.
-	This requires backwards-compatible defaults and documentation
-	updates.
-
 	A smart query service for live Postfix tables that outputs JSON?
 
 	Add a pointer to
 	http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
 	in documentation or on-line howtos.
 
+	Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
+	and see how we can improve on the Postfix side.
+
 	Add verp=+= to the qmgr "from=" logging. This is already
 	implemented but not yet integrated.
 
@@ -76,7 +73,7 @@ Wish list:
 	configuration settings easier to enter. This may be true
 	for main.cf, master.cf and similar files (such as database
 	configuration files, but not necessarily elsewhere). So it
-	would have to be a readlline flag.
+	may have to be a readlline flag.
 
 	Understand what happens with DNSSEC related status fields 
 	in posttls-finger when resolv.conf points to a host that
@@ -95,18 +92,9 @@ Wish list:
 	events. But the currrent multi_server API fits typical usage
 	better.
 
-	Add a configurable filter for SMTP command syntax. Maybe
-	time for some inline-pcre or inline-regexp map support?
-
-	Update makedefs and sys-defs.h for current Linux kernels and
-	*BSD releases.
-
 	When a secondary instance has no multi_instance_name set,
 	postmulti -i won't be able to find it.
 
-	Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
-	and see how we can improve on the Postfix side.
-
 	nbbio: exercise the sanity checks with fake msg(3) functions.
 
 	optreset (bsd-ism) how badly do we need it?

