postfix-3.10-20240722

2025-08-22 09:57:34 +00:00 · 2024-07-22 00:00:00 -05:00 · 2024-07-22 00:00:00 -05:00 · 3bad43fa00
commit 3bad43fa00
parent c770c08168
20 changed files with 226 additions and 532 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -22345,7 +22345,7 @@ Apologies for any names omitted.
 	Cleanup: integer wrap-around detection in the MySQL and
 	PostgreSQL clients. This is totally non-critical because
 	Postfix strings are size-limited by design. Files:
-	global/dict_mysqql.c, global/dict_pgsql.c.
+	global/dict_mysql.c, global/dict_pgsql.c.
 20160607
@ -28110,6 +28110,45 @@ Apologies for any names omitted.
 	Documentation: in the rbl_reply_maps description,added text
 	how it handles reject_rbl_* or reject_rhsbl_* queries with
-	an address filter. Also added text to clarify te differences
+	an address filter. Also added text to clarify the differences
 	between rbl_reply_maps and postscreen_dnsbl_reply_map.
 	File: proto/postconf.proto.
 20240623
 	Feature: improved rbl_reply_maps usability. After a query
 	with the form domain=address-filter returns no result,
 	rbl_reply_maps will query the tables with the domain (i.e.
 	without the =address-filter). Files: smtpd/smtpd_check.c,
 	proto/postconf.proto, smtpd/smtpd_check_access, smtpd/smtpd_exp.in,
 	smtpd/smtpd_exp.ref.
 20240626
 	Cleanup: updated SMTP server regression tests for last-minute
 	changes to the wording of deprecation messages. Files:
 	smtpd/smtpd_check_backup.ref, smtpd/smtpd_deprecated.ref,
 	smtpd/smtpd_exp.ref.
 20240719
 	Bitrot: with MySQL 8.0.35 and later set TLS options with
 	mysql_options() instead of mysql_ssl_set(). Researched by
 	Robert Fuhrer. Files: global/dict_mysql.c, proto/mysql_table.
 20240720
 	Bitrot: MariaDB Connector/C 3.0.0 lists mysql_options() as
 	deprecated, and recommends using mysql_optionsv() instead.
 	Option names and semantics have not changed. Peter Ajamian.
 	Files: global/dict_mysql.c, proto/mysql_table.
 20240721
 	Reproducible build: sort the output from 'env'. Scott
 	Kitterman. File: makedefs.
 20240722
 	Bitrot: some groff version complains about ".ft C" directives
 	in postconf(5) manpages. File: mantools/postconf2man.
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@ -16,6 +16,16 @@ Wish list:
 	using FIFOs anymore, and trigger servers could use a proper
 	(attribute, value) protocol.
 	Send XFORWARD attributes in the SMTPD policy delegation
 	protocol.
 	With "smtpd_reject_unlisted_mumble = no" the Postfix SMTP
 	server should still reject recipients that resolve to the
 	error or retry transport.
 	bounce/annotate.sh should include the 'QUICK INSTRUCTIONS'
 	into the bounce.cf.default file.
 	The postsceen NON-SMTP test should log the command in
 	the same format as the BARE NEWLINE and PREGREET tests.
 	Consider logging the entire unadulterated command line.
--- a/postfix/html/mysql_table.5.html
+++ b/postfix/html/mysql_table.5.html
@ -258,6 +258,11 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
              This parameter is available with Postfix 3.2 and later.
 <b>TLS-RELATED SETTINGS</b>
       See      <a href="https://dev.mysql.com/doc/c-api/en/mysql-options.html">https://dev.mysql.com/doc/c-api/en/mysql-options.html</a>       or
       <a href="https://mariadb.com/kb/en/mysql_optionsv/">https://mariadb.com/kb/en/mysql_optionsv/</a> for details of the underlying
       MYSQL_OPT_SSL_* features.
       <b>tls_cert_file</b>
              File containing client's X509 certificate.
@ -269,7 +274,7 @@ MYSQL_TABLE(5)                                                  MYSQL_TABLE(5)
              This parameter is available with Postfix 2.11 and later.