postfix/conf/postfix-files

@@ -171,8 +171,8 @@ $manpage_directory/man1/postalias.1:f:root:-:644
 $manpage_directory/man1/postcat.1:f:root:-:644
 $manpage_directory/man1/postconf.1:f:root:-:644
 $manpage_directory/man1/postdrop.1:f:root:-:644
-$manpage_directory/man1/postfix.1:f:root:-:644
 $manpage_directory/man1/postfix-tls.1:f:root:-:644
+$manpage_directory/man1/postfix.1:f:root:-:644
 $manpage_directory/man1/postkick.1:f:root:-:644
 $manpage_directory/man1/postlock.1:f:root:-:644
 $manpage_directory/man1/postlog.1:f:root:-:644
@@ -276,6 +276,7 @@ $readme_directory/ADDRESS_REWRITING_README:f:root:-:644
 $readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644
 $readme_directory/BACKSCATTER_README:f:root:-:644
 $readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
+$readme_directory/BDAT_README:f:root:-:644
 $readme_directory/BUILTIN_FILTER_README:f:root:-:644
 $readme_directory/CDB_README:f:root:-:644
 $readme_directory/COMPATIBILITY_README:f:root:-:644
@@ -297,16 +298,19 @@ $readme_directory/LMDB_README:f:root:-:644
 $readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
 $readme_directory/MACOSX_README:f:root:-:644:o
 $readme_directory/MAILDROP_README:f:root:-:644
+$readme_directory/MAILLOG_README:f:root:-:644
 $readme_directory/MEMCACHE_README:f:root:-:644
 $readme_directory/MILTER_README:f:root:-:644
 $readme_directory/MULTI_INSTANCE_README:f:root:-:644
 $readme_directory/MYSQL_README:f:root:-:644
+$readme_directory/SMTPUTF8_README:f:root:-:644
 $readme_directory/SQLITE_README:f:root:-:644
 $readme_directory/NFS_README:f:root:-:644
 $readme_directory/OVERVIEW:f:root:-:644
 $readme_directory/PACKAGE_README:f:root:-:644
 $readme_directory/PCRE_README:f:root:-:644
 $readme_directory/PGSQL_README:f:root:-:644
+$readme_directory/POSTSCREEN_3_5_README:f:root:-:644
 $readme_directory/POSTSCREEN_README:f:root:-:644
 $readme_directory/QMQP_README:f:root:-:644:o
 $readme_directory/QSHAPE_README:f:root:-:644
@@ -334,6 +338,7 @@ $html_directory/ADDRESS_REWRITING_README.html:f:root:-:644
 $html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644
 $html_directory/BACKSCATTER_README.html:f:root:-:644
 $html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644
+$html_directory/BDAT_README.html:f:root:-:644
 $html_directory/BUILTIN_FILTER_README.html:f:root:-:644
 $html_directory/CDB_README.html:f:root:-:644
 $html_directory/COMPATIBILITY_README.html:f:root:-:644
@@ -354,15 +359,19 @@ $html_directory/LINUX_README.html:f:root:-:644
 $html_directory/LMDB_README.html:f:root:-:644
 $html_directory/LOCAL_RECIPIENT_README.html:f:root:-:644
 $html_directory/MAILDROP_README.html:f:root:-:644
+$html_directory/MAILLOG_README.html:f:root:-:644
+$html_directory/MEMCACHE_README.html:f:root:-:644
 $html_directory/MILTER_README.html:f:root:-:644
 $html_directory/MULTI_INSTANCE_README.html:f:root:-:644
 $html_directory/MYSQL_README.html:f:root:-:644
+$html_directory/SMTPUTF8_README.html:f:root:-:644
 $html_directory/SQLITE_README.html:f:root:-:644
 $html_directory/NFS_README.html:f:root:-:644
 $html_directory/OVERVIEW.html:f:root:-:644
 $html_directory/PACKAGE_README.html:f:root:-:644
 $html_directory/PCRE_README.html:f:root:-:644
 $html_directory/PGSQL_README.html:f:root:-:644
+$html_directory/POSTSCREEN_3_5_README.html:f:root:-:644
 $html_directory/POSTSCREEN_README.html:f:root:-:644
 $html_directory/QMQP_README.html:f:root:-:644:o
 $html_directory/QSHAPE_README.html:f:root:-:644
@@ -387,6 +396,7 @@ $html_directory/XFORWARD_README.html:f:root:-:644
 $html_directory/access.5.html:f:root:-:644
 $html_directory/aliases.5.html:f:root:-:644
 $html_directory/anvil.8.html:f:root:-:644
+$html_directory/bounce.5.html:f:root:-:644
 $html_directory/bounce.8.html:f:root:-:644
 $html_directory/canonical.5.html:f:root:-:644
 $html_directory/cidr_table.5.html:f:root:-:644
@@ -401,6 +411,7 @@ $html_directory/generic.5.html:f:root:-:644
 $html_directory/header_checks.5.html:f:root:-:644
 $html_directory/index.html:f:root:-:644
 $html_directory/ldap_table.5.html:f:root:-:644
+$html_directory/lmdb_table.5.html:f:root:-:644
 $html_directory/lmtp.8.html:f:root:-:644
 $html_directory/local.8.html:f:root:-:644
 $html_directory/mailq.1.html:f:root:-:644
@@ -423,6 +434,7 @@ $html_directory/postconf.5.html:f:root:-:644
 $html_directory/postdrop.1.html:f:root:-:644
 $html_directory/postfix-logo.jpg:f:root:-:644
 $html_directory/postfix-manuals.html:f:root:-:644
+$html_directory/postfix-tls.1.html:f:root:-:644
 $html_directory/postfix-wrapper.5.html:f:root:-:644
 $html_directory/postfix.1.html:f:root:-:644
 $html_directory/postkick.1.html:f:root:-:644
@@ -442,13 +454,16 @@ $html_directory/qmqp-source.1.html:f:root:-:644
 $html_directory/qmqpd.8.html:f:root:-:644
 $html_directory/regexp_table.5.html:f:root:-:644
 $html_directory/relocated.5.html:f:root:-:644
+$html_directory/scache.8.html:f:root:-:644
 $html_directory/sendmail.1.html:h:$html_directory/mailq.1.html:-:644
 $html_directory/showq.8.html:f:root:-:644
 $html_directory/smtp-sink.1.html:f:root:-:644
 $html_directory/smtp-source.1.html:f:root:-:644
 $html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
 $html_directory/smtpd.8.html:f:root:-:644
+$html_directory/socketmap_table.5.html:f:root:-:644
 $html_directory/spawn.8.html:f:root:-:644
+$html_directory/tlsmgr.8.html:f:root:-:644
 $html_directory/tlsproxy.8.html:f:root:-:644
 $html_directory/tcp_table.5.html:f:root:-:644
 $html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644

postfix/html/postconf.5.html

@@ -19967,6 +19967,18 @@ configure tlsproxy client keys and certificates is via the
 <p> This feature is available in Postfix 3.4 and later. </p>
 
 
+</DD>
+
+<DT><b><a name="tlsproxy_client_level">tlsproxy_client_level</a>
+(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD>
+
+<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
+client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> in Postfix 3.7. </p>
+
+
 </DD>
 