       <b>tls_CAfile</b>
-              File  containing  certificates for all of the X509 Certification
+              File  containing  X509 certificates for all of the Certification
              Authorities the client will recognize.   Takes  precedence  over
              <b>tls_CApath</b>.
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -2610,7 +2610,8 @@ by an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status
 <dt><b>$rbl_domain</b></dt>
-<dd>The RBL domain where $rbl_what is denylisted. </dd>
+<dd>The RBL domain (without any <i>=address-filter</i>) where
 $rbl_what is denylisted. </dd>
 <dt><b>$rbl_reason</b></dt>
@ -8800,7 +8801,7 @@ the file is read). </p>
 <p> NOTE: This feature differs from the Postfix SMTP server's
 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> feature, where 1) the table search key includes the
-optional "<i>=address</i>" filter, and where 2) the lookup result
+optional "<i>=address-filter</i>", and where 2) the lookup result
 contains free text with <i>$name</i> variables. </p>
 <p> This feature is available in Postfix 2.8.  </p>
@ -9814,7 +9815,10 @@ This feature is available in Postfix 2.0 and later.
 <p>
 Optional lookup tables with RBL or RHSBL response templates. The
 table search key is the reject_rbl_* or reject_rhsbl_* argument,
-including any optional "<i>=address-pattern</i>" filter. </p>
+including any optional "<i>=address-filter</i>".  With Postfix 3.10
 and later, if the result is "not found" and the search key has the
 form <i>domain=address-filter</i>, then <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> will also
 search with the <i>domain</i>. </p>
 <p> By default, Postfix uses the
 template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration
@ -9838,20 +9842,26 @@ syntax.
    # variables.
    <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11]
        554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details
 </pre>
 <pre>
    # Postfix &ge; 3.10: if a search key <i>domain=address-filter</i>
    # is not found, then <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> will also search with the
    # <i>domain</i>.
    <i>secret</i>.zen.dq.spamhaus.net
        554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details
 </pre>
 <p>
 NOTE: This feature differs from <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> where
-the table search key is a domain name (no "<i>=address</i>" filter,
+the table search key is only a domain name (no "<i>=address-filter</i>",
-no "<i>*weight</i>" factor) and where the lookup result should be
+no "<i>*weight</i>" factor) and where the lookup result
-a domain name (no free text, no <i>$name</i> variables).
+should be only a domain name (no free text, no <i>$name</i> variables).
 </p>
 <p>
 This feature is available in Postfix 2.0 and later.
-The "=address-pattern" filter is available in Postfix 2.8 and later.
+The "=address-filter" feature is available in Postfix 2.8 and later.
 </p>
--- a/postfix/makedefs
+++ b/postfix/makedefs
@ -220,7 +220,7 @@ echo "#----------------------------------------------------------------"
 echo "# Start of summary of user-configurable 'make makefiles' options."
 echo "# CCARGS=$CCARGS"
 echo "# AUXLIBS=$AUXLIBS"
-env | grep '^AUXLIBS_' | sed 's/^/# /'
+env | grep '^AUXLIBS_' | sed 's/^/# /' | sort
 echo "# shared=$shared"
 echo "# dynamicmaps=$dynamicmaps"
 echo "# pie=$pie"
--- a/postfix/man/man5/mysql_table.5
+++ b/postfix/man/man5/mysql_table.5
@ -277,6 +277,14 @@ set.  If "\fBno\fR", treat the absence of a result set as
 "not found".
 .sp
 This parameter is available with Postfix 3.2 and later.
 .SH "TLS-RELATED SETTINGS"
 .na
 .nf
 .ad
 .fi
 See https://dev.mysql.com/doc/c\-api/en/mysql\-options.html
 or https://mariadb.com/kb/en/mysql_optionsv/ for details of
 the underlying MYSQL_OPT_SSL_* features.
 .IP "\fBtls_cert_file\fR"
 File containing client's X509 certificate.