 <DT><b><a name="tlsproxy_client_loglevel">tlsproxy_client_loglevel</a>
@@ -20001,6 +20013,19 @@ hostname.  See <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>
 <p> This feature is available in Postfix 3.4 and later. </p>
 
 
+</DD>
+
+<DT><b><a name="tlsproxy_client_policy">tlsproxy_client_policy</a>
+(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS
+security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> in Postfix 3.7. </p>
+
+
 </DD>
 
 <DT><b><a name="tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a>
@@ -20010,7 +20035,8 @@ hostname.  See <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>
 security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
 for further details. </p>
 
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a>. </p>
 
 
 </DD>
@@ -20032,7 +20058,8 @@ See <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifyde
 <p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
 client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
 
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a>. </p>
 
 
 </DD>

postfix/html/tlsproxy.8.html

@@ -323,11 +323,11 @@ TLSPROXY(8)                                                        TLSPROXY(8)
        <b><a href="postconf.5.html#tlsproxy_client_scert_verifydepth">tlsproxy_client_scert_verifydepth</a> ($<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>)</b>
               The verification depth for remote TLS server certificates.
 
-       <b><a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+       <b><a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
               The  default  TLS  security  level  for  the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
               client.
 
-       <b><a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+       <b><a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
               Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>  client  TLS
               security policy by next-hop destination.
 
@@ -343,6 +343,16 @@ TLSPROXY(8)                                                        TLSPROXY(8)
               usage policy by next-hop destination and by  remote  TLS  server
               hostname.
 
+       Available in Postfix version 3.7 and later:
+
+       <b><a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+              The  default  TLS  security  level  for  the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+              client.
+
+       <b><a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+              Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>  client  TLS
+              security policy by next-hop destination.
+
 <b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
        These  parameters  are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
        parameters.

postfix/man/man5/postconf.5

@@ -14185,6 +14185,12 @@ configure tlsproxy client keys and certificates is via the
 "tlsproxy_client_chain_files" parameter.
 .PP
 This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_level (default: $smtp_tls_security_level)
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client. See smtp_tls_security_level for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_security_level in Postfix 3.7.
 .SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel)
 Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS
 activity. See smtp_tls_loglevel for further details.
@@ -14201,12 +14207,20 @@ usage policy by next\-hop destination and by remote TLS server
 hostname.  See smtp_tls_per_site for further details.
 .PP
 This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps)
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination. See smtp_tls_policy_maps
+for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_policy_maps in Postfix 3.7.
 .SH tlsproxy_client_policy_maps (default: $smtp_tls_policy_maps)
 Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
 security policy by next\-hop destination. See smtp_tls_policy_maps
 for further details.
 .PP
-This feature is available in Postfix 3.4 and later.
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_policy.
 .SH tlsproxy_client_scert_verifydepth (default: $smtp_tls_scert_verifydepth)
 The verification depth for remote TLS server certificates.
 See smtp_tls_scert_verifydepth for further details.
@@ -14216,7 +14230,8 @@ This feature is available in Postfix 3.4 and later.
 The default TLS security level for the Postfix \fBtlsproxy\fR(8)
 client. See smtp_tls_security_level for further details.
 .PP
-This feature is available in Postfix 3.4 and later.
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_level.
 .SH tlsproxy_client_use_tls (default: $smtp_use_tls)
 Opportunistic mode: use TLS when a remote server announces TLS
 support. See smtp_use_tls for further details. Use

postfix/man/man8/tlsproxy.8

@@ -292,10 +292,10 @@ The name of the parameter that provides the tlsproxy_client_loglevel
 value.
 .IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR"
 The verification depth for remote TLS server certificates.
-.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+.IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR"
 The default TLS security level for the Postfix \fBtlsproxy\fR(8)
 client.
-.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+.IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR"
 Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
 security policy by next\-hop destination.
 .IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
@@ -307,6 +307,14 @@ Enforcement mode: require that SMTP servers use TLS encryption.
 Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
 usage policy by next\-hop destination and by remote TLS server
 hostname.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client.
+.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination.
 .SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
 .na
 .nf

postfix/mantools/check-double-install-proto-text

@@ -4,4 +4,4 @@
 
 LANG=C; export LANG
 
-ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | xargs mantools/deroff | mantools/find-double | fgrep -vxf proto/stop.double-install-proto-text
+(ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | xargs mantools/deroff; cat RELEASE_NOTES) | mantools/find-double | fgrep -vxf proto/stop.double-install-proto-text