 .sp
@ -286,7 +294,7 @@ File containing the private key corresponding to \fBtls_cert_file\fR.
 .sp
 This parameter is available with Postfix 2.11 and later.
 .IP "\fBtls_CAfile\fR"
-File containing certificates for all of the X509 Certification
+File containing X509 certificates for all of the Certification
 Authorities the client will recognize.  Takes precedence over
 \fBtls_CApath\fR.
 .sp
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
--- a/postfix/mantools/postconf2man
+++ b/postfix/mantools/postconf2man
@ -58,8 +58,8 @@ while(<>) {
    $block =~ s/^(<p(re)?>)/.PP\n\1/ if ($wantpp);
    $block =~ s/<p> */\n/g;
    $block =~ s/ *<\/p>/\n/g;
-    $block =~ s/<pre>/\n.nf\n.na\n.ft C\n/g;
+    $block =~ s/<pre>/\n.nf\n.na\n/g;
-    $block =~ s/<\/pre>/\n.fi\n.ad\n.ft R\n/g;
+    $block =~ s/<\/pre>/\n.fi\n.ad\n/g;
    $block =~ s/<dl[^>]*>/\n/g;
    $block =~ s/<ul>/\n/g;
    #$block =~ s/<\/dl>/\n.PP\n/g;
--- a/postfix/proto/mysql_table
+++ b/postfix/proto/mysql_table
@ -267,6 +267,12 @@
 #	"not found".
 # .sp
 #	This parameter is available with Postfix 3.2 and later.
 # TLS-RELATED SETTINGS
 # .ad
 # .fi
 #	See https://dev.mysql.com/doc/c-api/en/mysql-options.html
 #	or https://mariadb.com/kb/en/mysql_optionsv/ for details of
 #	the underlying MYSQL_OPT_SSL_* features.
 # .IP "\fBtls_cert_file\fR"
 #	File containing client's X509 certificate.
 # .sp
@ -276,7 +282,7 @@
 # .sp
 #	This parameter is available with Postfix 2.11 and later.
 # .IP "\fBtls_CAfile\fR"
-#	File containing certificates for all of the X509 Certification
+#	File containing X509 certificates for all of the Certification
 #	Authorities the client will recognize.  Takes precedence over
 #	\fBtls_CApath\fR.
 # .sp
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -1194,7 +1194,8 @@ by an RFC 3463 enhanced status code. </dd>
 <dt><b>$rbl_domain</b></dt>
-<dd>The RBL domain where $rbl_what is denylisted. </dd>
+<dd>The RBL domain (without any <i>=address-filter</i>) where
 $rbl_what is denylisted. </dd>
 <dt><b>$rbl_reason</b></dt>
@ -3588,7 +3589,10 @@ The default time unit is s (seconds).  </p>
 <p>
 Optional lookup tables with RBL or RHSBL response templates. The
 table search key is the reject_rbl_* or reject_rhsbl_* argument,
-including any optional "<i>=address-pattern</i>" filter. </p>
+including any optional "<i>=address-filter</i>".  With Postfix 3.10
 and later, if the result is "not found" and the search key has the
 form <i>domain=address-filter</i>, then rbl_reply_maps will also
 search with the <i>domain</i>. </p>
 <p> By default, Postfix uses the
 template as specified with the default_rbl_reply configuration
@ -3612,20 +3616,26 @@ syntax.
    # variables.
    <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11]
        554 $rbl_class $rbl_what blocked using ZEN - see https://www.spamhaus.org/query/ip/$client_address for details
 </pre>
 <pre>
    # Postfix &ge; 3.10: if a search key <i>domain=address-filter</i>
    # is not found, then rbl_reply_maps will also search with the
    # <i>domain</i>.
    <i>secret</i>.zen.dq.spamhaus.net
        554 $rbl_class $rbl_what blocked using ZEN - see https://www.spamhaus.org/query/ip/$client_address for details 
 </pre>
 <p>
 NOTE: This feature differs from postscreen_dnsbl_reply_map where
-the table search key is a domain name (no "<i>=address</i>" filter,
+the table search key is only a domain name (no "<i>=address-filter</i>",
-no "<i>*weight</i>" factor) and where the lookup result should be
+no "<i>*weight</i>" factor) and where the lookup result
-a domain name (no free text, no <i>$name</i> variables).
+should be only a domain name (no free text, no <i>$name</i> variables).
 </p>
 <p>
 This feature is available in Postfix 2.0 and later.
-The "=address-pattern" filter is available in Postfix 2.8 and later.
+The "=address-filter" feature is available in Postfix 2.8 and later.
 </p>
 %PARAM receive_override_options 
@ -15451,7 +15461,7 @@ the file is read). </p>
 <p> NOTE: This feature differs from the Postfix SMTP server's
 rbl_reply_maps feature, where 1) the table search key includes the
-optional "<i>=address</i>" filter, and where 2) the lookup result
+optional "<i>=address-filter</i>", and where 2) the lookup result
 contains free text with <i>$name</i> variables. </p>
 <p> This feature is available in Postfix 2.8.  </p>
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@ -1606,3 +1606,7 @@ GTEST
 javascript
 SMFI
 RHSBL
 Ajamian
 groff
 MariaDB
 Fuhrer
--- a/postfix/proto/stop.spell-cc
+++ b/postfix/proto/stop.spell-cc
@ -1840,3 +1840,4 @@ fhHoqvx
 foqvx
 ILP
 xxfi
 optionsv
--- a/postfix/src/global/dict_mysql.c
+++ b/postfix/src/global/dict_mysql.c
@ -119,6 +119,15 @@
 #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_VERIFY_SERVER_CERT
 #elif MYSQL_VERSION_ID >= 80000
 #define DICT_MYSQL_SSL_VERIFY_SERVER_CERT MYSQL_OPT_SSL_MODE
 #endif
 /*
  * MariaDB Connector/C 3.0.0 lists mysql_options() as deprecated and
  * recommends using mysql_optionsv() instead. Option names and semantics
  * have not changed.
  */
 #if defined(MARIADB_PACKAGE_VERSION_ID) && MARIADB_PACKAGE_VERSION_ID >= 30000
 #define mysql_options	mysql_optionsv
 #endif
 /* need some structs to help organize things */
@ -598,12 +607,27 @@ static void plmysql_connect_single(DICT_MYSQL *dict_mysql, HOST *host)
 	mysql_options(host->db, MYSQL_READ_DEFAULT_FILE, dict_mysql->option_file);
    if (dict_mysql->option_group && dict_mysql->option_group[0])
 	mysql_options(host->db, MYSQL_READ_DEFAULT_GROUP, dict_mysql->option_group);
 #if MYSQL_VERSION_ID >= 80035
    /* Preferred API. */
    if (dict_mysql->tls_key_file)
 	mysql_options(host->db, MYSQL_OPT_SSL_KEY, dict_mysql->tls_key_file);
    if (dict_mysql->tls_cert_file)
 	mysql_options(host->db, MYSQL_OPT_SSL_CERT, dict_mysql->tls_cert_file);
    if (dict_mysql->tls_CAfile)
 	mysql_options(host->db, MYSQL_OPT_SSL_CA, dict_mysql->tls_CAfile);
    if (dict_mysql->tls_CApath)
 	mysql_options(host->db, MYSQL_OPT_SSL_CAPATH, dict_mysql->tls_CApath);
    if (dict_mysql->tls_ciphers)
 	mysql_options(host->db, MYSQL_OPT_SSL_CIPHER, dict_mysql->tls_ciphers);
 #else
    /* Deprecated API. */
    if (dict_mysql->tls_key_file || dict_mysql->tls_cert_file ||
 	dict_mysql->tls_CAfile || dict_mysql->tls_CApath || dict_mysql->tls_ciphers)
 	mysql_ssl_set(host->db,
 		      dict_mysql->tls_key_file, dict_mysql->tls_cert_file,
 		      dict_mysql->tls_CAfile, dict_mysql->tls_CApath,
 		      dict_mysql->tls_ciphers);
 #endif
 #if defined(DICT_MYSQL_SSL_VERIFY_SERVER_CERT)
    if (dict_mysql->tls_verify_cert != -1)
 	mysql_options(host->db, DICT_MYSQL_SSL_VERIFY_SERVER_CERT,
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20240622"
+#define MAIL_RELEASE_DATE	"20240722"
 #define MAIL_VERSION_NUMBER	"3.10"
 #ifdef SNAPSHOT
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@ -3570,15 +3570,21 @@ static int rbl_reject_reply(SMTPD_STATE *state, const SMTPD_RBL_STATE *rbl,
    /*
     * Use the server-specific reply template or use the default one.