postfix/mantools/check-postfix-files

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# Reports missing documentation file names in postfix-files. For
+# simplicity and maintainability this looks at file basenames only.
+# The odds that a file is installed in the wrong place are small.
+
+trap 'rm -f expected.tmp actual.tmp' 0 1 2 3 15
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+# Extract file basenames from postfix-files.
+
+awk -F: '
+    BEGIN { want["f"] = want["h"] = want["l"] = want["p"] = 1 }
+    want[$2] == 1 { n = split($1, path, "/"); print path[n] }
+' conf/postfix-files | sort >actual.tmp
+
+# Create a list of expected names, excluding files that aren't installed.
+
+(ls man/man?/* html/*.html |sed 's/.*\///' | egrep -v '^makedefs.1
+^posttls-finger.1
+^qmqp-sink.1
+^qmqp-source.1
+^qshape.1
+^smtp-sink.1
+^smtp-source.1'
+ls README_FILES) | sort >expected.tmp 
+
+# Compare the expected names against the names in postfix-files.
+
+comm -23 expected.tmp actual.tmp

postfix/mantools/check-postlink

@@ -1,11 +1,11 @@
 #!/bin/sh
 
-# Look for missing parameter names in postlink
+# Reports parameter names that have no postlink rules.
 
 LANG=C; export LANG
 LC_ALL=C; export LC_ALL
 
-trap 'rm -f postlink.tmp postconf.tmp check-postlink.tmp 2>/dev/null' 0 1 2 3 15
+trap 'rm -f postlink.tmp postconf.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
 
 # Extract parameters from postlink script. This also produces names
 # of obsolete parameters, and non-parameter names such as SMTPD
@@ -17,124 +17,41 @@ sed -n '/[ 	].*href="postconf\.5\.html#/{
 	p
 }' mantools/postlink | sort > postlink.tmp
 
-# Extract parameters from postconf output.
+# Extract parameters from postconf output, using the stock configurations.
 
 bin/postconf -dHc conf | sort >postconf.tmp
 
-# Filter the output through a whitelist.
+# Filter the postconf output through a stoplist. First, parameter
+# names prefixed by their service name.
 