     */
    rbl_exp.domain = mystrdup(rbl_domain);
    (void) split_at(rbl_exp.domain, '=');
    if (*var_rbl_reply_maps) {
 	template = maps_find(rbl_reply_maps, rbl_domain, DICT_FLAG_NONE);
-	if (rbl_reply_maps->error)
+	if (template == 0 && rbl_reply_maps->error == 0
 	    && strcmp(rbl_domain, rbl_exp.domain) != 0)
 	    template = maps_find(rbl_reply_maps, rbl_exp.domain,
 				 DICT_FLAG_NONE);
 	if (template == 0 && rbl_reply_maps->error != 0) {
 	    myfree(rbl_exp.domain);
 	    reject_server_error(state);
 	}
    }
    why = vstring_alloc(100);
    rbl_exp.state = state;
    rbl_exp.domain = mystrdup(rbl_domain);
    (void) split_at(rbl_exp.domain, '=');
    rbl_exp.what = what;
    rbl_exp.class = reply_class;
    rbl_exp.txt = (rbl->txt == 0 ? "" : rbl->txt);
--- a/postfix/src/smtpd/smtpd_check_access
+++ b/postfix/src/smtpd/smtpd_check_access
@ -41,6 +41,10 @@ blackholes.mail-abuse.org	$rbl_code client=$client
 rbl_code=$rbl_code rbl_domain=$rbl_domain rbl_txt=$rbl_txt rbl_what=$rbl_what
 rbl_class=$rbl_class
 dnsbltest.porcupine.org=127.0.0.3	 $rbl_code service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain=127.0.0.3 ${rbl_reason?; $rbl_reason}
 dnsbltest.porcupine.org	 $rbl_code SERVICE UNAVAILABLE; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
 rhsbl.porcupine.org	$rbl_code client=$client
 client_address=$client_address
 client_name=$client_name helo_name=$helo_name 
--- a/postfix/src/smtpd/smtpd_check_backup.ref
+++ b/postfix/src/smtpd/smtpd_check_backup.ref
@ -17,7 +17,7 @@ OK
 >>> recipient_restrictions permit_mx_backup,reject
 OK
 >>> rcpt wietse@wzv.porcupine.org
-./smtpd_check: warning: support for restriction "permit_mx_backup" will be removed from Postfix; instead, use "relay_domains"
+./smtpd_check: warning: support for restriction "permit_mx_backup" will be removed from Postfix; instead, specify "relay_domains"
 OK
 >>> rcpt wietse@backup.porcupine.org
 OK
--- a/postfix/src/smtpd/smtpd_deprecated.ref
+++ b/postfix/src/smtpd/smtpd_deprecated.ref
@ -10,7 +10,7 @@ OK
 >>> mail sname@sdomain.example
 OK
 >>> rcpt rname@rdomain.example
-./smtpd_check: warning: restriction permit_naked_ip_address has been removed in Postfix 3.9; use permit_mynetworks or permit_sasl_authenticated instead
+./smtpd_check: warning: support for restriction "permit_naked_ip_address" has been removed in Postfix 3.9; instead, specify "permit_mynetworks" or "permit_sasl_authenticated"
 ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
 451 4.3.5 Server configuration error
 >>> #
@ -27,7 +27,7 @@ OK
 >>> mail sname@sdomain.example
 OK
 >>> rcpt rname@rdomain.example
-./smtpd_check: warning: support for restriction "check_relay_domains" has been removed in Postfix 3.9; use "reject_unauth_destination" instead
+./smtpd_check: warning: support for restriction "check_relay_domains" has been removed in Postfix 3.9; instead, specify "reject_unauth_destination"
 ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
 451 4.3.5 Server configuration error
 >>> #
--- a/postfix/src/smtpd/smtpd_exp.in
+++ b/postfix/src/smtpd/smtpd_exp.in
@ -29,6 +29,9 @@ client foo 127.0.0.2
 rcpt rname@rdomain
 client foo 127.0.0.1
 rcpt rname@rdomain
 recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org=127.0.0.3
 client foo 127.0.0.3
 rcpt rname@rdomain