-cat >check-postlink.tmp <<'EOF'
-error_delivery_slot_cost
-error_delivery_slot_discount
-error_delivery_slot_loan
-error_destination_concurrency_failed_cohort_limit
-error_destination_concurrency_limit
-error_destination_concurrency_negative_feedback
-error_destination_concurrency_positive_feedback
-error_destination_rate_delay
-error_destination_recipient_limit
-error_extra_recipient_limit
-error_initial_destination_concurrency
-error_minimum_delivery_slots
-error_recipient_limit
-error_recipient_refill_delay
-error_recipient_refill_limit
-error_transport_rate_delay
-lmtp_body_checks
-lmtp_cname_overrides_servername
-lmtp_delivery_slot_cost
-lmtp_delivery_slot_discount
-lmtp_delivery_slot_loan
-lmtp_destination_concurrency_failed_cohort_limit
-lmtp_destination_concurrency_negative_feedback
-lmtp_destination_concurrency_positive_feedback
-lmtp_destination_rate_delay
-lmtp_extra_recipient_limit
-lmtp_header_checks
-lmtp_initial_destination_concurrency
-lmtp_mime_header_checks
-lmtp_minimum_delivery_slots
-lmtp_nested_header_checks
-lmtp_recipient_limit
-lmtp_recipient_refill_delay
-lmtp_recipient_refill_limit
-lmtp_transport_rate_delay
-local_delivery_slot_cost
-local_delivery_slot_discount
-local_delivery_slot_loan
-local_destination_concurrency_failed_cohort_limit
-local_destination_concurrency_negative_feedback
-local_destination_concurrency_positive_feedback
-local_destination_rate_delay
-local_extra_recipient_limit
-local_initial_destination_concurrency
-local_minimum_delivery_slots
-local_recipient_limit
-local_recipient_refill_delay
-local_recipient_refill_limit
-local_transport_rate_delay
-relay_delivery_slot_cost
-relay_delivery_slot_discount
-relay_delivery_slot_loan
-relay_destination_concurrency_failed_cohort_limit
-relay_destination_concurrency_negative_feedback
-relay_destination_concurrency_positive_feedback
-relay_destination_rate_delay
-relay_extra_recipient_limit
-relay_initial_destination_concurrency
-relay_minimum_delivery_slots
-relay_recipient_limit
-relay_recipient_refill_delay
-relay_recipient_refill_limit
-relay_transport_rate_delay
-retry_delivery_slot_cost
-retry_delivery_slot_discount
-retry_delivery_slot_loan
-retry_destination_concurrency_failed_cohort_limit
-retry_destination_concurrency_limit
-retry_destination_concurrency_negative_feedback
-retry_destination_concurrency_positive_feedback
-retry_destination_rate_delay
-retry_destination_recipient_limit
-retry_extra_recipient_limit
-retry_initial_destination_concurrency
-retry_minimum_delivery_slots
-retry_recipient_limit
-retry_recipient_refill_delay
-retry_recipient_refill_limit
-retry_transport_rate_delay
-smtp_delivery_slot_cost
-smtp_delivery_slot_discount
-smtp_delivery_slot_loan
-smtp_destination_concurrency_failed_cohort_limit
-smtp_destination_concurrency_negative_feedback
-smtp_destination_concurrency_positive_feedback
-smtp_destination_rate_delay
-smtp_extra_recipient_limit
-smtp_initial_destination_concurrency
-smtp_minimum_delivery_slots
-smtp_recipient_limit
-smtp_recipient_refill_delay
-smtp_recipient_refill_limit
-smtp_transport_rate_delay
+for xport in error lmtp local relay retry smtp virtual
+do
+   cat <<EOF
+${xport}_delivery_slot_cost
+${xport}_delivery_slot_discount
+${xport}_delivery_slot_loan
+${xport}_destination_concurrency_failed_cohort_limit
+${xport}_destination_concurrency_limit
+${xport}_destination_concurrency_negative_feedback
+${xport}_destination_concurrency_positive_feedback
+${xport}_destination_rate_delay
+${xport}_destination_recipient_limit
+${xport}_extra_recipient_limit
+${xport}_initial_destination_concurrency
+${xport}_minimum_delivery_slots
+${xport}_recipient_limit
+${xport}_recipient_refill_delay
+${xport}_recipient_refill_limit
+${xport}_transport_rate_delay
+EOF
+done >stoplist.tmp
+
+# Second, pseudo parameters, read-only parameters, etc.
+
+cat >>stoplist.tmp <<'EOF'
 stress
-tlsproxy_client_level
-tlsproxy_client_policy
-virtual_delivery_slot_cost
-virtual_delivery_slot_discount
-virtual_delivery_slot_loan
-virtual_destination_concurrency_failed_cohort_limit
-virtual_destination_concurrency_negative_feedback
-virtual_destination_concurrency_positive_feedback
-virtual_destination_rate_delay
-virtual_extra_recipient_limit
-virtual_initial_destination_concurrency
-virtual_minimum_delivery_slots
-virtual_recipient_limit
-virtual_recipient_refill_delay
-virtual_recipient_refill_limit
-virtual_transport_rate_delay
-
 EOF
 
-comm -23 postconf.tmp postlink.tmp | fgrep -vx -f check-postlink.tmp
+# Report names from postconf that have no rule in mantools/postlink.
+
+comm -23 postconf.tmp postlink.tmp | fgrep -vx -f stoplist.tmp

postfix/mantools/check-spell-install-proto-text

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-# Spellchecks the install scripts and proto non-html files.
+# Spellchecks the release notes, install scripts, and proto non-html files.
 
 LANG=C; export LANG
 
-ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' |  mantools/deroff | spell | fgrep -vxf proto/stop
+(ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | mantools/deroff; cat RELEASE_NOTES) | spell | fgrep -vxf proto/stop

postfix/mantools/missing-proxy-read-maps

@@ -2,7 +2,7 @@
 
 # Outputs missing mail_params.h lines for the proxy_read_maps default
 # value.
-#
+
 # First, get the proxy_read_maps default value from postconf command
 # output. This gives us a list of parameter names that are already
 # present in the proxy_read_maps default value.
@@ -36,7 +36,7 @@ while ($line = <MAIL_PARAMS>) {
     }
 }
 close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
-#
+
 # Produce mail_params.h lines for all parameters that have names
 # ending in _maps and that are not listed in proxy_read_maps. We get
 # the full parameter name list from postconf command output. Abort

postfix/mantools/postlink

@@ -1130,8 +1130,10 @@ while (<>) {
     s;\btlsproxy_client_loglevel_parameter\b;<a href="postconf.5.html#tlsproxy_client_loglevel_parameter">$&</a>;g;
     s;\btlsproxy_client_scert_verifydepth\b;<a href="postconf.5.html#tlsproxy_client_scert_verifydepth">$&</a>;g;
 
+    s;\btlsproxy_client_level\b;<a href="postconf.5.html#tlsproxy_client_level">$&</a>;g;
     s;\btlsproxy_client_security_level\b;<a href="postconf.5.html#tlsproxy_client_security_level">$&</a>;g;
     s;\btlsproxy_client_per_site\b;<a href="postconf.5.html#tlsproxy_client_per_site">$&</a>;g;
+    s;\btlsproxy_client_policy\b;<a href="postconf.5.html#tlsproxy_client_policy">$&</a>;g;
     s;\btlsproxy_client_policy_maps\b;<a href="postconf.5.html#tlsproxy_client_policy_maps">$&</a>;g;
     s;\btlsproxy_client_use_tls\b;<a href="postconf.5.html#tlsproxy_client_use_tls">$&</a>;g;
     s;\btlsproxy_client_enforce_tls\b;<a href="postconf.5.html#tlsproxy_client_enforce_tls">$&</a>;g;

postfix/proto/postconf.proto

@@ -17493,12 +17493,21 @@ See smtp_tls_scert_verifydepth for further details. </p>
 
 <p> This feature is available in Postfix 3.4 and later. </p>
 
+%PARAM tlsproxy_client_level $smtp_tls_security_level
+
+<p> The default TLS security level for the Postfix tlsproxy(8)
+client. See smtp_tls_security_level for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was 
+renamed to tlsproxy_client_security_level in Postfix 3.7. </p>
+
 %PARAM tlsproxy_client_security_level $smtp_tls_security_level
 
 <p> The default TLS security level for the Postfix tlsproxy(8)
 client. See smtp_tls_security_level for further details. </p>
 
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_level. </p>
 
 %PARAM tlsproxy_client_per_site $smtp_tls_per_site
 
@@ -17508,13 +17517,23 @@ hostname.  See smtp_tls_per_site for further details. </p>
 
 <p> This feature is available in Postfix 3.4 and later. </p>
 
+%PARAM tlsproxy_client_policy $smtp_tls_policy_maps
+
+<p> Optional lookup tables with the Postfix tlsproxy(8) client TLS
+security policy by next-hop destination. See smtp_tls_policy_maps
+for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to tlsproxy_client_policy_maps in Postfix 3.7. </p>
+
 %PARAM tlsproxy_client_policy_maps $smtp_tls_policy_maps
 
 <p> Optional lookup tables with the Postfix tlsproxy(8) client TLS
 security policy by next-hop destination. See smtp_tls_policy_maps
 for further details. </p>
 
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_policy. </p>
 
 %PARAM tlsproxy_client_use_tls $smtp_use_tls
 

postfix/proto/stop

@@ -1551,3 +1551,7 @@ proto
 ICMP
 NORANDOMIZE
 wallclock
+BDAT
+IPL
+yyyy
+yyyymmdd

postfix/src/global/mail_params.h

@@ -2501,7 +2501,8 @@ extern int var_local_rcpt_code;
 				" $" VAR_LOCAL_LOGIN_SND_MAPS \
 				" $" VAR_PSC_REJ_FTR_MAPS \
 				" $" VAR_SMTPD_REJ_FTR_MAPS \
-				" $" VAR_TLS_SERVER_SNI_MAPS
+				" $" VAR_TLS_SERVER_SNI_MAPS \
+				" $" VAR_TLSP_CLNT_POLICY
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"
@@ -4065,16 +4066,20 @@ extern bool var_tlsp_clnt_use_tls;
 #define DEF_TLSP_CLNT_ENFORCE_TLS	"$" VAR_SMTP_ENFORCE_TLS
 extern bool var_tlsp_clnt_enforce_tls;
 