 #
 # RHSBL sender domain name
 #
@ -60,3 +63,15 @@ recipient_restrictions reject_rhsbl_helo,rhsbl.porcupine.org
 helo example.tld
 mail sname@sdomain
 rcpt rname@rdomain
 #
 # rbl_reply_maps lookup error
 #
 smtpd_delay_reject 0
 mynetworks 127.0.0.0/8,168.100.3.0/28
 relay_domains porcupine.org
 rbl_reply_maps fail:1_rbl_reply_maps
 helo foobar
 mail sname@sdomain
 recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
 client foo 127.0.0.2
 rcpt rname@rdomain
--- a/postfix/src/smtpd/smtpd_exp.ref
+++ b/postfix/src/smtpd/smtpd_exp.ref
@ -25,13 +25,13 @@ OK
 >>> client spike.porcupine.org 168.100.3.2
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
+./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; instead, specify "reject_rbl_client domain-name"
 ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
 451 4.3.5 Server configuration error
 >>> client foo 127.0.0.2
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
+./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; instead, specify "reject_rbl_client domain-name"
 ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
 451 4.3.5 Server configuration error
 >>> #
@ -44,19 +44,26 @@ OK
 >>> client foo 127.0.0.2
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 SERVICE UNAVAILABLE; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
-554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
+554 5.7.1 SERVICE UNAVAILABLE; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
 >>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org=127.0.0.2
 OK
 >>> client foo 127.0.0.2
 OK
 >>> rcpt rname@rdomain
-./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 SERVICE UNAVAILABLE; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
-554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
+554 5.7.1 SERVICE UNAVAILABLE; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
 >>> client foo 127.0.0.1
 OK
 >>> rcpt rname@rdomain
 OK
 >>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org=127.0.0.3
 OK
 >>> client foo 127.0.0.3
 OK
 >>> rcpt rname@rdomain
 ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.3]: 554 5.7.1 service unavailable; Client host [127.0.0.3] blocked using dnsbltest.porcupine.org=127.0.0.3 ; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
 554 5.7.1 service unavailable; Client host [127.0.0.3] blocked using dnsbltest.porcupine.org=127.0.0.3 ; DNS blocklist test
 >>> #
 >>> # RHSBL sender domain name
 >>> #
@ -111,3 +118,26 @@ OK
 >>> rcpt rname@rdomain
 ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=example.tld  sender=sname@sdomain sender_name=sname  sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
 554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=example.tld  sender=sname@sdomain sender_name=sname  sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command
 >>> #
 >>> # rbl_reply_maps lookup error
 >>> #
 >>> smtpd_delay_reject 0
 OK
 >>> mynetworks 127.0.0.0/8,168.100.3.0/28
 OK
 >>> relay_domains porcupine.org
 OK
 >>> rbl_reply_maps fail:1_rbl_reply_maps
 OK
 >>> helo foobar
 OK
 >>> mail sname@sdomain
 OK
 >>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
 OK
 >>> client foo 127.0.0.2
 OK
 >>> rcpt rname@rdomain
 ./smtpd_check: warning: fail:1_rbl_reply_maps lookup error for "dnsbltest.porcupine.org"
 ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
 451 4.3.5 Server configuration error