-#define VAR_TLSP_CLNT_LEVEL		"tlsproxy_client_level"
-#define DEF_TLSP_CLNT_LEVEL		"$" VAR_SMTP_TLS_LEVEL
+/* Migrate an incorrect name. */
+#define OBS_TLSP_CLNT_LEVEL		"tlsproxy_client_level"
+#define VAR_TLSP_CLNT_LEVEL		"tlsproxy_client_security_level"
+#define DEF_TLSP_CLNT_LEVEL		"${" OBS_TLSP_CLNT_LEVEL ":$" VAR_SMTP_TLS_LEVEL "}"
 extern char *var_tlsp_clnt_level;
 
 #define VAR_TLSP_CLNT_PER_SITE		"tlsproxy_client_per_site"
 #define DEF_TLSP_CLNT_PER_SITE		"$" VAR_SMTP_TLS_PER_SITE
 extern char *var_tlsp_clnt_per_site;
 
-#define VAR_TLSP_CLNT_POLICY		"tlsproxy_client_policy"
-#define DEF_TLSP_CLNT_POLICY		"$" VAR_SMTP_TLS_POLICY
+/* Migrate an incorrect name. */
+#define OBS_TLSP_CLNT_POLICY		"tlsproxy_client_policy"
+#define VAR_TLSP_CLNT_POLICY		"tlsproxy_client_policy_maps"
+#define DEF_TLSP_CLNT_POLICY		"${" OBS_TLSP_CLNT_POLICY ":$" VAR_SMTP_TLS_POLICY "}"
 extern char *var_tlsp_clnt_policy;
 
  /*

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20220117"
+#define MAIL_RELEASE_DATE	"20220121"
 #define MAIL_VERSION_NUMBER	"3.7"
 
 #ifdef SNAPSHOT

postfix/src/postconf/postconf_builtin.c

@@ -148,6 +148,8 @@ static const CONFIG_STR_TABLE pcf_legacy_str_table[] = {
     {"lmtp_per_record_deadline", ""},
     {"smtp_per_record_deadline", ""},
     {"smtpd_per_record_deadline", ""},
+    {"tlsproxy_client_level", ""},
+    {"tlsproxy_client_policy", ""},
     0,
 };
 

postfix/src/smtp/smtp.h

@@ -191,6 +191,12 @@ typedef struct SMTP_STATE {
      * assume per-server debug_peer support.
      */
     int     debug_peer_per_nexthop;
+
+    /*
+     * One-bit counters to avoid logging the same warning multiple times per
+     * delivery request.
+     */
+    int     logged_line_length_limit:1;
 } SMTP_STATE;
 
  /*

postfix/src/smtp/smtp_proto.c

@@ -1194,8 +1194,11 @@ static void smtp_text_out(void *context, int rec_type,
 		 * multibyte characters can span queue file records, for
 		 * example if line_length_limit == smtp_line_length_limit.
 		 */
-		msg_info("%s: breaking line > %d bytes with <CR><LF>SPACE",
-			 state->request->queue_id, var_smtp_line_limit);
+		if (state->logged_line_length_limit == 0) {
+		    msg_info("%s: breaking line > %d bytes with <CR><LF>SPACE",
+			     state->request->queue_id, var_smtp_line_limit);
+		    state->logged_line_length_limit = 1;
+		}
 	    }
 	} else {
 	    if (rec_type == REC_TYPE_CONT) {

postfix/src/smtp/smtp_state.c

@@ -88,6 +88,7 @@ SMTP_STATE *smtp_state_alloc(void)
     }
     state->why = dsb_create();
     state->debug_peer_per_nexthop = 0;
+    state->logged_line_length_limit = 0;
     return (state);
 }
 

postfix/src/tlsproxy/tlsproxy.c

@@ -272,10 +272,10 @@
 /*	value.
 /* .IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR"
 /*	The verification depth for remote TLS server certificates.
-/* .IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+/* .IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR"
 /*	The default TLS security level for the Postfix \fBtlsproxy\fR(8)
 /*	client.
-/* .IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+/* .IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR"
 /*	Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
 /*	security policy by next-hop destination.
 /* .IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
@@ -287,6 +287,14 @@
 /*	Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
 /*	usage policy by next-hop destination and by remote TLS server
 /*	hostname.
+/* .PP
+/*	Available in Postfix version 3.7 and later:
+/* .IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+/*	The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+/*	client.
+/* .IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+/*	Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+/*	security policy by next-hop destination.
 /* OBSOLETE STARTTLS SUPPORT CONTROLS
 /* .ad
 /* .fi